d825706f6385197d29747fb58aa23bebb189052452f0e2c96a6e83f4927d935b

Analysis

max time kernel
46s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/03/2025, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.1.6/Microsoft.Web.WebView2.Core.dll
Size

557KB
MD5

b037ca44fd19b8eedb6d5b9de3e48469
SHA1

1f328389c62cf673b3de97e1869c139d2543494e
SHA256

11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
SHA512

fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
SSDEEP

12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv

Score

8^/10

discovery execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
2988	powershell.exe
2988	powershell.exe

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
179	raw.githubusercontent.com
180	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmpshare.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}"	wmplayer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2544	chrome.exe
2544	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe
Token: SeShutdownPrivilege	2544	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1444	wmplayer.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe
2544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2660	2544	chrome.exe	32
PID 2544 wrote to memory of 2660	2544	chrome.exe	32
PID 2544 wrote to memory of 2660	2544	chrome.exe	32
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 340	2544	chrome.exe	34
PID 2544 wrote to memory of 3008	2544	chrome.exe	35
PID 2544 wrote to memory of 3008	2544	chrome.exe	35
PID 2544 wrote to memory of 3008	2544	chrome.exe	35
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36
PID 2544 wrote to memory of 2168	2544	chrome.exe	36

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xeno-v1.1.6\Microsoft.Web.WebView2.Core.dll,#1
1⤵
PID:2244

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:1444
- C:\Program Files (x86)\Windows Media Player\wmpshare.exe
  "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65a9758,0x7fef65a9768,0x7fef65a9778
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:2
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1368 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:2
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2976 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3616 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3600 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3624 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3180 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2480 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3112 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2304 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4156 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3780 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4280 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4752 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4144 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4600 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi"
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1120 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4924 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4920 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4600 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1348,i,11976264331221432030,16625227692439907496,131072 /prefetch:8
  2⤵
  PID:1956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1484

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:2408
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9938E1815127CE3C03D5F4B65FD9A4AA C
  2⤵
  PID:1816
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2988

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2604

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003BC" "00000000000005DC"
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk

Filesize
1KB

MD5
9022d05e61f28509e82893d9f28d8db5

SHA1
fbc45c9f38350d60b4edf0adcad1be190417b78d

SHA256
ba3dba8ab0e012cf4c9151ec10948d62ec1219038ff981984b6018ca88537e03

SHA512
eb4edb56343676a4b86d6255ac7c0193b2366ae020c5f1aaa3a48a022109a26a67cbef2554fc7d1ac442cab0e066cee4390615f3c79744a2e69efa3c48b135f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8db654e95ef699af9ffd8cde4b962229

SHA1
e365f8cab92c4f5a0d765f4accfb07339ab5ad88

SHA256
97af7f097a8ed3352aebdf24f23c436a67b9f97ce33e3c81c0f8633acd87878d

SHA512
61d7e604ba7d3476cd1cd9faf1ff3cbd73078c4cc2c7e95d84c46cb96f6fffcdd2a4669fbf51841342d0a21550799eda72f2704d82dd80a32ad33c1bdb760ef1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e09e44145c610153d691d75f93bc07d

SHA1
bc51d0d0970c361482f809718a7c109615edda91

SHA256
7676a5388a4781976d0c95e3972fdf1b8974c3da97d3f98ec6765d589ed6a9c9

SHA512
0326b1df44de317559ee741670475181610c1426bf550d972bd55e0e8b78d3c756c96eac6484be913f7962732c1b7dfe492aadc78fb6622c5b02aff600789e8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e7175239521a1621d940cab4f9e4a34

SHA1
210737da2ee4a27fe66cf4f70901d5ff816eba8a

SHA256
ce57ee9f661c40c75ad104c482daf890c0d2202fe59c8a394602e20a23054743

SHA512
423c157e1e3e0af51dd3d7ddfb1e7d019696484c0585a7ae3e6a8f5665f3c57e3d7de007c03feefdd74fce416a020c0ac339a0934b0aab6ababdbddca3d466a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cc0567b42f6bfed95a80da3b42788e2

SHA1
1705af86aadeb7193294ee290fead329208dfa76

SHA256
4d51b1496f36b896139b4fe98c309aed5e9d6b89cc114bdac05a7a534baa91df

SHA512
d8ba0fa15fd7294cef0c8da186333fa924cae67c5eaedbae5d643a0a3fa7f574aa445af47caa89a2777da308cecbc53638724804fd439eaf3239a6cc94841905

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db5131557246a11c189fc5623d890a08

SHA1
53b1bf8e46eb460294d43f709d8a31b0dc1bdcd8

SHA256
70fda09f8ba393a51dacdac5df8e304177b2a9ed7aa83f1ab44971e1c846957e

SHA512
2d44ff865bfb0807b4f8d45a75b0642d42ba48d21aeab680571c611ec8ae7adb0af6d9246a1d2d551fb92d295b6bd9df03074478321a14d5ebe6c79dd47f3d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
041f893133f4bd53a95e44c8e2f601c5

SHA1
ef46ec1a5d38751408c18774bc86640023359286

SHA256
acba450c699f66529e9dd1c6f9a9d2ed9e2bd2d5244385b960f7e03b06e15c37

SHA512
236c8ae34f4b9bb65bf0faab6e65637649257f746b26fdf8731da550ca4dd7fb65cbe207b2bd655a38c632877f9d6111865b02b29de27b78bbb53f0ae57008a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67351be3ec3c5bb44342180e2b478693

SHA1
20f67003ac3a8478503bafbd95502871b1d22c01

SHA256
c25d1ce736884b842652955c32c233f78f68d5851bb1810e2f03db6736b55b18

SHA512
22df4aad1693f161ce6e80a292d4b0332a7ac01c7cf2c475c12cc4b42951e9f7e1fbddf3811bc6b2ee58bec760826d6ec052e90fad4bd0ee223b8465f8196342

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a22333968af6156a1f78bf9d8d2bbbd9

SHA1
d81febb032980d3625ae7710c0e360dd5cdca060

SHA256
710d307b302e0bb34b7a33ffc836f925ea5a1d6cbbbbd56104cb815b5dbc41d1

SHA512
af3c0a7a0e74d4972b0a7303630fc04e9f19b1cd487db1b318a177f73d27eff95d15ffe0e365a31afed380d0b062ab201aa3e3a408325e7f5d83652afffb7861

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbb163f2c1fd3c3e10d4e3e648c53f7f

SHA1
fc9e330e193e5f2bc40d372cdfafe1e63d0af520

SHA256
528305d0d4bc3c64e32cecfedd91874d86fa42026306bdc3a4bc045e99494a3a

SHA512
1e44f165a21a8dec2cd90b77ca2d6b44eb219a3c0ae35c0dfab423a91c08b612dc1a3911f789ed04a8cce0cbf0a69f50aa6bf3b4d13833c99a761b153706772d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb7df03e4711b51d0ba66351c78708f1

SHA1
493a0b881ee8bbbc5681c68ffdba94a58a4c553d

SHA256
4eddd0fff9c3cf255dc5e732a76aa44321412e924b0585fc5d4436412bdf28a5

SHA512
37c678809d4023c4f0154c6c92ce9830458e5e78a94f045172f43563f1e2591eb8ded0e3573a084eb343a24a97ecac424b103fea3f7da688e31fa72a4750f831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ec4aacc666e8256a8613934928157e3

SHA1
0feb76bb546c6af94650595de184638193bbe35b

SHA256
1961f853eb43be76c8d35afe217725257908ea6529e181f4788fa051be621430

SHA512
78318e6db3f27268cbd6f9b1775b7aff56bee9adaa973c13aae3bdacddc93178ea5316adbd1c58ad586edfa30ec5c282b2ce74236fb57fbac41fbff9df2e5d25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45e1b7c9d12668582dc2403979c1891c

SHA1
fb92b4860452cbd037cfeeaf571beda326e98aa2

SHA256
75fd78426d161b6df5edfe9cfd351598742a9ec0f1fa4e74d5b9b29fa90d7cbe

SHA512
350a870ffa9fdcef461baef8feeb090046542063a7e4fab6eadf2082c8f0034da0d14373fd2e4123bb6ac023ac3f1890b4060cef6febbad0844048545ab69be7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee4a8cdb5b3c3e0cfe1365a0271338cc

SHA1
044dfe00a18a9eb086b5cdc0b9a77956868f8fa6

SHA256
a926ae3c26479de9bb5f5deff397fd9732e70d66f72a7e8a79eb9f8792208888

SHA512
fef044917ac092ed140ea99cbdc78e3ff83983fa088ae20628bfe310983f8fa3174c08a73b719dd5d7abd85d5119a3a66b85d3cebf11682b0c65e9d713aa5f38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58d54d501124994fea3bd46311570d26

SHA1
6cad20beb9005e4a97706e05dfaac206d172c631

SHA256
247d8826ae6a2df4b9b2e1e8d5d65c8bed1b1ee548fe2516c5c2c5e6977c65f0

SHA512
17f87255444b49a0fdf593d45855c8f94f40983aabb12dff5382482731d0ccd20f2e2ebb4052db59a6c82b5aac9cda4e957eabdab599f96f4b720f39f29f2fdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51540d5569514ddfd88d1a646815ecd1

SHA1
faec6b8c8c7514c49dc51386dd628a7dfc6c0ced

SHA256
9168c4a627d120d516a60cd9809b361fa6bc68eeafe5a5ea46d26a16fd69909d

SHA512
5a66fc2d956cbcfbf8ea8e63229439908e8738c7a2c6e378a23bfcf6a6c153677d4f62ee4c2997594eae03619aa3b2e445dea2368315af5877126e4d69ee88a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd6bdbf848455c4f613d128f31c33039

SHA1
6d267974507764824071059840dfdd09d86ed9ee

SHA256
7094fb505066770b5a5d26b02e9748b2318c2b319ecb51a0979fdca22a5513ab

SHA512
65b69178d400d194b75c9bce5c05a6ec38b3d938e67fd0407f4cd7baeb04d9cd1efc5165b4bf93c61987264d025943dc8649557306cab96a6735cdecdf7d45b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b919447ccfd5730c19064ae9ca16d34

SHA1
91bb60a8ef139fb36c3c21c0a62c253cbe29a73e

SHA256
4d624e01994e18d0d02e9eadb2332baf99462d740236c22c50b2f30aad2e1a1d

SHA512
1039868dd2103752ac4136fb8d55870d844525a7ab48872baa0f8ca2736829fbb2b4d75303c520a369c4133ff1805e3ebc210b2b1129b32282c3ae3832e84abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb7eb51994a4dc2971cb4256326ef6f2

SHA1
e40e997bf2740b32153abc63f144c55641c26711

SHA256
8228f56ff8fcb928bf9841fbe15c826acc207a5e63fa3e7e797027c21b8c90b6

SHA512
719602ea1ea9cd20a67b2cd678c1fa42bc7d184e4fe8bb75169e8236c4a123e7ad13b4fc9441bc7c2cd83aae351826e30d74ee5dfe24b0d543d673bee3faf443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1e516930-b940-441d-a78f-f9779ee1f058.tmp

Filesize
6KB

MD5
8630265f213e09114236d37b252da300

SHA1
2da5501bbdae79db43a8d9404868925eaca1eae2

SHA256
d0904751a0aca77817c8603996ec447274f277af283100a93f4410ca2b1b9325

SHA512
92a796805887f61aa68eb1a0b5c0583bd41f2e6c9bbcffe4e9a5580da1789105911a779a3a98d60bdc2235dc944b4e3115f4f6072e620c8a527c494dfe9000b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\612e17de-a07a-4f75-9f5a-b13bc229d46b.tmp

Filesize
7KB

MD5
35995c018a482a82607370dd6fa42e3e

SHA1
ceda2c78ad6655589d00168d967fc5f75fc9e8f0

SHA256
6335c79e04a0929219f9ab0fd1eade3e17f5a22946a813656f028f733457e5bb

SHA512
20bf31cebad8023795fed09c30fc90a1e32e63a4891d4941c5d3f85d44387020672937e1ff1920125011dd3b63043b4367c51eef096c49edac20003b98e7fc15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
51KB

MD5
501d437b9047d37aaf73792f214ef6ce

SHA1
cf47e50bddc85d452702a3992785de5d03fc4328

SHA256
a164185575ecc3e1264eef5d61f5fc6908fdf5989870f43aaf0a9d649d84da0c

SHA512
23cc7bbaf4a61be615737675ca0520416c825d612fc59b2158283a38cea877203b22670f4051f46c01f83265cd5de559ff5ab273557b79998ab09a378f9b6868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
85KB

MD5
f740d0f8c163c8cd37a8b0d80e2ba78e

SHA1
94c97fc02d693d87bf8d5a70ce200110d54dfc98

SHA256
5c33896c3acd69476a96fb2e8c8b1713be10747710ab1408de53eda9e532976e

SHA512
5a67ee500d62d9784c442854351dfb2d43a044109805555c7ec804d1e79ec7d5b6b3591af8c297826a6104e0baae320e11b2c4e0407bf501de179f13aa20e427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
32KB

MD5
f83e57fa27e359fd7c121bbe161cf239

SHA1
9fbb6e1c94ac072d9da4003fa01815e3d9977c0e

SHA256
5fa6b2a5ee2c7952709ebdc0e1008e6bce10dabcef4417f43e64d5fb7aa3d873

SHA512
133de134402a3e4ff22c31a7629023fb1e5db3f2f8eaaf4908db92c96ea331548d7c8f884debddff5fbeddc5f9c53243bbc608a4544727d6ecb514776e8dbd33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
144KB

MD5
afd63633e355ec350c69a15ac0d562d0

SHA1
c1e5989b97ec9707e9b0cfdd1ff257d13d2c8185

SHA256
1d7e6a4a0595311b5dc41e9b7f33073871f3c9044726f212b3a2ff0dd7a2f70d

SHA512
6c9699419605de65b75519c6709debedae18dadf56d4cb61e349b67334f685ae01d7f5546fecc7fe886c464f6d3b765a329c1ddd12955402366857a3fa2502d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
139KB

MD5
c5715d9c7f3f8aed87ae1214e718c9c4

SHA1
6c958c119a1c082fb342e16e627b2d91c58d824a

SHA256
38d2bce05ed332f66b7145c1cc499889c48232fbcf9c967f0a0c72f9e904bec4

SHA512
0b8d1260fc0c4727f90baa633eb6f114c12e63ee470353b001c4fcfb0b233371c8515bd95741db959b91cb250bbc3ee10ba11d22cac0df654d64b03efb27ff29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
33KB

MD5
370042958aa9678d1ce293c1e3871966

SHA1
4212fe17f3bf58e8c3ee8afa5e6e83901339f212

SHA256
c173543d8906bf30cb8387843052828e0690f9e9265f10279ef0c3f93dad674c

SHA512
f1f0ea26c32fc42752a3022a21fb013b16065df19af166aecc617280c9da27ee7979613355e27786639e0b488c130aca3c3afeec96f6b154def6124e2dab2271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
85KB

MD5
274b26f1f6202a90101cba368ef8a07c

SHA1
2df5469f76aacec0c8b711f698466301d1bef1c5

SHA256
54b23c0a56aeb5090c8299e5d4b4a6a241f7884318563b86bbafd79da06dff29

SHA512
b9f65f12f6889ac644dee2da66c56b1a30dbeff8e109ade1df268858027e553e65ce610ab77f0c51a22fb598be1e32d5725fb1406c9aef614231f72d1ee13d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
20KB

MD5
47356bcbaf8d7b047ab22ee0493c94ac

SHA1
7b8e0e61000d5cc7aba1f97bf442cc69c4970841

SHA256
b75055cdd20938daa0b443c05a00e4aa585d4a278c94321066a7a014776aac4f

SHA512
d3493db3baec0baca281e4473c609139d8b79ee5fe7f3d8c7bc8ac3459b4b374342a77288acbbf109544d090a7fde7f68cedaa50c5ac959baa9854df21d6eaa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
2016c541aa353750831e4769bb134f3f

SHA1
e3fd864443442fa67ccd1a59fdcbdc729573cb1f

SHA256
316acefcdfd4dd402a9fa028eadc5dafc0ea0d533ac0c6f774cd4a4f56c0b34b

SHA512
afbc6f8c1304e5739c7342344069174045cd4bbddbd237f00561268e332fdd618a7626fad5aaac5bfa1ef2aad8ad04e7b2cb3f7fd8f00a7227fac596db617fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e32652aa27b4542bb741d7c9a93b76bf

SHA1
1db7b35e53dbd1b66fc817c896f8982a86c129f8

SHA256
3939d6724aba0933d1046547bee486fa2faaf96149b0fc8fc1eac00297a65784

SHA512
5a8d8770aec6eb9ff4cd86d20f3638c8c2119b488caf93cdfedfe927dd0d07c45f45845f1a18c54d362a497923f8596c0d617451eb0c4d4b7c9a9ba5b81588af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
1dde0f7da3961c1832c8d36897e65cd8

SHA1
787b6cd07baa79a130c28077e200ff1acb43e32c

SHA256
9ceedffae3b771804c250063b9e9ef8a4165ecbff89eda31840dd6e552b283ab

SHA512
76fd252a7f188f3b2bd1f7a0b47ed7ca66c5fc4e4b43d89bf2b30a09d4f5f2acf4b28a3d5a32dca8463ac8b24218f5a8ac2c6bc1f9be5875cd6edc61b40b2fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
767961e443bb8ca850dd471907b67276

SHA1
5c5b458fa2a2dcafbb29742369feda9fbfc0a61b

SHA256
bab211f8891637658ae0810f4a9ea629be479125d30bf5786b6e836b44424f30

SHA512
1ea239d8bd1df00827fd03ede75eed8b32109bd9117d03ed5fee3af4421f503cfa069c7dea2279d4ad4e150777bbe753d4875ed75562513d5e507a8f13a3d7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
46dfd34c97cfb60a5976ce0672a72512

SHA1
218ad49202d30e10946075396920b1b47a6d2211

SHA256
4edb765beb5a0b7b5fb1e60c823fe49d08eb5cdff80ce13f8df5dd66ecbfd2aa

SHA512
9cc04ef70d2fc8200cd68dd86dc10e67cdf461a3603e62e391d301edbf3c462d9c68804a756ae3dfffc0e77130e563edd687853ecb65d9eb905514f36754ce98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f1dae6dcc5a4754d181dc12fb1b327b

SHA1
04763d7276b35ef1a1f5dc61e16e858323e851e5

SHA256
56335b46ef5724087ba257660bf44f001cc24e3409c3ffa92f7230ed54dde7f2

SHA512
229894c16448b04e7b6aae33985b129c8066da64a4a1fe1cd897771bfae21da111c33c8f2af0a446a8bf09ab6435ed478367c5269030d7b92c10a66ba8cf2ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a03b13cb2513cc88a2f096b846f871f9

SHA1
3c431dd40795d5f79b0c8ba8de48cb57423fd4ef

SHA256
9349bff21cd150358f82db4c25c59ac050c78398ed66bb2b1df0f2132c682282

SHA512
1156d134d02ce6dcc26cfb4b13287a5ac02f3f3c93368e77b11d2b53361cf7cdb5925dde7e8f9ec338cd01c4cfffd86f65bd87d64a9df763dd56476aa12b58d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf785a21.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
351KB

MD5
d3b5552437cdfc942eb00fe788a47a31

SHA1
a3031f40c810536be3c06026d4f7c6419c48510e

SHA256
28cb78b7121d5aaf4f1c207d57489b61e3ee9e93842c396a4a5ccfb3cbe9ad93

SHA512
a085527cc6f7fc320fc2dd3688efca66327175513101c27edab86c172e5bbaafedb6f048a0b57dfc2a047a5408f6aa82d156d9c6681938e0bf128fe00297714b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
72KB

MD5
ef8528ebc07e53df505f9ef000b0ebf2

SHA1
d32e37dd67df31322f9ca46fdcf6cd5d999d5d04

SHA256
9ac9a4266974ff6a68f283b459b501535def2eaa99ebcaf439ed80c4538f5e68

SHA512
adfbbf3dfb42fbdd34e51acabbdf773fa4853992c43fc76dbd3cf359cca854ac501d336574eb371c72beebc8af1c01914d0060b397bca6f3a45eac22a06d90f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{658E276C-EEDC-438C-A67A-1074DDD35D5D}.jpg

Filesize
23KB

MD5
fd5fd28e41676618aac733b243ad54db

SHA1
b2d69ad6a2e22c30ef1806ac4f990790c3b44763

SHA256
a26544648ef8ceffad6c789a3677031be3c515918627d7c8f8e0587d3033c431

SHA512
4c32623796679be7066b719f231d08d24341784ecfd5d6461e8140379f5b394216e446865df56e05b5f1e36962c9d34d2b5041275366aeabcd606f4536217fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{73BA9378-5946-4A3A-8346-AEA19B8B8E8E}.jpg

Filesize
22KB

MD5
35e787587cd3fa8ed360036c9fca3df2

SHA1
84c76a25c6fe336f6559c033917a4c327279886d

SHA256
98c49a68ee578e10947209ebc17c0ad188ed39c7d0c91a2b505f317259c0c9b2

SHA512
aeec3eed5a52670f4cc35935005bb04bb435964a1975e489b8e101adfbce278142fd1a6c475860b7ccb414afe5e24613361a66d92f457937de9b21a7a112e1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F9F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIAC94.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5FB2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar61A6.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 390439.crdownload

Filesize
6.3MB

MD5
90fe4ea1323d1b17c90efdc69fa13cf5

SHA1
b92333fd238d9bcf80cfd170251c0ed05ae5edc6

SHA256
0d411f1b891ca8240ee7fb73adcf4c0dff02869b043be19b57a4f5b0257bac32

SHA512
5437c5bbaef5b9b0a785fa6de5489ea5a9e778973840e899544ead2db1c75f876895b63ce2634dd39c4085b959136811ecd7c954b60beee28251c156cd9b45e5

Download Submit
C:\Users\Admin\Downloads\ZoraraInstaller.zip.crdownload

Filesize
6.3MB

MD5
8b10a8298f40b87ae236d92acdcf8708

SHA1
7a97724c1c24a915cc5da1dd33d8157bdee39bb0

SHA256
f3d521d5805c02e3489d05fffcf2559160b37c80c9274c66a5488ce213f3fdd9

SHA512
6ce5e72f22ae31f5b384004874af931e52d45ffcf08ce9bb6b03794ae5b700bb9bbf8663a9418f811c353254644228fb3280564022fed60a2864236a8fbff46a

Download Submit
\Program Files\jjsploit\jjsploit.exe

Filesize
17.1MB

MD5
383ef1f70f833f175c588cab85110fda

SHA1
4b5780d1bd89efb409b15065874877b1424c31ea

SHA256
2c349879607ff4788b904cac39a1593d676b04eb4fe783f02bc1418d8c05e1f8

SHA512
19671ecfaf42f5207c3683f881f91e262ed3f0e5a994b6aaf25f1c9a22e29658c9faf5b21f32f64ae430eeb05ab9fa8dd150fae196db6ff949157bc61768726f

Download Submit
memory/1444-143-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/1444-2-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2988-2140-0x00000000020C0000-0x00000000020C8000-memory.dmp

Filesize
32KB

Download
memory/2988-2139-0x000000001B690000-0x000000001B972000-memory.dmp

Filesize
2.9MB

Download