c70f0597c3f2fc5be12b58f9e8c297b09de1f477158b9de398f2068269f9056e

Analysis

max time kernel
360s
max time network
354s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jjsploit_8.14.1_x64_en-US.msi
Size

6.2MB
MD5

900a51240149c0317a1a71738f6cecbd
SHA1

a207e7cac1d2062a5951cee7a4589ba52785e75b
SHA256

c70f0597c3f2fc5be12b58f9e8c297b09de1f477158b9de398f2068269f9056e
SHA512

b4db879d590d112a47bd0a7febd2af1c15ff8767daab1d64c202dc081bebce77840badec78f871da182154610cb068a4a52a9dbaac6fd4912580ab55623d6826
SSDEEP

196608:tq0rJzreOolU7OITI/ctdw6cFzGZGveapRQ8+qjvo:t3rJklU5TI/ctd9cRCGWC7++o

Score

6^/10

defense_evasion discovery persistence privilege_escalation spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file 8 IoCs

flow	pid	Process
495	2028	jjsploit.exe
508	2028	jjsploit.exe
511	2028	jjsploit.exe
676	3016	firefox.exe
830	5012	RobloxPlayerLauncher.exe
830	5012	RobloxPlayerLauncher.exe
490	2028	jjsploit.exe
492	2028	jjsploit.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Desktop\desktop.ini	msiexec.exe
File opened for modification	C:\Program Files\jjsploit\desktop.ini	msiexec.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\desktop.ini	msiexec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
508	raw.githubusercontent.com
511	raw.githubusercontent.com
461	discord.com
462	discord.com
489	raw.githubusercontent.com
490	raw.githubusercontent.com
492	raw.githubusercontent.com
495	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation	RobloxPlayerLauncher.exe

Suspicious use of NtCreateThreadExHideFromDebugger 5 IoCs

pid	Process
7944	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
7956	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AvatarEditorImages\Stretch\bar-full-mid.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\Debugger\Step-In.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\TagEditor\trianglesmall.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\XboxController\ButtonX.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping8072_157097756\manifest.json	msedge.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetPreview\Rejected.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\JosefinSans-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\FaceControlsEditor\face_sideView.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\RoactStudioWidgets\button_radiobutton_chosen.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\SpeakerDark\Muted.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\families\Michroma.json	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxCrashHandler.exe	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\avatar\heads\headE.mesh	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\SpeakerLight\Connecting.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\button_zoom_default_right.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DeveloperInspector\Record.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\PlatformContent\pc\textures\water\normal_07.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\icons\ic-alert.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\icons\ic-pinpressed.png	RobloxPlayerInstaller.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6888_1831536206\_locales\zh_TW\messages.json	msedge.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\menu_shadow_side_right.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\MaterialFramework\Light\Material.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\DefaultController\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Settings\Radial\EmptyBottomLeft.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1907505392\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\fonts\families\PermanentMarker.json	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\icon_dark_warning.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\ic_launcher_vng_square_xxxhdpi.png	RobloxPlayerLauncher.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1907505392\hyph-ka.hyb	msedgewebview2.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\PlatformContent\pc\textures\water\normal_21.dds	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\SingleButtonDown.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\PlayStationController\Thumbstick2.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\category\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Settings\Help\UseToolGesture.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\icons\ic-notification.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\sky\cloudDetail3D.dds	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\LayeredClothingEditor\WorkspaceIcons\Center Camera to Mannequin.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Settings\MenuBarAssets\MenuSelection.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\Cursors\DragDetector\HoverCursor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\ScrollBarBottom.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AvatarEditorImages\Sliders\gr-slide-bar-empty.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\DeveloperFramework\Favorites\star_filled.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetPreview\rating_large.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaChatV2\actions_checkbox.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\CompositorDebugger\settings.png	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioUIEditor\icon_rotate2.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\models\DataModelPatch\DataModelPatch.rbxm	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\StudioToolbox\AssetConfig\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\ExtraContent\textures\ui\LuaApp\icons\ic-add-down.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\loading\robloxlogo.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\Controls\xboxA.png	RobloxPlayerLauncher.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\ui\VoiceChat\[email protected]	RobloxPlayerLauncher.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\content\textures\AnimationEditor\Button_Dopesheet_Lightmode.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\msvcp140_1.dll	RobloxPlayerInstaller.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIC6E2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9E34.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{56E5B68C-C73A-4497-A58C-793C236EF40B}	msiexec.exe
File created	C:\Windows\Installer\{56E5B68C-C73A-4497-A58C-793C236EF40B}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\e579d49.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{56E5B68C-C73A-4497-A58C-793C236EF40B}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e579d4b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\{56E5B68C-C73A-4497-A58C-793C236EF40B}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e579d49.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Executes dropped EXE 11 IoCs

pid	Process
2028	jjsploit.exe
2032	RobloxPlayerInstaller.exe
3940	jjsploit.exe
7944	RobloxPlayerBeta.exe
7500	jjsploit.exe
428	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5012	RobloxPlayerLauncher.exe
5200	RobloxPlayerLauncher.exe
7956	RobloxPlayerBeta.exe

Loads dropped DLL 21 IoCs

pid	Process
1980	MsiExec.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
3940	jjsploit.exe
3940	jjsploit.exe
3940	jjsploit.exe
7944	RobloxPlayerBeta.exe
7944	RobloxPlayerBeta.exe
7500	jjsploit.exe
7500	jjsploit.exe
7500	jjsploit.exe
428	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
7956	RobloxPlayerBeta.exe
7956	RobloxPlayerBeta.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks whether UAC is enabled 1 TTPs 5 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
5776	msiexec.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerLauncher.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b98a3556c1eab7170000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b98a35560000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b98a3556000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db98a3556000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b98a355600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 19 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerLauncher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Internet Explorer\TypedURLs	taskmgr.exe

Modifies data under HKEY_USERS 11 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879992246466814"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\RobloxStudioLauncherBeta.exe\" %1"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\roblox-player\DefaultIcon	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\ProductIcon = "C:\\Windows\\Installer\\{56E5B68C-C73A-4497-A58C-793C236EF40B}\\ProductIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	taskmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	taskmgr.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	taskmgr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	taskmgr.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX-STUDIO\DEFAULTICON	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C86B5E65A37C79445AC897C332E64FB0\Environment = "MainProgram"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	taskmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\ = "URL: Roblox Protocol"	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open\command\version = "version-5a6b6797f4e04078"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\ProductName = "jjsploit"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\roblox-player\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerLauncher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	taskmgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	taskmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\DefaultIcon	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	taskmgr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	taskmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\roblox-player\DefaultIcon\ = "C:\\Program Files (x86)\\Roblox\\Versions\\version-5a6b6797f4e04078\\RobloxPlayerBeta.exe"	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\roblox-player\shell\open	RobloxPlayerLauncher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\URL Protocol	RobloxPlayerInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0	taskmgr.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open	RobloxPlayerLauncher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\DefaultIcon	RobloxPlayerLauncher.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C86B5E65A37C79445AC897C332E64FB0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\SourceList\PackageName = "jjsploit_8.14.1_x64_en-US.msi"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C86B5E65A37C79445AC897C332E64FB0\Version = "135135233"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{8C5B6077-C5F4-42F4-B884-B1A04913C811}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command	RobloxPlayerInstaller.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	taskmgr.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX\DEFAULTICON	RobloxPlayerLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	taskmgr.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3232	msiexec.exe
3232	msiexec.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe
2028	jjsploit.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1244	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
5556	msedgewebview2.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6888	msedge.exe
6256	msedgewebview2.exe
6616	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5776	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5776	msiexec.exe
Token: SeSecurityPrivilege	3232	msiexec.exe
Token: SeCreateTokenPrivilege	5776	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5776	msiexec.exe
Token: SeLockMemoryPrivilege	5776	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5776	msiexec.exe
Token: SeMachineAccountPrivilege	5776	msiexec.exe
Token: SeTcbPrivilege	5776	msiexec.exe
Token: SeSecurityPrivilege	5776	msiexec.exe
Token: SeTakeOwnershipPrivilege	5776	msiexec.exe
Token: SeLoadDriverPrivilege	5776	msiexec.exe
Token: SeSystemProfilePrivilege	5776	msiexec.exe
Token: SeSystemtimePrivilege	5776	msiexec.exe
Token: SeProfSingleProcessPrivilege	5776	msiexec.exe
Token: SeIncBasePriorityPrivilege	5776	msiexec.exe
Token: SeCreatePagefilePrivilege	5776	msiexec.exe
Token: SeCreatePermanentPrivilege	5776	msiexec.exe
Token: SeBackupPrivilege	5776	msiexec.exe
Token: SeRestorePrivilege	5776	msiexec.exe
Token: SeShutdownPrivilege	5776	msiexec.exe
Token: SeDebugPrivilege	5776	msiexec.exe
Token: SeAuditPrivilege	5776	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5776	msiexec.exe
Token: SeChangeNotifyPrivilege	5776	msiexec.exe
Token: SeRemoteShutdownPrivilege	5776	msiexec.exe
Token: SeUndockPrivilege	5776	msiexec.exe
Token: SeSyncAgentPrivilege	5776	msiexec.exe
Token: SeEnableDelegationPrivilege	5776	msiexec.exe
Token: SeManageVolumePrivilege	5776	msiexec.exe
Token: SeImpersonatePrivilege	5776	msiexec.exe
Token: SeCreateGlobalPrivilege	5776	msiexec.exe
Token: SeCreateTokenPrivilege	5776	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5776	msiexec.exe
Token: SeLockMemoryPrivilege	5776	msiexec.exe
Token: SeIncreaseQuotaPrivilege	5776	msiexec.exe
Token: SeMachineAccountPrivilege	5776	msiexec.exe
Token: SeTcbPrivilege	5776	msiexec.exe
Token: SeSecurityPrivilege	5776	msiexec.exe
Token: SeTakeOwnershipPrivilege	5776	msiexec.exe
Token: SeLoadDriverPrivilege	5776	msiexec.exe
Token: SeSystemProfilePrivilege	5776	msiexec.exe
Token: SeSystemtimePrivilege	5776	msiexec.exe
Token: SeProfSingleProcessPrivilege	5776	msiexec.exe
Token: SeIncBasePriorityPrivilege	5776	msiexec.exe
Token: SeCreatePagefilePrivilege	5776	msiexec.exe
Token: SeCreatePermanentPrivilege	5776	msiexec.exe
Token: SeBackupPrivilege	5776	msiexec.exe
Token: SeRestorePrivilege	5776	msiexec.exe
Token: SeShutdownPrivilege	5776	msiexec.exe
Token: SeDebugPrivilege	5776	msiexec.exe
Token: SeAuditPrivilege	5776	msiexec.exe
Token: SeSystemEnvironmentPrivilege	5776	msiexec.exe
Token: SeChangeNotifyPrivilege	5776	msiexec.exe
Token: SeRemoteShutdownPrivilege	5776	msiexec.exe
Token: SeUndockPrivilege	5776	msiexec.exe
Token: SeSyncAgentPrivilege	5776	msiexec.exe
Token: SeEnableDelegationPrivilege	5776	msiexec.exe
Token: SeManageVolumePrivilege	5776	msiexec.exe
Token: SeImpersonatePrivilege	5776	msiexec.exe
Token: SeCreateGlobalPrivilege	5776	msiexec.exe
Token: SeCreateTokenPrivilege	5776	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	5776	msiexec.exe
Token: SeLockMemoryPrivilege	5776	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5776	msiexec.exe
5776	msiexec.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
5776	msiexec.exe
2028	jjsploit.exe
6888	msedge.exe
2028	jjsploit.exe
6888	msedge.exe
3016	firefox.exe
3016	firefox.exe
3940	jjsploit.exe
3940	jjsploit.exe
7500	jjsploit.exe
7500	jjsploit.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe
1244	taskmgr.exe

Suspicious use of UnmapMainImage 5 IoCs

pid	Process
7944	RobloxPlayerBeta.exe
428	RobloxPlayerBeta.exe
948	RobloxPlayerBeta.exe
5236	RobloxPlayerBeta.exe
7956	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3232 wrote to memory of 1980	3232	msiexec.exe	92
PID 3232 wrote to memory of 1980	3232	msiexec.exe	92
PID 3232 wrote to memory of 1980	3232	msiexec.exe	92
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 2284 wrote to memory of 3016	2284	firefox.exe	103
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 2540	3016	firefox.exe	104
PID 3016 wrote to memory of 5136	3016	firefox.exe	105
PID 3016 wrote to memory of 5136	3016	firefox.exe	105
PID 3016 wrote to memory of 5136	3016	firefox.exe	105
PID 3016 wrote to memory of 5136	3016	firefox.exe	105
PID 3016 wrote to memory of 5136	3016	firefox.exe	105

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\jjsploit_8.14.1_x64_en-US.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5776
- C:\Program Files\jjsploit\jjsploit.exe
  "C:\Program Files\jjsploit\jjsploit.exe"
  2⤵
  - Downloads MZ/PE file
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2028
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=2028.5956.8892732149322651962
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:5556
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffbfe16b078,0x7ffbfe16b084,0x7ffbfe16b090
      4⤵
      PID:4408
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1724,i,7875612259822196558,13276177339002349662,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1692 /prefetch:2
      4⤵
      PID:6208
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2024,i,7875612259822196558,13276177339002349662,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:3
      4⤵
      PID:6236
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1712,i,7875612259822196558,13276177339002349662,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:8
      4⤵
      PID:6344
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3636,i,7875612259822196558,13276177339002349662,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:1
      4⤵
      PID:6816
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4864,i,7875612259822196558,13276177339002349662,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:8
      4⤵
      PID:532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mboost.me/a/P?altId=GeTE8VAqVuRBqgM6
    3⤵
    PID:6804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://mboost.me/a/P?altId=GeTE8VAqVuRBqgM6
      4⤵
      Drops file in Program Files directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:6888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ffbfbd2f208,0x7ffbfbd2f214,0x7ffbfbd2f220
        5⤵
        
        PID:6840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:3
        5⤵
        
        PID:7152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:2
        5⤵
        
        PID:4048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2504,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:8
        5⤵
        
        PID:6176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:1
        5⤵
        
        PID:4504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
        5⤵
        
        PID:5096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4844,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:1
        5⤵
        
        PID:2240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5152,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:1
        5⤵
        
        PID:6808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4836,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:1
        5⤵
        
        PID:7764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4212,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
        5⤵
        
        PID:7884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:8
        5⤵
        
        PID:7892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6136,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:1
        5⤵
        
        PID:8136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
        5⤵
        
        PID:8168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6240,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:1
        5⤵
        
        PID:7312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:8
        5⤵
        
        PID:8072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:8
        5⤵
        
        PID:8092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=6508 /prefetch:8
        5⤵
        
        PID:6444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7160 /prefetch:8
        5⤵
        
        PID:7992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6808,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:1
        5⤵
        
        PID:7340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7332,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7312 /prefetch:1
        5⤵
        
        PID:7364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7500,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7316 /prefetch:8
        5⤵
        
        PID:4132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7464,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:7976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7700,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7648 /prefetch:1
        5⤵
        
        PID:7828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5628,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7748 /prefetch:1
        5⤵
        
        PID:4076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7760,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7820 /prefetch:1
        5⤵
        
        PID:7872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6236,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7596 /prefetch:1
        5⤵
        
        PID:7776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6292,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:1
        5⤵
        
        PID:7380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5696,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7824 /prefetch:1
        5⤵
        
        PID:1996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7780,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:8
        5⤵
        
        PID:5788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7376,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=8156 /prefetch:8
        5⤵
        
        PID:7656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7480,i,6394385591612489190,10751130354248293765,262144 --variations-seed-version --mojo-platform-channel-handle=7704 /prefetch:8
        5⤵
        
        PID:7644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Drops file in Program Files directory
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        
        PID:8072
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffbfbd2f208,0x7ffbfbd2f214,0x7ffbfbd2f220
        6⤵
        
        PID:5472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:3
        6⤵
        
        PID:7320
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
        6⤵
        
        PID:7828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2504,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=2764 /prefetch:8
        6⤵
        
        PID:7776
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4336,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
        6⤵
        
        PID:7720
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4336,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
        6⤵
        
        PID:6776
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4208,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
        6⤵
        
        PID:6624
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4704,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4664 /prefetch:8
        6⤵
        
        PID:2960
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4712,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
        6⤵
        
        PID:2720
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4720,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
        6⤵
        
        PID:5460
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
        6⤵
        
        PID:3988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4988,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4652 /prefetch:8
        6⤵
        
        PID:5292
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=764,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
        6⤵
        
        PID:4100
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4984,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8
        6⤵
        
        PID:7332
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5032,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:8
        6⤵
        
        PID:6876
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2840,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:8
        6⤵
        
        PID:5116
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3728,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:8
        6⤵
        
        PID:2984
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3700,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:8
        6⤵
        
        PID:3452
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3800,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
        6⤵
        
        PID:5928
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4400,i,7347416219599241378,9842960750587274699,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:8
        6⤵
        
        PID:436
- - C:\Program Files\jjsploit\jjsploit.exe
    "\\?\C:\Program Files\jjsploit\jjsploit.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of FindShellTrayWindow
    PID:3940
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=3940.6804.14231900840590959483
      4⤵
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:6256
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x160,0x164,0x168,0x13c,0x194,0x7ffbfe16b078,0x7ffbfe16b084,0x7ffbfe16b090
        5⤵
        
        PID:6224
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1884,i,7481533898710395336,2699091512197585152,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1880 /prefetch:2
        5⤵
        
        PID:4456
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1784,i,7481533898710395336,2699091512197585152,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
        5⤵
        
        PID:4716
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2368,i,7481533898710395336,2699091512197585152,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
        5⤵
        
        PID:7604
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3464,i,7481533898710395336,2699091512197585152,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
        5⤵
        
        PID:7532

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 98B7F0F395B61B36C818D330B6724720 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1980
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4304

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27099 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2100 -initialChannelId {8d4ce95d-cce4-4acc-a3d3-4bae7a09e9ef} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:2540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2464 -prefsLen 27135 -prefMapHandle 2468 -prefMapSize 270279 -ipcHandle 2476 -initialChannelId {336fda7e-2ecc-4cd8-86d3-ddfdf205f3fc} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:5136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3740 -prefsLen 27276 -prefMapHandle 3744 -prefMapSize 270279 -jsInitHandle 3748 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3792 -initialChannelId {c878f878-bead-474c-9315-a9db07217291} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:1716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3972 -prefsLen 27276 -prefMapHandle 3976 -prefMapSize 270279 -ipcHandle 3992 -initialChannelId {5cb7e36d-4a89-4b58-913c-94365483eef7} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3036 -prefsLen 34775 -prefMapHandle 3180 -prefMapSize 270279 -jsInitHandle 2644 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3420 -initialChannelId {50e15564-ba45-4b27-b322-ae769418d222} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4912 -prefsLen 35012 -prefMapHandle 4916 -prefMapSize 270279 -ipcHandle 4924 -initialChannelId {dfc4ea9d-fbfb-486f-8a48-9b808bab57b4} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5260 -prefsLen 32900 -prefMapHandle 5264 -prefMapSize 270279 -jsInitHandle 5268 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5280 -initialChannelId {3710dcfd-579d-4875-9660-2e7c2209c355} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5460 -prefsLen 32952 -prefMapHandle 5456 -prefMapSize 270279 -jsInitHandle 5476 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5492 -initialChannelId {ca11e6e1-3c95-4e62-ba91-392a62a2bcd2} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5672 -prefsLen 32952 -prefMapHandle 5676 -prefMapSize 270279 -jsInitHandle 5680 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5688 -initialChannelId {ba2b22b9-dee9-430a-aaf6-fd1a9c9ff39e} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:4492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6276 -prefsLen 33071 -prefMapHandle 6280 -prefMapSize 270279 -jsInitHandle 6284 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6256 -initialChannelId {2b73b121-1fb0-4b2d-929a-09bb6a099603} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4684 -prefsLen 36543 -prefMapHandle 5920 -prefMapSize 270279 -jsInitHandle 5908 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5388 -initialChannelId {26637894-76bd-4d43-9c3c-1d274664a0ef} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5396 -prefsLen 36543 -prefMapHandle 5840 -prefMapSize 270279 -jsInitHandle 6156 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5700 -initialChannelId {a6ef7d52-75b1-4920-8aa6-1c5841091ef1} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab
    3⤵
    - Checks processor information in registry
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 1 -prefsHandle 4684 -prefsLen 39632 -prefMapHandle 2716 -prefMapSize 270279 -ipcHandle 5436 -initialChannelId {0ac367da-9e3b-413c-ab8e-cf13cf4b86d5} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 utility
    3⤵
    - Checks processor information in registry
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6480 -prefsLen 36543 -prefMapHandle 6032 -prefMapSize 270279 -jsInitHandle 6588 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6696 -initialChannelId {9a8e808a-bc54-45bd-8f7f-2f9d0efbc28d} -parentPid 3016 -crashReporter "\\.\pipe\gecko-crash-server-pipe.3016" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tab
    3⤵
    - Checks processor information in registry
    PID:3644
- - C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
    "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:2032
  - - C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
      "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe" -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 2032
      4⤵
      Suspicious use of NtCreateThreadExHideFromDebugger
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of UnmapMainImage
      PID:7944

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5444

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:7296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:7464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2fc
1⤵
PID:7964

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault573d8652h2d98h4ea8h94eehbfa14d83016b
1⤵
PID:2152

C:\Program Files\jjsploit\jjsploit.exe
"C:\Program Files\jjsploit\jjsploit.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
PID:7500
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=7500.6476.9484427252170734047
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:6616
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x184,0x188,0x18c,0x160,0xfc,0x7ffbfe16b078,0x7ffbfe16b084,0x7ffbfe16b090
    3⤵
    PID:6948
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1816,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2
    3⤵
    PID:8024
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2080,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:3
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2128,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:8
    3⤵
    PID:2328
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3584,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:6288
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4732,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4720 /prefetch:8
    3⤵
    PID:7788
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4648,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:8
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2232,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:8
    3⤵
    PID:4248
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4868,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8
    3⤵
    PID:6196
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4196,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8
    3⤵
    PID:7136
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4800,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:8
    3⤵
    PID:8076
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=788,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8
    3⤵
    PID:7492
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4956,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8
    3⤵
    PID:4188
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4548,i,12223206269921293213,1826811057672094606,262144 --enable-features=RemoveRedirectionBitmap --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:8
    3⤵
    PID:5900

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of UnmapMainImage
PID:428

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of UnmapMainImage
PID:948

C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of UnmapMainImage
PID:5236

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1244
- C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerLauncher.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerLauncher.exe"
  2⤵
  - Downloads MZ/PE file
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:5012
- - C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerLauncher.exe
    "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=58627048f91df8616539aa09e2a33a97328e6448 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x7a0,0x7b4,0x7b8,0x76c,0x7c0,0x1e9ad78,0x1e9ad88,0x1e9ad98
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5200
- C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-5a6b6797f4e04078\RobloxPlayerBeta.exe"
  2⤵
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of UnmapMainImage
  PID:7956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6736

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:6544

C:\Windows\system32\msiexec.exe
"C:\Windows\system32\msiexec.exe" /qb /x {56E5B68C-C73A-4497-A58C-793C236EF40B}
1⤵
PID:2920

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:7344

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e579d4a.rbs

Filesize
21KB

MD5
8ec943e5e32b4480524c504b5d00be49

SHA1
270b5b6e7069ed9a9127bb136e2acc894178fef3

SHA256
67e07c20bde1e6ae17b0bb92bdce6de0e8da10d21ea8375b19f69e865d32ed11

SHA512
12ea622aadb9f22ad0903d9840d1a7c0795b29aa15d44d755969d052405b20065f8e68af19c134bb8e2bb1cf68062e802eda4ad64de1c744dc4870bb2a7312ad

Download Submit
C:\Config.Msi\e5cad8f.rbs

Filesize
26KB

MD5
45157eef3903c75dc4dbff4b89c31ccc

SHA1
2e6f13d4203b4b8b97bc6064947ecf2d50e36b33

SHA256
09f72cd72607991c6a4e25fe408c79dae4d8ff54cafc39fac5a8eca7e1e555ec

SHA512
039185373aab7a3ca883aa2c2657e48450c2340103132843476b663c45361481e1d024cbbabab1a0f43db41de651592d529614c6faeb00e1bf074dc3d5b406a5

Download Submit
C:\Config.Msi\e5cad91.rbf

Filesize
999B

MD5
443021a2c3e29da2c8118e4a6056d16f

SHA1
727a208655f77895173de25685aa686742d51ac0

SHA256
7662deb686a1a420161e451ad43b93970806613c43e5729b9d12f8c9123ea3a3

SHA512
ef4e97070a33dd8a9f4fd09e6f10a951ff91e95d7b06f43c3d9c4c996b643348235ea99a88bb3133cc356c9d8e304e6d9b0f5873a4448802b3052751410e42de

Download Submit
C:\Config.Msi\e5cad92.rbf

Filesize
956B

MD5
e0fb4a927d01557a42f8918d38d4a8a8

SHA1
ce59e20b27d5b4aaad1e6462217e968d3e751809

SHA256
e1caab2b2efcd42aa05c6ba0577279a02b1b1f1aafb878e137e592862b80e5d4

SHA512
d7ac32d37466f6042f3a19827c835e2b22bf59e0eb7cc8111ea26aab0ca180d1536cf189c4b9f9a99051fba67c064c1d1ae574f33eb452db1b12d736cc97edbb

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
7.7MB

MD5
a679a17f732d6c4e4799f4c2a5c00b4d

SHA1
79778557030a4ce1f0a31f1d93878c931bc932fa

SHA256
6472c6e314e51269d9455fbeddb982a6af07269420c23fbb09d2fbdbff49dcc5

SHA512
ee1843c3c4be3c1b82629d45432748b2e84c3025a19cf65fb9f80b6ac214a2d1411152a4ae196d5b02fe535bf6aecf2ee2a898f475394cc23815a30d81e679db

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioLauncherBeta.exe

Filesize
7.8MB

MD5
ef31b2fdb58e213111488632b6735a07

SHA1
bfb772951aac55eb497c9f243c95e66916204f6d

SHA256
642dea478bc70e56cc0a35ed5fa3533ec6c02eb44b7a18001abe7c894e02423e

SHA512
3699572c7e933598a73cde093fe5269a56bc97f6c3eb2f898e0a3768efa15bf895aa315a4fd733b6ecb5371daa893244ab13ba10ddba0458570fd0cdc4af76dd

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5556_1861992426\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5556_1861992426\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1425537014\_metadata\verified_contents.json

Filesize
1KB

MD5
28706ad42e4c615a683c2494bc0bd2af

SHA1
6b0465b3d5e85a3ea76c646ba8652c4dc0248dc0

SHA256
709bbb3e3a17e2b7bbf9f4afdcf465312695342ce4eb203df284233eacee086f

SHA512
e95da92f1ad5f56ef61a5992a1b465d46f36eff1fc85643cc5ab3f357b6f14d81a5b5590d0e18d4da5fcc3ac537a469fd0c15b116a3471536707a9716119fa5f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1425537014\manifest.fingerprint

Filesize
66B

MD5
5ddbc1878fe757e9fb5be515f8f95864

SHA1
fa7d42b5adf36a370a95a0abaa20c6094b2b47f8

SHA256
a0b13e5ecb7638ffd1e054301fef148b47ea17bc528779c56d77d4e7a6152983

SHA512
ae2a76a48c46a90085a46cf03eca6576ccfdff6d76c64f095c2d657641c73054581b3e8c8738d751f2f8465fe6a2298e01188f807175fd7f4d1995078c7bc1a5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1567748318\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1567748318\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1907505392\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1907505392\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1907505392\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1907505392\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_1958448094\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_34104176\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_365601466\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_547736565\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6616_679201688\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_1061770959\manifest.json

Filesize
117B

MD5
e31c8b67612fbaf01c993b51e826da4e

SHA1
65309f2bd6f45fabe9e75b842356853e2e6aea1d

SHA256
3c443e01a86ae358f8dc0533383061fb1319d754f8b7085271430adc0ff262e2

SHA512
de109a3df5856dfc35e3c79eba355d24fc7f459e7dd58aca0f7b65188f5e52eb9b056c64007c7788befdc7045a9e5f4f70665bf55701f52a263d0fc95bb8c2d6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_150706836\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_157097756\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_2085703686\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_2085703686\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_2102270015\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_775005569\manifest.fingerprint

Filesize
66B

MD5
fc16725ad2526b42e9970864e7362389

SHA1
6cdf46feb879c7b758660eced4b945347e0ed3f3

SHA256
c8234a504880936a0ed783f171dbed1ea8d79074f915ed51a5191021d11115ef

SHA512
2c33163a4ba446544e2eff16649e67ff20471fba7d359297cb1d974af53fcf76ac0ab1811535f4ee1df66739d2a47c6090566f0fa48e486c40f97a4c98908cc0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping8072_830419005\manifest.json

Filesize
119B

MD5
cb10c4ca2266e0cce5fefdcb2f0c1998

SHA1
8f5528079c05f4173978db7b596cc16f6b7592af

SHA256
82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713

SHA512
7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

Download Submit
C:\Program Files\jjsploit\jjsploit.exe

Filesize
16.8MB

MD5
4e81994d1ab52842b0bbae730c8a7aca

SHA1
53be8c7cc58352a95bef7dffdb87ca597abbe54a

SHA256
6fe6bcd64e65d2f4751cf5fc99eb62e68671cfb2aba31995b93c7429ed2fe04b

SHA512
f541f046370ea46b1c82898339e8ea57d4aff5b7d14c28473211d4212a3ddc0fc2e62ac875f3dfae3f5d33cdaaf7db6c77a56d99ad9390ad48065fd41110028c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk

Filesize
1KB

MD5
70ad543c02b75bfa4b43fb86e9888482

SHA1
ee36014c8086a0000634edb613ac0284f2a775ad

SHA256
c10f84b8aed4007c16b85af2e804cce52ee793c0d918d0219ec79405039a4000

SHA512
21f79a54de57e9f740e08418116baa53ea2367d2d875d229b0ed33ffca8ad97431b9db53156b24b2ff89cc5aca24a13fa31959b6e72ca7115a40a814ee7488c0

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk~RFe579f8c.TMP

Filesize
1KB

MD5
b3fc9fbaafe3c4fb1d41241b3c459ce4

SHA1
5e06ac303b924957958d0db59e43164a0a84fbc3

SHA256
c08d2c9c76205bdbdef4b78f51707ea0521fe5f8683fd900d5b2d0275e9ebe44

SHA512
494f05352abffc4ed8be24cbe6dfa0e2769edf77166206094c68817ffed6037f51d5dded6f7f4cc9bce6f470dc8914d5cc1327098c50e883043df9f8fc1f3dd9

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\00364d7b46a398b0e4b6bd52f575cfde

Filesize
262KB

MD5
00364d7b46a398b0e4b6bd52f575cfde

SHA1
daecf052a35c734a0de5f255eae7b387c5be4a8a

SHA256
b0cd7af5cc3129688133b4de831a743b5686742ef48354824b7607a43e54f509

SHA512
92cbfaedd744612ac305f82d265c52f29fd09e447ff340c2529549c7998efe93886623c652bd6ab90e752cd3aacc15dbf22c403d9ed43f18aa032730ec073b07

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\0c067c4d75131a999f8c98705dca38ee

Filesize
6.4MB

MD5
0c067c4d75131a999f8c98705dca38ee

SHA1
7bcc7f396545977f15580e138c9916e0ab0c70a6

SHA256
a08ad4ed1cb0d25c976537907e3416a06a84cc4d607cdeacf66ea363b7b3fcf1

SHA512
dd9514b3acf0dedac0916f409e01e28f43b0c9e4980e8ad03d2aaccb0898096cae7249bcc30f8581e95e8f7e2df58cd8e279d4f92569f618db1479a82b2eb4d4

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\15bd216e6fae9ca480c21db01ce4ae3b

Filesize
504KB

MD5
15bd216e6fae9ca480c21db01ce4ae3b

SHA1
ab44f299978d6ce76b573347f9693e80a2bced7a

SHA256
dd788f4010754d48447e50c1522b5a1e8ccf4ea457c7d80fba4f6f6b7f24633f

SHA512
1af9d9ede7147b338abba275225fb37655ef1bf866ff1fec1a9c9316c423feab1e6b33079c4064ac7994b9452170fe0cc6bb8f20d76591cf9b3df10fa9512a32

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\1d0390337d1a4a58e5514be1a9481ad6

Filesize
2.3MB

MD5
1d0390337d1a4a58e5514be1a9481ad6

SHA1
0c09b611223f335af2a42dbc371dc95ba4f18979

SHA256
c79f0eeb2bca4905c585c50333db3c6f727a554f5db82e64948f93668fbc18aa

SHA512
382e5d7a61398d54bf15bcd928ec7755817fe92a860840efac6f6417229678cb1fd1756c5a7c82e02754a23732f63882c4a640bc6d73d28f30110d0028ae6fb8

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\2724029fd2f49fc0ba0eb8991a806a54

Filesize
15.9MB

MD5
2724029fd2f49fc0ba0eb8991a806a54

SHA1
a8b18afa7047dd024338db1eff46264e5335301f

SHA256
11fc5c2671bf8bee224c82eec4df87d5cfcae60e524a277b3dd4e22afaf03390

SHA512
c1dd27967acd98c211d69f29e311605f4d27209334670a950681094d3ef723245c5db607ab738928939165d86f2dc7c0447e42c3881b24c8845b9f9d967e972d

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\32622161783a33a229827a2a0261cc16

Filesize
583KB

MD5
32622161783a33a229827a2a0261cc16

SHA1
0816cf0b1f0425e501b949dd36ba85704cc01618

SHA256
631125e9ab228ccc5ca7cc723eabc683bafa245f2e63b9fb23a55073df017c12

SHA512
827cc3ccaacb04df9fae9e8edc4a83ef7715bed19427fba872762f967fc918505dbc08516f3a613ce711dc443ad733bce9a30963c5e6adf08b03aa6796c680ca

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\4aab0823dc7932b636b42b0fb4c73254

Filesize
200KB

MD5
4aab0823dc7932b636b42b0fb4c73254

SHA1
e67e1865f3dc4f8bbc57a2ff64e42c59ffbbf458

SHA256
a53e3005b7e720458a271a1012c517b17a35c1af2a184a3f0837e7582376abc3

SHA512
b8c5c1c10b027cd373d13f33db7e470136b763b7d427f00606f01c683346e122359b6b94da3f9c68fdc3904382cae776e9d5c2d6de5d270a4ae09f6a9fa90148

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\4f23103d6f2f80089fb6cbaf29008349

Filesize
130KB

MD5
4f23103d6f2f80089fb6cbaf29008349

SHA1
ea48d587f8321bd1bbcd7f0ecb42c9d2fa47245f

SHA256
35f8ffaddc2f7e70317708dbdb2666d2364b348a9f01c28e69d442838168911f

SHA512
621fc4b03bcb4ff9f065c815a8d50515cbf82ed9273400f923d35adec96b7b9343bd51f4c19ceb314e73754a57750000b2eaa6973f113a22f6bb0d323052d89f

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\50c6ce5ff58f61239934f9d2538ebdb5

Filesize
26.9MB

MD5
50c6ce5ff58f61239934f9d2538ebdb5

SHA1
1c34b96411db15de8f79ef2fa16659ec9019932e

SHA256
f4545c335d2631fac00a39332575ea19a71d9fc5065719dcc94ab3918d6015ba

SHA512
d58ca0d84da00f38edfeffc760fd99e6edcd7a29fef3b800a4edb69dd61c902b9b2eb819f3a380f4702ef2a0c42d2257ff0d6de53a23891966228293d44f77d3

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\65e8f1889ac6d2c950d094524af5e4b1

Filesize
5.5MB

MD5
65e8f1889ac6d2c950d094524af5e4b1

SHA1
97c3348e4a1b0b9c7a5682628649076744eccad3

SHA256
31bb0d76acbd37045961c7435ea133bdc3fd3f6e081f0b2cf1ed3598af887092

SHA512
dfeaebfe8497be388500cd463195fd5ca1b2ba3b1b85b19bd8cc9f04a65efcbd7c2375de36db66051b284afe6bb45065fae7cab0ec318f34923318498b6f6e86

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\671fb1a7b360b7f4281af5e52acc2c84

Filesize
480KB

MD5
671fb1a7b360b7f4281af5e52acc2c84

SHA1
8ed1a2b9c734de55eb0514785097c95718a8adce

SHA256
b1a1e1e797e1c39277153b76df1dad2a8fe3edd1419540c4fffd3574a4485436

SHA512
26e3cc37f83142521bfeebfd2262b127e321e949a6e4477f17db793c8ad65bb23ae7ea8b45a433d2237fecf6d8447e907b25feb4fa3a26098ff481ee502b2a06

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\6afd47a719d26cac99abd568c21f2066

Filesize
802KB

MD5
6afd47a719d26cac99abd568c21f2066

SHA1
8941ead74cbcbba3d9a45ae794f6239041dc1bdd

SHA256
f8c9f80c413bbc3a95624bcc39fa7b00100cca26df312c58542308a8a331d5dd

SHA512
678c6252a38fd1a709e2536b5677732a70ff82feff1a71f62f36017027d7094c09bf1280abe36103ef61f130e732842fd6b30cc95f46d2465682ccdbc4ebb239

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\8f379ec2b22ff106b837d79f7fdbf0d8

Filesize
13.1MB

MD5
8f379ec2b22ff106b837d79f7fdbf0d8

SHA1
977223c04f192d8a157603c1f18d6d6a301e88b1

SHA256
6620658a6288e6b58b8d86aaef4e7734e10778974e9a01d364fc7aac4d35f10b

SHA512
1aa837f64e2d9652221ed5bdbf78c353e04a0536d09a3502a230b7f2f034dd404bef0e1a4ce57a42cd03f860f64965d94c2b638aa0994a3dd41fdbc6d751458d

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\909f4b9d7bc03a926d35e84d0c99ffbf

Filesize
3.5MB

MD5
909f4b9d7bc03a926d35e84d0c99ffbf

SHA1
25b684ba69d5704b6238bde0291991aa04b8cd30

SHA256
c139ad55acebf739689cc1e29f84ba7731dc7ffc03f70bbbbd16929e3d439ec0

SHA512
bb494e2af43f76ced9279dd01ee73a0326b2d67ce543ac27d0b9977c26ea2d59d5ef082e326eb3dcf164b1fa19b150412e942e2d0c007a2012d68bcb76a2a896

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\a431ecca42ac73a5714d071b5767e16b

Filesize
8.1MB

MD5
a431ecca42ac73a5714d071b5767e16b

SHA1
c6ee515c9471ef7876ac0f17d36058e671896604

SHA256
1674323f76249ec55862dfdf7b7d40519789975cb38ff34c202d45aeb804ea7a

SHA512
c981fd060dd74c8a9c5814a63a0140f746da00f644ac0cd1c816bb00f1c3f8cb2b2202202ee9f1fde5116a746d5c08db1dcf22b6cb45050f061eeafcf09633ef

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\a958080eda7a986967139c082782dacf

Filesize
475KB

MD5
a958080eda7a986967139c082782dacf

SHA1
e46d0f8a1428a277e5d0c57adeeca0a1a7bbc71d

SHA256
0c6356c35ae927019248836b8f3ddfbb087e01f9e45524a7f3201f83c9018089

SHA512
1a1e31f2f5e4d1e4269083b3718ad699c69ae9ddffdf9bc942b5441737cf03c57064ccb8186c81b65f5bf500965c1b35a828f82e4cd92cd37c98d34c725d2d3a

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\b1b3942bf90a0029a2ff4c94bce790f5

Filesize
79KB

MD5
b1b3942bf90a0029a2ff4c94bce790f5

SHA1
330c44fe25dd75db39f704e53e80e65e1ae09736

SHA256
b23ba4c672939746bafbcae7d91ae72ba94ed795095df96f5606791643a4beeb

SHA512
159eb326dd4301b213e158e8e7064be094f46845c91add80398a6164ad3ca8dcf398530ee9ab40535108f93f8ddccb644ad544853c6fe8b63f80f8e162d04552

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\b4b75c21ce05378163042dc45cec5834

Filesize
3KB

MD5
b4b75c21ce05378163042dc45cec5834

SHA1
0311014f74d6517ae7bcc5232e0e5e38993e4a03

SHA256
4d6fe68c8b4941ce335ce5597ebbc1f27ab02646e9af98af8a76875ad0fd191f

SHA512
d0a988d04601f2a1ac8ff24d136d8b82be783ae1a856a512f6cf867448175133844e041674f76564c20b1911ef47107287a8016ec61582d00dac23a1a9f72c43

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\c9622ecfbec2c14d30f390909c563124

Filesize
1.3MB

MD5
c9622ecfbec2c14d30f390909c563124

SHA1
e29362819705bd8c4605b587802e428f49e64385

SHA256
ac39ef36dd53c77c687dba333b3c15520e07d15b6d5accdd6fd97722e5541e54

SHA512
0202139174d294ff371bf1eebd23ecf6ff30ee43f771ee7f47d1ed86601c2fc727a19519facab355521ff73baa8f99589f0456dab76e160f3895c073d0c78832

Download Submit
C:\ProgramData\Roblox\Downloads\roblox-player\eda0e641a9e599b1e2e30863acd1cb11

Filesize
10.0MB

MD5
eda0e641a9e599b1e2e30863acd1cb11

SHA1
b08eb726542ea92eb1e30369a9fa84528619b5ad

SHA256
acd941fba075749de93a8f2ff41dbc94d215d6fe33be9bd4296bdc540d906751

SHA512
a66e438fa1743192fb903384e67268fcba82a25358f5c47328f170e6971271e174f180a089f1204d8bd57fcc179c501b467d374a21270b5f99de038b57621378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

Filesize
509KB

MD5
c1a0d30e5eebef19db1b7e68fc79d2be

SHA1
de4ccb9e7ea5850363d0e7124c01da766425039c

SHA256
f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

SHA512
f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2b267b86917d641943338576c73efa91

SHA1
ef6a7a62e147ede4a283a2eae56c1678fc5feb2d

SHA256
0faa19b245c85071e2d91bc5265003cbbd2318598975f3e97a8912c57120009c

SHA512
27f3a86a3163eb7d9a82e057dedbc181d8fde257b71de95b5417e4629508a940e34a52b05a5ac18e177a87e5e7d657dcedd18e694a013ed91d2e29eba24ffc73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4b2117b0fa84839ee86e0207a16a3450

SHA1
4abffbe3c8ccefd606bdfe12a4aa85696eae7fcd

SHA256
49b3dc0a1238168a133ffd5da4ce2a2150a0db49c3cc831ca1acacb494818ba1

SHA512
1286183b37a693274c4d8466ee5f66a938ca9648e9543346b6e9f06a70519d6a82655ded5bbb76558b13883b8678745f57bbfa755ca3b283330a71317ab962b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
53c045bac59ebdaa5610bfdcc2ca6724

SHA1
0c3f930692ea7da84cbe17bd42789b9138ef3715

SHA256
09362bae3745a99cd8dd55d63a7ce8a81b3bbede2d4647a88aad60beb1250c59

SHA512
6ddcac9e859cf6f6a22fe9287a35640e71a6a4c3b0be38e728bd654ed1dafba43d8918094a0e7e30f99c27a7c9289c5bf255a2824e55b917c05139395fea56d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
0045bd3c8e35f6dd1cde989d62ce2706

SHA1
d4a42b2e1ab210929d767de4aec0e5d1724bc22b

SHA256
a18e184b981c0a95809b360bdfaaf46e6ba9a7e8b5dadc09968ad60af61fd7ba

SHA512
f0f58411e5e7e4112fecf143759afe9d249ae09ad008ad7d8683fd680fb6412e16e5503e514e8e6ff0185838a4b5535855c1a353c63700a777def9c421843694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
5c9ef46a7d47c83a0b2f5d062c2a0b97

SHA1
cc304106b374228f6e7c5b74e81db00a1abf2adc

SHA256
4128ab7bb9a6dd597f8f4e6601c1c64d9df1a2f7c782551bf194f408f7e9a664

SHA512
cf8deb23679e2bcd4d4e0306b1c15592d6e86b4be4aed9d814ce7698875eb9d2ab47671c57500ec262556adb8020d26a64cf5417d30e907996fddd27fb6bbb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
12e0dc8befa98c9e17f03b6b823707f4

SHA1
cb40a145e96f22ca2e0561640285d031dd581c67

SHA256
061cd02c8228b9e5e330bd5cef307d52d4b70f99991aba8aecb05e56650fabc3

SHA512
c28bf1ae179d1864e98800455a353b0206506b67a9345e9435a9e13c497d2fad61367e9ff020015498659a5121a8912e9535830a8e878d2ac48ac60a0afc1472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b0e57e9295fe72929697e4d8a99f4a45

SHA1
46c5c4c3e8890ee788e79bde32b35164fa288ac0

SHA256
1a61b04135bed9047dec06f63dd4312d391ea74a8367be2a8f8217f499fee6b3

SHA512
a4f16bc7e2966ffd8c4a196d3db07b75f48c89badd6b05f8777b8908fd7d346ef49042339810b78e0beefd7cded637d0281a9f9f9f3630efa3d83e6bece1f0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58a3cd.TMP

Filesize
3KB

MD5
11ee83dc074045225db41ec345fbbbf2

SHA1
8f6e44e43ed48011f6bbcd4f5998022bc5cfca10

SHA256
7eb1280190a89d791f2bb5826ddff7c433282d49e5a6fdb15292d3bda6f6e835

SHA512
eea41b0f73a783a354f720accd0e8b338eeb4e62987a464c186b318e06027b572db2f3aae209e46633e6e70b2561b5a31c2760827f5728ba66032fb186307d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
a3edd644a0e8ccd610332c9a5dbb6f82

SHA1
d103c93a6a6e4ba992681ab5d7d4d9b34110ce24

SHA256
51e69881f2a466176ce260e82aa39b72e7bd4dc2462e697d49bc6901973a93e9

SHA512
5aadd9021f7a47cb76d4a62b5f8a9f7614e81852bea88a661d7e6dcd4edd783256c5a5789cec23013a4ffc7646ffc83434e433c27b1d401e6062e02aeb19ffe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
7cbf705638ef9e67a553a851c409d64b

SHA1
83af7ed19db8189ba66166014bc28aa297f3f810

SHA256
a91827e2c3eb2fd1d3ad63b306319544e93454a2fff540c81e0b9d161ad95ff0

SHA512
3c97171ca3a4e5c04039d03c90dbfce301dc0dd1c717af517403f620f38bed5c970f077684658d86ff36afeb318006fe74ef2205992aa19292fcac32a7744c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
169KB

MD5
c967602ad22e03032f1c1569a81e2058

SHA1
664c5d1e1e8296b7e50cf3214eda4969ffe2a99a

SHA256
c75bf9af6847c918444c543eef2ab36d2f34737a2bc80c943d35b6db60418382

SHA512
02a9a14536f886afbc95fee398d1f9a73b65372f3661de4c0b50e1a22f255f5ce6fd8c22b87078016d941c2e568d9a6a6d7434d43aadfecf8210494ab7bf7dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
353B

MD5
e8ab82ec67723b133cbc9bb24503c908

SHA1
e6865b05afb0e6e52100d731dec3f417e6072f8c

SHA256
e2822a88068d5fa96d07c65846c2e523dbce607caefa53e4531f126a696d51f6

SHA512
812d5d0c481117ab75ac26ada009acc3441b282bc9d1e676f81b284b538a7906791c976c2889fb0f86869a00ebdfcdeaec81a5f6b00d97dd17b30a2363a80acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\35833ba6-aeb9-4e59-b6bf-0a928a109f23.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
5d925fc8db7550e0517ae25e6c2661e1

SHA1
fcce088fda023ba4fb4940cfe6d767347cb89446

SHA256
bd950b87c67d85853b741631d9472d0e3c311731f07936244c15fd6865935183

SHA512
a643402e7f7f5ef5c5f75fb95efa3217dbd9ff3c771d28fee5ab96764c2eed6aa0390649d9dd50e4b60e08d3c006c3e0bcf94ff3772309df0e9a94c2b91dc1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
0b987b1c11f329c3bc9f5cda31c4a79b

SHA1
14dbddecc48a68fae1d53eae2959fac99d50ff5d

SHA256
6f9a91729f959aa3a7c4bc68dc06c88acad8718ee073cfd70785b8b01e663c5b

SHA512
aafc0397ed9ff753a86bf67eda3260f2c023073c5818ac7f2d44e8d183de1982d77738cf588983b603eda8b88a0c0a4105bae36b37ed5a0f1fccf8fabca06aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
d2a3914577f58d9e865c559624a1f65d

SHA1
70abf1496e22b476e4f0034fc79a6c1b59e3a298

SHA256
c76d6c9a27a3ed820338908461ee2cf0aacfc5954f910fc7fc1245cefde85249

SHA512
ce28f5679734ccf522766841be4bb2c738ffbd304e77692345bce73134a13592bc80b564ef261956ff8a1a909868b1c95ad116580c0c7ceccf8faa3a32f6f6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
9e1b414efd62801ddc0f96143c981728

SHA1
486e532d0795ddd1b6475f859a84aeb8bb94b377

SHA256
1752acad2a47d608384ab7f750c96d7d389a2996ca5f237db6cbdc1fb63b6e0e

SHA512
d6463fcd0c2f3850c6e48e195c3a63b1b50e3328732cb4b9eb79799440663756715ffa3874440709b7676f0f5116a330e37c50a1724f1704556f7ec02cec5619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
e89cd003c5d381e28fa0ef2c37349e7c

SHA1
8f278a6a060bc8deb7adb6fc5cd7b4bc27c951c3

SHA256
e0b2be51da4188a26c9d51bada5f2000065bac471dc1ccafd732fb04eb21ebdf

SHA512
8e824bdc9bd376322528628b4cda42ebe56ec7a327810cc2d507a820f7a3dcbecc97e883931d6d4b8b931224afe1db5bc5811102a8e9635546c1e544f421b324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
2541b963fed6c8fdee4d951ced94cc1d

SHA1
c856b8df01d58b5310f7c247fa4ab74fdbd525d0

SHA256
8e73b4a9c6836cfd82564ccf3e5662bb334411e675d07cd755d04946cbe27da6

SHA512
9d9c85437eae06ee5e30544199f8f46ea066cb1c936c5897915d7848f5b5e391521a369fb437215a75a34702bd8e30fe93b344fd4c37b5ef3f059215c90f72ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\04526fcf-39fc-4b01-aa62-315559f5112f\index-dir\the-real-index

Filesize
2KB

MD5
e96cef4910b6a432415cdf37e924b8c7

SHA1
7a8cdc25f6c0daca7e1d0760f75dbd8f8c22c668

SHA256
f700d32fb4d121b31f30bd1fd6fdfe15155cd8090e33ab26216b4089e440250a

SHA512
e1ff1620157f92ec903f994237098c973c7fb69b576f7d2d23c20286722c0f01077a39862cac7816cb37fcd0cd64cfd4b03010cc3f08faad45f982ae3f33bf8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\04526fcf-39fc-4b01-aa62-315559f5112f\index-dir\the-real-index~RFe588a78.TMP

Filesize
48B

MD5
009f7ea2b8a224085dc262b6ed401ea7

SHA1
2a350957060b29f473d8c1af66e77e40796013ec

SHA256
d555d04ab914ca61646dbded3027d481944293f7b2deb913e698ac6ecbc3652b

SHA512
2cbb2675859f23de8292635f08c8c6f3b2c96a8b2a734ac1109af8d89c26cf200cc1068af87b50a838a5124f29156f19cac7181ea806fb5bf0a17a3d8cb9829c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\afe4d5c1-f23a-4bf3-ac04-1d70e18fded1\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2ab0fe1-31b6-4b38-83e5-1149c636f7c7\index-dir\the-real-index

Filesize
576B

MD5
2ed8658dc7129676355c79e28279bcd2

SHA1
066056f4178b0990de81625f731b84241128b1ca

SHA256
452a3baa8755d458b27dccf43268f027c484cc31c5e6aa8a746d9d56db014a99

SHA512
7558a45442929365c2e4ca98f800b63547c3931ff6f8b3e76959f1eff749e529e1f78c65fcb3aac90902bd91b8186cfd4c0955794bde1a637c5a17225e492cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d2ab0fe1-31b6-4b38-83e5-1149c636f7c7\index-dir\the-real-index~RFe588cca.TMP

Filesize
48B

MD5
b0f575057ca510e715ea695e6765ac08

SHA1
b67193b0e168dc3f2af9801cdc4e4ac7156d9ec0

SHA256
8f1b567911a35234416cda45f3ae002e55e19c3943a3e276a3d32f40b1ba7a19

SHA512
dd231e700b0b22fbdf768c6483ef554d1d619c8f22805fcb8c875908ea09b361357fd63b1b0def865d6e60aaa28a5e9380d53febd1745594959a527ae87ca085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
276b96acd88de76177444de4db2154c2

SHA1
1c84b8355faf816de10d16b2cfacf9c00bcdc905

SHA256
009cf54ad80f8622bb947d34faba3e2f497a73b28a83ddbc587e014728c34ef4

SHA512
dfb8127c98d6e9d77291fa1efbc6a4b891920099de23ff1893dea959b8c9337fd67796fef79b5879395dc88092a13d9cb3cf946fc36422c73c1c961823e7259d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
f9e03e12e7bd9d167de1ea6c59cd1a78

SHA1
d00d11ef93e5fa7aed05dcfec1d50e6654eedb5b

SHA256
937d6d18596814f0eb2fa7f1cab7d593cb4756c9f2ebfd17766dedd8d0d0fd1f

SHA512
bcb6bd5d62e9437b2dfc05e33f1ba8bb3eb335f30f8c0cf556ea829205c0e3070cd6bb4f0b77107a20b421a011788bc2296b2f4cdf2f0f56a5b556a475bd708f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
4e0f2dca9bcfbbef54f9d19365da25e4

SHA1
a1d208f194fdbfe8b8ed0911054cbf2ca5c529e9

SHA256
ae432140d1803bd647189fe308d4c384806c62d6a3c2bd393bfa8d7e1c0a4947

SHA512
e55d88e440c1e5d6d91b450fd05450f824fa22e17ab243bf5ae028f3bd7eb17df103df6063858d3004e67e7d3c98d0d78c7fecc0219dc393d8e168533df4207b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
d483e818471806b571bd337c32700854

SHA1
037abb5ee885fa744a22b2ced8aba4600b3f1730

SHA256
e55e62112959beac6d2e61398e5d5e089f0c5241df0b761f5d5faebf124a32e9

SHA512
e76758523c9fea5a33f781bbbbf400cfbbd98169ffa65cdf047e1434471601dc788ff4b4b84ea8155f3d4f21d9ebd761b05b39f82fad66039db821899e0bc39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
247B

MD5
3cfe76a389b9563e5bd3f7a8865ca12e

SHA1
f21aba4d8e832d8991c9bb6da5632727a3ddcf7d

SHA256
4efe9eb4426224702d1fa11f651e5bd0601294f529f13cee9b2bf5b0efb33b32

SHA512
7737b70e8e49a68aebe9895b0bd7cd0ac3d34a7722d8361e23424b5ec3c42a28de14d2fca035a73b2aac125eb080a06559bcdd9fea0f9b0d873dc73442455cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
269B

MD5
829804dd9a475979726807bcbf837aa3

SHA1
89edd23332bd9b3478a86b8029e64b34befe8270

SHA256
be72163a97034a8b2041c372ee89d10a57cf983f8017bdd0f02663e8bc6a48d2

SHA512
27c39442f6cf53f404d74f72bc1af0760ecaffb78d90b541d80d1b1ed2769020652907f8acb18c36fe00048f164d6daee4956f3d598bf6e3d991093270e113fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
6fd230f4d4d55a1eb4d65920ce0926e8

SHA1
2353228558dff21e79faf995374fdef6b1607a82

SHA256
0d16095c97af86543286a11be1c0de7cf2d92b5d52d241c242f0b74a4af7269f

SHA512
a690e90822defd32c21164f5691f36278b275f3e6b3b3589e90e6d2de14a0b2df7da48aac0452b9a372884f5c493cda11b57685a0481f7d1cd8b79d04e3d20e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583498.TMP

Filesize
119B

MD5
efdb8fe35a74aa8cba89b881175ed773

SHA1
84ab27e2570e0ac85c07057426be4cf4dba7a26c

SHA256
e2bbfe10005970285d99189f9169e9b9f859422ba4091bce017b25df3ac57b1f

SHA512
d7e5ecd842d47f469d22f05625bfae67e598ba5f44990e7da672daa19605593e6c9ccd0828e9439cf4e7dd5321496ec93f54dcce456028786c4bc84961e9fb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
85c8284fe80e15738631d97f5dfee171

SHA1
2fc3031b544505204eb0849b30f22d5c6d8b92e9

SHA256
6bfaf27604972bb27609a1eaed883ccc248d42f3d0acb9a49015a0f19d7c2e1e

SHA512
d49a4a0736dd5cf893e303b53dc3152952ce1eb3269b93c8a8e59eb7f9b2a5c95a7e586387f432a813319cbc78849b9942a31161c94b593525d0f86c54e92a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
286f8d756b25a41c555e750dfd5c0a27

SHA1
6fb6f36f60d2e721c29381ad6fea49bb5d65e922

SHA256
aec22adb3cd3bdb6cfd6e067c0ea1d44ff49373dabac6d1e90b9aa605df515c9

SHA512
5e951d224c31c1b59269441f24b3eddb7ec625c8c861e50f32c2b02326a14d0d9cd0afa0e858698120a1a3bd1c6d82f2e593b0be578860dace6fa04cccee7ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5884bb.TMP

Filesize
48B

MD5
45902007bd4f847921879c8db6e569ec

SHA1
db28050c0ce2bff825ac6659df70e6e82e22e21b

SHA256
4469f972fa1f546935bd1ebfdbd132ffb3a97add9ba9273de2f7d1112c53e309

SHA512
9e7a92bb7437ef68ce2d128dcac5295669396dbca633ca0ee722fcfca0115ae66754f2a358e8042019fe19d978e6e2f43f1b34c3194ab0c9275695edcef74d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
244B

MD5
68de1b0e56f90384d3c1e3d5cb5d876c

SHA1
6f7269453994dc4ca60f435ea9651f51c106a47c

SHA256
8d99f981404b3fe4106df84d90230ea54c21dbbe4b10a7358b98dccd59ee38e3

SHA512
183a138806aa308de18d79609cab8c56ac235e26d8f0775397ec1f7fb8f1671891bcc967372c82cd5fc8ef0a1d036e3b11f8d85a0a1bc009fc0a1aeb5e0fc41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b90e44e939938e78e79305e65418de24

SHA1
cf6ea457f7b79f77547d674726d87a19ee130916

SHA256
73ff974b72ed475af530308bd8c5ff81413714663edfbd80b1b727b3c59ba4cc

SHA512
68776bfc2bc85da06b5f10b0e571bb1919f72c8dba73527019a81663f0677258dcc061ca8f1b95b7971f2371f4018521d54e8d6815d0927f7bd4c84883afa76b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
956eded8559a6d6bec4869272f5100f2

SHA1
3871f185371ab4c2aa08f63d61c4c1fa122cbeeb

SHA256
f78098145ef778d4c0f965c6d4bcaeae5143236a6f6a9f4ce9bfa10e87262871

SHA512
41acd57f8137615ebe90371243024744c3a48a05fd65a3e7b04f365421d523a5dd45fae23f8748ffdddafde0cd94a617b5ca6e4bdceb09390e60375a289a5c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
23KB

MD5
ed3301d7908c985612c47a433e115262

SHA1
0aafee1fdd28cb6e40ba486934b98310c5e1d630

SHA256
6c6cca75163c9739ef105a2be6821ed9e518f5a03de3cb7eeaec8dfef5c0320c

SHA512
c2e4c8b2c16fb76863cfef3081c5970fa9cd56fb1bafeb3f0bb14c73b3105e944c8e9886a3491d6c24a052f2d3f175e718cf5e15ec667dcee01c1cc68635d550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
f2c2daef029ff4a0416a2b022f1f5c44

SHA1
5142acc4b32f0a328b7743510f44e47856dfa1cd

SHA256
4a689a3dff47d24df47b2cb21c8bfb5b097ff49e735f3ff2385ef1a3a76c69a4

SHA512
14413d352d06e11b488f5f4909c352f0aaea0a10f54a20f62efd897232d6a08e81bfe3916776a5b61dab3183966a9b8952231e77a0f420c42adb0c5fccd95ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a720d3aa-85cd-4eae-b274-10a46731671f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
fe40a7f66099e20698afdf6b55451128

SHA1
cf3e5d3045df9525f043e5ca8405fd6e87245e03

SHA256
8cbb108ece686e63da31aca80d005bd2301f8f66c39725a56099e228b0e829c3

SHA512
c2660b827bc661a0886bfe91d007b9743b2479cf8757dc7722d9599b5e2d9fab2f9f53ae4406d5e2111cfce88a0255e1e55fa48e08621eaab410218d250f5589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
4285583c4ef81a1fc7faf904d95680c6

SHA1
3420f47a03bcb42506077db64173d9c3f83fc933

SHA256
5d39fb81160e8d4b3ff9329d28235b352011bbe57c76f14f25f77d2c43090f8d

SHA512
b57554d5cb0cef5f52395396874ad05df347e2e78471a88dfd678a2e805f618388132b45032f1051081badda45ce63286fcf706b2330cb9c851a0f9d7ebe1f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
e2b46926e88ed82bd3a64366277c7e03

SHA1
2ab193ea5e7822eefc61b410b5b5c018d08a0683

SHA256
b5855d03e567807258c9a2121db6e2fb2ff6da23932e6125f422808b3de9141b

SHA512
f536e3bc51c8392257926f09bb3066ffcf06f8d871cbf2ececd29b45897df319e0d93ed7bf1b6fbb205206ae1f3611e4af9272f875341a636e1cb6f695412064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
67KB

MD5
589ff9cfd25a1731988ef7cd7f965f7e

SHA1
880dac46de809d9e26cb148f9e67218855954c1d

SHA256
791a2d239d2bd1a78a0a7989022f816a087fbe308411950574b0ed2ec91cafef

SHA512
016b4eccce094286e443b1561186b6f3f7df4e7ed640bb170ee22efb7d3b5d984248eff7d0012cc2aab3304fb08964f852854c26fdd4b70ece8c10ac4c958f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
ffdeedfb802be281d677b187fe434086

SHA1
04a62c5e58a56b5c8aafc50e0bc6f77d68ea4eb9

SHA256
b3f6e5535713e457045a22c084b6db18ac23904cf1cb0c9652cd0a181db4c815

SHA512
f0528d090324083b11d33a62d0172449bd4e32870601695270e97a1cfc73555097c7c1b5b48bed88073a4c122371cefd41e35cc0a7230547895324ed19cc288d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
27869730cb16ca025905547c976bfc28

SHA1
4bab1a0c5de75b49a6d137f44928b3efbc6b51d6

SHA256
de3825577aa7cbbd99d5960c880c41c9bb23a2c18ec5e047c3298ed9c36512d7

SHA512
84f6616ea344073a08e1df1a497eef81a13f0ed1175a13fda6a5e7c7da883dc563259f29801bf6fc556ea883c741d09d714f4ef50605ea34a93b818159920319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
42061837099ad2e9edd1b79873675242

SHA1
b271e05afb7a6f2cef45086bd8bc09441de1312d

SHA256
f73665e5034df43401bfcafd22c819d0cb7ef39cf67de596c70242589396a3ce

SHA512
4c5934db5d27c5d6293b2ab18e2c63c0384ef0d84c76751d7d36e6c34d1855285bfbc23d55285a971d3037e2ce05f9997d9e3bc69d1afd9bfee2b1c4b8570693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
601a631f2378a9fd81fe6634e6c073d2

SHA1
9c0c9181ba43dfdbd6e2d8dc338f19cf3ef11cc2

SHA256
9210089dbd36fe9dd92eaeca2769a8a0e6254a4321ed7fdb1fc787f766226519

SHA512
986385d228db4d4bda3f333e9c1eae8336f9aab3144e7609f06e283e2c1e04751a333f2703680a44656c415a389ec808b9bc51f608d1f88bd828fe1274ad0c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
3415ed3720d0f1e6dbecd3ff4eb50c51

SHA1
7260e7f83d162403974069a27881f67488b15035

SHA256
9b8c422652f6b317ba6d353b1ec8e9f3f5e42847497900c92281a9cdb707b117

SHA512
cc20968d8d3f2cbc63c319394b2d1331dd12af6293c335d27e3fc24005ae2021f257231893693303e4d70e8981f2f74640e36e85f47b7230efeedcb99e31ae2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
26c12a8e1a7bdd14b3a8b6508c15d412

SHA1
8f3bd1695e4ee414ce57a28eec7e7157a4b2d959

SHA256
e33cff0d3a6995091f3aa79767f4f0c4da4fb30473fea8f257abbf43f91ffb8a

SHA512
e3342ca1f1021382c20b54efaf1f4f86b54f2b035dfb7b4f2084adb1e8f6aacc9afb43a5569e1284d2348e86c0c1db0ae5d956c1c873a483efe197b01567ec61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Filesize
20KB

MD5
60dcee9acff6a9169d255c1e7e67d3db

SHA1
5f3583e40cf7095192fdaa0af702321cb55ea8bb

SHA256
c082c101d580f5cb4a91f3d61a431fd307f931d177965029c0b09d6e4b279abb

SHA512
7d7a834a800fbe9647937e8df72102bdf38d7439e6a2649da068adee270c4908992041d42f5e65a3149d4ad9124254cb0074e27c3e985f118bad8177634b37fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
39f8c7c7c996f28d3c45d382d2d76028

SHA1
5cdabb5e00d0d645917f128351783d95f9967b02

SHA256
7c24c0ae42500c4f1d3853cf147e3bcbebc2f2c28c4f56497cbc4612382ca6bf

SHA512
ecd6f2f12930d270f9dcbe70fc19c7c9de4afdfa3523f19a6338732068988c3cdd7dbed8054cf623e24ac98e46a6172e7c8e9f459b92d9fa41a036eee3d097b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
7fd3ae772d92a0ed5a91cde37dc8d199

SHA1
7dc50a4fda74154d3786a1bdc66ffca155cdac0a

SHA256
edfc504c09d3752b3b3f09e1249ed633d0ee42786b2a07cbf9f22412f2bce077

SHA512
a7db234c8efa4544b7c827b5ad02fb1381e043e6a8a8e68aade1d22643abbcd2741d3cf01963b0110580e6b1fb652101f605d47ffe4389c0b093804cb6d1900c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58488d.TMP

Filesize
392B

MD5
e5db16783fc583ba9697317e57ed5f6b

SHA1
48ed6b43b11e812923cda93a469e7e7878932f89

SHA256
21cfe5db79a72f756852701241a7489d59ecb60f0852d87aae114a994ab242d3

SHA512
4b698b8b5d4f9f3d52a31675663be2761d061d277142321294eea6760a1c3bccca69132f5b492c83a5a709d0983b4974494063855603b4adab2e03c5f01a45d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
fe312ee0be65aa92e54dccc5aa4ae2d1

SHA1
ae5ad9965ec244084317f837d26a640042787c2c

SHA256
895706ef06d1f29783d69f22b808f5982c1ee05a26d615e565353ad68d3d1906

SHA512
f3f34afdb70117f2e4cecd114499cd244dc1f2dd49970faae07b32578e7640f427f780f969b4e5f4447b17aa19f580297d16f438d6e6a585a0d6ba1b47f08886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.1.1\typosquatting_list.pb

Filesize
629KB

MD5
55a53c39b452bb89a1f29665f03b078b

SHA1
3b7a93287d2fe88c6c06789a53773f2746f93b8d

SHA256
9097eadbd582b3067e59103b8792144f08c4cc016d07f5952423f35659ce3577

SHA512
2719f9f9ea0a064599c2ac99df9667cea431acfea04f77b9a1229d9b262ef3bfdfd9158a5f3407a2edae96e26f36ad9546b986eff0eed2b58e78cb0d901caddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ed8b8180-a436-4d21-8edf-97467953d2b6.tmp

Filesize
392B

MD5
74d758d63a8aaeebbf3adeecbe79d996

SHA1
0697e2fd3ba469e82e2530b6d525f4e7689bc0c2

SHA256
ec98b5d0b556d438d800f92a19813cdcf70833656cd8440017e45b23902c0f17

SHA512
7b5b1d88c777fb35fda4b46e3cfa9078826fba2476ff20fe8bf082e64d428472cc48fe79fb3a004320b4952599acdbaee040f7bba716e44daa995835a7cb1773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ec17d91c0bb2552455f34b6effa52f41

SHA1
3c8794a95d2ed0bc69009601a98a5aa638aada05

SHA256
c9d0782525370749aa7171c6a2f0a694bee384ed0c24498b1a778f4115edf54d

SHA512
16381dcfb17370f1a295528376df5883432b4179d938dc0b8a2e727e44868d871fed684dcc13ff0e64b9d80fe7b4e1849bc638ba484ccf31adffbdb4c3c7bbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LK221CO5\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hvtnam9x.default-release\cache2\entries\4A0675FAC04ADED265624AD1ED8C9003ABA0B655

Filesize
70KB

MD5
ff58e4bbd6b84ba9e10905efda3372b3

SHA1
6cb539c8e69caff70d6b67f8b4c7c6c98d2f99f8

SHA256
f3d035aab1223e5ecb3fa03dda6b3b126bbd9e1387448df4b1a969b9873e447f

SHA512
5387f9bba199e9b785f986c7e0de69db83258a90dc5fc3458445a127ab5efbd635d66037d8c287a5fa473d9959fa4d6d79f8d43f81033d741369720a474eb7d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hvtnam9x.default-release\cache2\entries\8C168F8214FCA35EC74F34FE6B08908B48937070

Filesize
114KB

MD5
cc85bb0a44469275c3b05e58eb4685f4

SHA1
d934d41a6fa24b350298b7aa621e04c62b121be0

SHA256
11de19edc87206cf756ec5136c244225e6fc78288f241d9b0892c8bbeec3afdb

SHA512
87b6c8e97c2116e3f802c3e662aaef053c82b0bb72c8d9804b921f3f6664af0bd954a48612ee9871705d8ff020f5e955e685b1e1be537756de65dd9c756d0c54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hvtnam9x.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
65d0f24bdbbb5cb3e1718803daa12ce6

SHA1
7334c99919825959a452b6a2b62a3e3fd2508594

SHA256
732a5f7284975e102149177cf59e5acc095210256d87e97152ac79aa349d7201

SHA512
e7996db320ce461319b0b6a05703e638c17b0eafa69133995a0b7ab665132b4432bee83e3e12a1edd1a3904099233ecbf0ea4b3989d30951ff35c611d2b740f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hvtnam9x.default-release\cache2\entries\B850D73D42C4144B3C66E28FDE891D1EF870F40D

Filesize
97KB

MD5
812f1919cec277164b6b87635e86c3f0

SHA1
739de1b23d966677e1dc9ad0858bf2b4c5b6a25a

SHA256
73f18f3d8acc3dadd5e4910308bc213209f2684cbe5e59b314525fa7352c8e24

SHA512
2277e691aa69b5af80ad1b6b7ce51dc3c2de1c48151cfdf09a401dddb677fa1ae3adad5eb40b02c458ee4a38f5adbdb942d20baf8a8cb0d7174d3725030cb06f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hvtnam9x.default-release\cache2\entries\E725373242D9AA00D37266926679EE8C7E7D7E9F

Filesize
1.1MB

MD5
6a7528c89bf40c184b4dbd6adaf68bf1

SHA1
541abc2bfd3e352de1f6d0d65a501b80b09017ba

SHA256
c28ec4b0f091228910b19a6d9eca6e5535f9e15d2c79bad2c156a19a0ae17de8

SHA512
6fe3c1c2be2b7d835c5b92fb9fdf0cfd1006ad15ad6fc3a02b346b99048353414814f2cba1196c9de3eaacc5da200c8f46842725dbc0771714be5576b63daf4a

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\d3ce7ba8150c6b4ed1ad1212fd1c021a

Filesize
7.9MB

MD5
d3ce7ba8150c6b4ed1ad1212fd1c021a

SHA1
703ccb1beb53288f7d6da1294c5fd5a0e6e3a56a

SHA256
327f6d9ac087b0614239a9234981a015b09a108bdc0dd97a2ae72bb1ce6faa5f

SHA512
606d6a8bf1c51247f78b7a2ecff7027b08059814df54f40c461241cc9254d31df08d24f1f0b66570849ad84993baf7dce9c10e02f91071834ab8269e76e8ffa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6745.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\XENO_CACHE.bin

Filesize
28B

MD5
78d58a032761f1b9767ce9a961560a55

SHA1
16e75b82eb992b85361cfa782e2eac73f627717e

SHA256
895c607361d12436b3c82f8e233278f594d1de2ac032fd9534670a26f9bd5ce5

SHA512
4395ec8d0e057016daa654d94aeac4aea172814193ee9c3d5717093636db0972fea522a5e0596427b7c89cc2ab7f10c9be7c103b12b0c4151fc7b221d13e0f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\edg6812.tmp

Filesize
28KB

MD5
583a92e3e37000f345e297ccf15e3c08

SHA1
76cee9bd8f27309c4af7aa52824a4d2eddb8f239

SHA256
82b24606ef96c7ee458df1be3e5a1ebc8714af9edeca19ac5b359d33a833eb3c

SHA512
42da33c01d3c7793ceb56f5c8a33f40a61a6ed6dfec437697e999443df5a3b6dbeaf9465bd7f18235c490c01ed87321628bb2bdf8a3eda6377488707d4ff35b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
0f5e049d735457ddc5f2c4e13df1aa78

SHA1
6a5fef8de62416a82b29d1fb24063f884b39bc98

SHA256
827304e42251d44fcc94b48f3a52fee00787cfbf789e6d6c6d28ddef1bd66421

SHA512
ea96d5f069cc84a1cf343f45db0e26cc2f9a05645299bccd786db3389e33c35451d346131584d43c22a95d30f0761700e8aa81fbdfa7d9f35aa0c950bd4a2769

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
b37cd2a50d1c932fcf9a37a4e9f01564

SHA1
4f8720bca499b1c01159ad49952377e7a7ef79f3

SHA256
ec6a562550773976ddbe4b9e01965b49c9acd54808844974e35464329370d851

SHA512
57b0e509f60271d28cd2a96c2554bf63816ac692d33d3108a7b9452e43f89e323f25b75be4d80ce05bc35e4bfda8bea0b06b35dbfaa5f6573047341be0a04ed9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
0c5a90ff7dc59c338d583dbe1a44bb5c

SHA1
db2a68bbe8111ea05d248386bc6787fdd7820645

SHA256
d010b16b1ea913e9a8388ac56e9e14190987800aa596ed60b108a14b8afa5f51

SHA512
d425df266c23d2f261b7f8684132b82aabef369dca76a85f4f651cab699a83e7e5aa7a742ba72fe1f627f3fe328cbbfa5f771f68812ed53cb2025847df208be3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
8da8776e58b221b51bc6392580b200ce

SHA1
03df23e041cfd05dae9cc33503cc5a620c10eec1

SHA256
920e67cda210ddacd056f43778cba0ec91148dc8f49e23fe661c65a11b922c2a

SHA512
bd51a2bb5956b27b1648ee1439dec92ac27f0d65393d1afe4e42dd585da38232a3dbf43e090b00fad37c35a18d621add5085d08f9708aab4ebb40953d357b635

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
18edb98d925aa0def647254613706607

SHA1
0b559c3505a4b88f88a4b227063c42e2301045d0

SHA256
58040f4be3920ae40ccd3c0b847ae4f4ba815cac948bc23330733e18822befcd

SHA512
b4332e5c28e5ad6fdf9efabc4f3280cb8b6eea33db059bd29f0aa6af6004b23153118d88e8023e94f3a49f5e388ab5745db040fc58f925fbcfd269c16f407245

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6dfac31357e604fba73f4e00c694f89a

SHA1
921980cf1f215f071cfb385d810ba0bef5a68741

SHA256
6908eff7808c0ddb337e20933ad6026356325880f15087c53b97832d9a92f9aa

SHA512
def4cad71c6ee2c2b6309b4779eb0c45b6ddb4f0b5f2ac0f6c6af97a6301ea5fa097cd0b353856df880bc75e6d0ca496ef3040b68925cc41807cb3754f64d89c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
c454debb6eea18becf32973e37e1ac2a

SHA1
bfb2e7f17edfe905c407c839fcaf2ac29f3b039a

SHA256
eed630b0284ffa51323bdc18c06f9fa4c8baf293c46667ec4a1682ca6c983575

SHA512
66927609fe7a3aa17882ca33fc788c65944b3dc76f412e71e27a10ad5d53f6df0348fe68cbb0c372ce3e9654fad8f58fe9db91fb5b74abc007a5c128754a961c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2b0db368f801cd4ce1e11d40b01cc5c2

SHA1
7241006eaaddaf1b31e48aa101641eeced9c855a

SHA256
68e0ebba44199b893bc9593417fe01902ac7a12ac7d2c5f96001aba935dac204

SHA512
6facca9f3507fb87d985d23c53c324406d4b606ff72691aec5d9c9eff0715f3e64a59aa7bf034fa27af27abacd37c6c46406891171a2103df65d0d1e28632e28

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
52140eb8c6ca11f0aa8772230e410995

SHA1
6c6671137c86bc5faae1498ff461498417652ab3

SHA256
6ac4dd3bfdd4703d4050789b6b3a05f593899cb66e214812408311dd22b231f9

SHA512
d3742cdb28095ea6f50c21c02da4b33ceff44f0545cacfc6ee77e28c10a65314078640c692f276c89acb5713fb03a3b33488e1084802c251c0193ac205558cfc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0da081dad577f23222ee4b76735105c7

SHA1
703ee69dbd47b1c0a1e57d03884cc0c15afc9c11

SHA256
fc98c38f978022a1fd939342267a773cd2616e07a594e586909e2289e8fc9987

SHA512
ff1ccb9a1cedc41f223535b342b8ee1cea3724580305e2d9df96e6b85ea3bf77692d058e3fda9a9c2bf1755498066039ef86173078ce7199b932416084d2ec2c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe58505d.TMP

Filesize
48B

MD5
445defdd0694accc215c72bcbc15cc78

SHA1
7353b7633ed007a9c7cb67d2bc6b06e4b71578bf

SHA256
0015c4af4a68e8632832de8a0839aab7d84ab10a47085a39ed3973f641b678ad

SHA512
62a6cecb752bf68d30dc7eb4ea384e7dd6660dda4aa2a0de94e340b123dc2296764a1cd267a3ababa4e6ccd8bf86d1cda4fe6df9eb9d7dcdbc425b84cccd6705

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0

Filesize
44KB

MD5
d84ec1035afc043943ccc73afd465614

SHA1
6622a21143e19e59d48428a62264498535caa41b

SHA256
5090784d715f4b15196de09315d3f13a104e9eb32c53e4de689943e6061aa086

SHA512
ab18c3937711f241ab63bae1c2a23326392d319a0c385486533ff583c8455ed74db8a6e44c344b3e4192327db560b21bd73f2c92a9764948ee9a825e471ab774

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
9f91ab973848466568c8381f45460734

SHA1
b9d4e4ba43b58cf30c625c1938d7cc355f506eba

SHA256
a069ab5c2508da7711642d679fa946f8f23f95ba48e3fe1f70a2d0df6b97b7f0

SHA512
d89db752721cfb7fbdf5155f8b555f91721a08080dce3bb683671706434a4c901baa15c3bc1f5e7e34031adb3552be1a488d5353d151db0118da757476988d2b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
0f5c6831059854fd0b9e4bf801b53f60

SHA1
04acd547b79a28b06420287421c83606432a1fbf

SHA256
87b761c24cc6bcb4a585879070f48c93549c3dd7b68a0f16b7841f1f854584f8

SHA512
c192d6a9c534e7e57854573b6883cc4e07f9205e32a9030e4c170fa847fa92521c4632b4bb489f0d295b18366d49a6f26e58941926809f870548ac3eca2f1908

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
5219e4bdcd998858ef03aa6468641efb

SHA1
a7dab3b2fcee4591ca01401e7a36a390de2695f4

SHA256
f880b45d14c138874b0182525339b3c9b549ff81b778bbbffe17fda00730a1ea

SHA512
766bc014d42cbd9b3a78d207bd1e01b22b1ac7f77a9295eba1e4b351540989d5d0da6a55fc2e5792e7be4cbc5ad01c81a27d64ed9b52c89a9b2623206f527122

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
35c8f018b0255e4ca3e93a4a1f013994

SHA1
83ce6b0f871e9dbada7709341c2b747e7b2ac90c

SHA256
6f50bfda2509d4f70e55e42f603f1778edb950308291d3000cda3390e5a97ad5

SHA512
26c9bda76157425cfb929ba68d0c5ee0c7796e67b5ef341d0f7a8c8fa1ab748876a8eb82cfb6a7652273f587b042a132f34c94f46807b1a1060f17120cb8c52b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
97ffee666222d4fcdaaa3ef940570516

SHA1
e5b217b0baf04ca22546c8e8b84c694753e39a23

SHA256
8bc185013875ba7b0b1dd0dd4bc1f698d922ebd8aca6031c71967877c9b4d57e

SHA512
3b0bc8cdf07b0cd3c2135b2af7f33d36550d917cbbcc8b5fbafa8a4126a89db1754cb053cfda042f3021c48a717186ef9a6b0543f2966ca84eb397df38395cd5

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State~RFe58f94f.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
644c54f9541c9168fbcfbf0dfd073dc6

SHA1
2c5f3cee86e94cea04c004a83c4cebab6e0ad465

SHA256
6bec521f45e7e094a15c992f45c60bc31cec0e016d700b2edc788b25c0bc529e

SHA512
884ba6f9121aa436d0e7c34a3543a4a47418db700b535444f65b6bc88cece192246a5b23c7b0bfc9a4395a367e53dbbd63bdd021397bd9ffd024170704baa323

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
afc05dc5e6a680a2f176c76925cff558

SHA1
82f22492c72a0b1fb62827fadcbd3bb86a262e64

SHA256
aee15adfece0f9af4988a618d97c5c1024f411abac52f16da38b18d6a723c7fd

SHA512
4a0d78796ad72dd79cb0d30f5dd773f31434d86d9ceca932fa85510541c7150d393aee087caae08e9e4ebbc2eaffd4a401fe9b6aedea1071513f4c86d3ae0503

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
19d07b97512a67e6148fe436d65c2e7e

SHA1
fd211b0bd9571bd96cd78b83a07e66503798fe08

SHA256
fa8cc0d7c3f520e0893aaba5bbf566879d24cd9b3854a7cd0917de6f3399a558

SHA512
66ea7446698510bdb364dfabce30fb4cd537a6c1e0c991b6e9fc4339054146467ddf40150f0fd76627a98da44d2e2d23e394a9aa83cb60d9eb521126c8e12d01

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
99219c1703f4bc110d7ee7acec23180a

SHA1
2b0ab9fa8540dc2d200cb0dd34dc4f68ad618126

SHA256
53c5fed436b159209d0a7be5e5ec470204b9f179d14bc59320d50983adecfa07

SHA512
1ba68d18ae65b6a1403f638bde38a674ea77efa6e50e1853b0942533add50889138e5ec9b4666b54b1601dc80d927d0a2b7095805701e4d58f5f2b48d1452478

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
752c1525075545b02f319a6a7aacfc5e

SHA1
8505b80ebfb3633222bae224f7732d50c641b0d5

SHA256
47dde7dbc5128ef2d075bb8b09834c46e9e691eae9fe48a0c4b01d6405dcd875

SHA512
e6b9d2c20d57a9ac6b412224ff5ddba8445583f3bf198059a8f71fd76ebda5884e94178c2a5ea0ea944fcc2bf4ad3c02c9cc04d9561146598857e8b90a382157

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
e56e9678634cf9dfe0fd12f320cfc58a

SHA1
ba5f05f0dd4d3d1408456132583089b909cab0a5

SHA256
d7aba382b08627aef31668396bd71bbde9727671d1502ae7b74913faae32e53d

SHA512
9d6ae2a24741bfe093ee33835f856ee5f6b934e072adcba0762adad62f44b35ab0c10519eb74df44dc7d52c12e1d95ed8d7abf1c89fcfd51902a2215019deb0b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
7e9bf47f07e9f5ce5b3dcf504f921d1d

SHA1
ca533d2015c535666e4d2b87428c978900b27866

SHA256
fc1e31d4402e60720f236e2fe3414d40fd1675748aa553f8d5c62966f2ec1d11

SHA512
14f33dbb6989dccf98230815eaf203f4bb000f597173f5fbd65818412d31ad12353ff4bd82648732aa0e1d6deaed908615dafc61713936ebb6ce812bc1c5172f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe583dcf.TMP

Filesize
1024B

MD5
3863a1b98546f7924fb717750be719ac

SHA1
289ef96a7fb8c4f9cdb2e5a6aeed054e2133e990

SHA256
1e9f33a24580e3e9bb13bf514b58fea9e9a7a1668cdab5f4999956d00be1d976

SHA512
fb187a21d6c44d2e81d623711875a71b0dd752dcefa3accac65a68503317ff6336ad6a6286af6a2b178cd237db230e6542b2352312740adb119dc7de502b043f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
6cb44a628d89fc69216a1b02015d2534

SHA1
259c468c4bda60c3601902ea3d900726627b8d4e

SHA256
de4942ce64d8b78a6cbeac953f05096e633139e392a2d248d92b5df4cbd67d06

SHA512
4e3c1f98fc801e3516ee6ae835135215eb0c46a4851fb8e61a23a597d81d8134e608932577361c9543f21c5325b22e63d6e6c442f8fadc477aab3c936937a664

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
d307389dc84ac5dac373fac5777e98c8

SHA1
a49b349ff8e9e11e88eae887634c2e4087583325

SHA256
35e6be3fedbaf37c37572b5d109b2b67af0271c11627cee8e8851e54341a2f3f

SHA512
0acfbd6a60bf73479eeb8e37fdf93021a9f05dbc4a6be817b56f4c9699530595ed9cc090946a8b8f4b12f5fd98b58610c140f7390872da2e22a648108360a37c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
fa6c383f1b81219cbd16567a8b42ca32

SHA1
41c7e4ff2aa1d8cd796f59448992d1924c52fe3d

SHA256
e94ab27c42f5a1d0428b68ac8e47beea73b403a3eac35ec2731019334024c6ab

SHA512
402a269914a354349f55cd6dc1141f0850c239feb5aed329dba49c2f099332faefa2e3a50843d6192b9cf40bdd7c37c152bb07319c5aff4826973c64704cfd83

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
84cea442e4ee5b163ebd50f0b35770fa

SHA1
054b0eb3b0a176aea7b8997f5c24db8c228c8399

SHA256
c77eb2db5817eb230cfbcd0628d6f5ffcec968e00bde64edcb232e11cd6c6d4b

SHA512
8c388a1c19e2b25c02cb360d84da2f3caff6d6787ef01cbac92c6dd76a7ef27894df3916ca08652826487c0e59670237e24d25d16ac29793abb703cc36348feb

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
9c092b5166c039d5bbb675f34d083dfb

SHA1
44d772e837d4c2f103635940c511af48270fc815

SHA256
5a570ad76bcb6032350a3a19479b42d325b46199bd67414e40fbf03cc600e990

SHA512
bc5e68a99f16bd490674f96a434fc8baa63c8c1145d61276122bc3e9d063787513b38336e2babf4381eea6205db7f9d01c6f34f1f23cc74a34c82a369971fb87

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
d95fb49d66e0812cd7d48a8d40c978dc

SHA1
4aa9c91f8078588ef9838526b2a377782b4586ba

SHA256
b575f8ec6383ff41c674f2a591008b45149dfd94e86d1343e098cb047eed9aab

SHA512
96b8d71f0f6d7633df8ee3191f52ed0e31548e6790264cc91d10a9e62be24b5883633decc2b999cada4660f2bdeaf920358b382ff41bcb79254c3e702d29f485

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences~RFe5862bc.TMP

Filesize
6KB

MD5
60c94a797a325eeae441d5efac2dfcfe

SHA1
ef0da3a8e66a59c9862e8b1db775bdb7c227e3c7

SHA256
8de269ef6f7232dcda665a249ea6d5beb20b23e0a5c2e00f0c050f244d8a1f8f

SHA512
13ca305c49ca8dde0bbb477998bc769a593d3e5095fbf99d23b32c926d7cc8a8f0e4c43645dfda851344114437304ec33834c8bb58388c5e2cb472d943883955

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_0

Filesize
44KB

MD5
e53d434ddf74c7c5c8edd46c91269f8a

SHA1
e1ab7cfcdd04228ffd41c68c212933e8710377de

SHA256
e81f5ba127d70931b1f1d3edc1c13c3dbd6a04e455ba948da3365c9a09f2967b

SHA512
a16c89c937ed32f7a1a3f05120929dd7f59baf20e88687ea2b1ac60550ba901f713c7ca49989b5854afd30fc1e880bab43eb46dab7aff7b1bf8c56adda3d642e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
27a9201a6d7892d3cb5aa576386c4e16

SHA1
670da11b9e588980258f7789b9a4ff6e34a64064

SHA256
e499f6e8ca5768a76d89ae44d2cc118033eb5d64551e225bfbf7e761dd6db3b8

SHA512
1be9d4163c9a57983c629770ac15a43c9462d89c37d986f984be968c24bf79f61112cd0d396ba2c1114d0ae8df2e5904b906a52a53c49a3c664c07dfb560f4a2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
315f8b749b318f68ab9c034c69b08091

SHA1
02df5b1cc7f12878af313c9f706be8e921430259

SHA256
d891bfb524130afedef98cdc20f4169ff40e3fe42814a7b43aa9648d1e607569

SHA512
1a552777f62400b1ef7d1b591fb5ed4e7f96a7fbd0fc1f3954bf1c6bdcca8ecd3aecab538e1adcf091528adcf24e43813dc671828724a4a41d2d681905fc940a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
19KB

MD5
ab80fb04a525ec0e2717f298712512b4

SHA1
7ffeb22be8413401a1ebc72f458cdefc420f46d0

SHA256
5df6accc6f11ce120d8b9e5760e57a132ab85722510b9b3e67091148c8092e83

SHA512
29c9079cc58ec4fc39765c519a5dc48033a05ae060359dbe9d29e5bbfb3b5afc2048347d15c3ab223c8f00b08c31900f137d6e6b31c7b11dc7d134cc6e4cf706

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
1KB

MD5
c765964e57e8564eeaa7dd1a4c350c15

SHA1
37174c8a21fea9fb8d77078ff7f9f83c30e72c76

SHA256
dc4759c931d5df4d57a2ef469910e025fff2f31105a4c751b79f3ebc889d24a8

SHA512
4bc9f1f353da253e9dcce7d69f6564c03ce0dc1403186cbfc48f064320c2ea23afa6302f4fd27bc79e368c28b38010a1789dcfd6679fce95d99710b476b0674f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
a2bb4c326456877084745dfa0a8e4333

SHA1
41dd405841ac6cd2e4c46d7ad0020bd079b97b57

SHA256
545fb2156337ed5c9e74e7a332dd232a999b38ba3ab1539a0055b5b602806fff

SHA512
faf0187fe41cd43be312a6ad3899ff205032e997761ea1be37779fdd8a51f7de082cadcebe4a6c3f98fe992b0c9269c04c6de43e1ec0c9a971e91e7f0867db6f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
3KB

MD5
4e85e2b19603a11307a554bee434287e

SHA1
6d59b6f7f79ad44bb8c6061c13817605ba323a3c

SHA256
85db8eb08250a1858ba3494bb20fd8959f2d79f0054c2376d4eed760f4c97902

SHA512
f030640db216a82bef0414e36d014bd61c54eae934dd1b3635caf07e2a27db59ccb0f5f579222ee964b75fc7070fad7c69972c2e9dc19de8e92439a1e5f4817b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
6a1ceeb4866a8460aad8099a31699a44

SHA1
9c252a6edc3e31ce0c50d1dff2efb158cedabf7e

SHA256
edf05b698708dff166293264a31e2497e4931c16f9e332ac722996141991a9dc

SHA512
1d5179cbf2285ef4320e9166815510b3600245e8cccc56ed11c156620531d115210dbd7a05fd8b8fc68f68e5b0e1e8f2ce1d9202f79740b58fcd23278fbb4742

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
18KB

MD5
5520f5e8272fafd8d4826804d66d3336

SHA1
c66a45e59156e22977fdbdfd2e0442a6ccbe9775

SHA256
106c77cc9331f0698d7025c831c4dc0728a303e7712ca1b870da7a2f65f1b146

SHA512
c720bb5610eeb89280820e553e9ca01589cdd7d492974a3eac57c19ff48ab4c543188e2859da334b08388841ab4823655850407d682372671aa30df42da4c1b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
19KB

MD5
31003929c77a64a3382bdc532d057554

SHA1
8d4ee95dd630424e8ac373dd1b9eef55bcd2105d

SHA256
6028ef54dbeac260ef658713e2a25d874c45556e7173d4cb0ae7c3a1bd9eb56c

SHA512
31445977d652dfefa1e42a80296d4b7d2510221005ffd612446a981311e88bb774883db66d7ca675274d285d0bdb549fe148c2eb7a800255df433e8954f4623f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
19KB

MD5
a98c70a7fa586d6c683f889c368e0197

SHA1
2c34edc017b626c10d31c795fe19cd4819daf3a6

SHA256
812a7f26a994b1bfedfe3c026c927713be8e9582710edb9a8d3370a77ad3e3eb

SHA512
03cd9b0502319ff3073e1c8148623dccb677d5d85598a5ac47d4f487801ab8714d0a1911a9c05dd04540869d009a89613117f2bb01659d6903b8b2e4222b73a3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
40940d36b22a03f4cbd4648e176f5459

SHA1
04b32766fd3992e9ae7229eecbb419c5c8ed5cab

SHA256
a9ff11e8908e7ad9a5759a96139398b7461f0d8a7c0ffa169002791e974b5700

SHA512
28a8f592198a298fe746d6674914fac70b2e1944e036fbf3cfe410f94bd4fcc655ac440fdf9f8691d93cebe98c7ecf45fce97a5b96c88e1f25da3fc3a906e06d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
18KB

MD5
d3bbfe05045f8a17f6bff5b1c0ba9413

SHA1
dd2df029fe94d5b80eb11480adb4ae60a026dc2f

SHA256
3aab010ab81faff93cef6a1917401620b95e55aae95075f029b52daffad9ef5f

SHA512
ec5c13c09766de1aef0c2dbbddaf0571f855330f2ea11ed0a89bec3cb05851d485b9fc2305d7f51af0ef7bb742fb16584597a5f0919a7d9b4d6fcb4f9b83354a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
19KB

MD5
96c9d9e1cecb64f64c94f4a21d7dd577

SHA1
c926965058b5e5040e2dbb092bdda83bf9afc83f

SHA256
b6ee50ab5bd346c326e3185ad850e5797f4ded7277f8951d4d18f201b95b3b74

SHA512
d05f2eec35fea894d8cb4af4e4b661245824798bc9697cd63d817241406a3f0f768a2f5d60285f1296f3b62d80496e61db8d244cae4c2a090ca3a5c52348905d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
e87ab9edb1d120566cf72f4f0f986b84

SHA1
8014091c34597939df449ee441e62ea6ed59244e

SHA256
8a2d60adf6822e16ad7300abf0b1bc8600e43b48a4750f0827ccd4bd14a85c3a

SHA512
50ad4a6475d2a5281d008d53c8671618794d10bcf99618d18a8b161a6bf7144521a6a29f6c3c655e2f25b5d8845879c1340251a036f5761dd2f38f6a66c8022e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe57e31c.TMP

Filesize
1KB

MD5
036d13a0f4d1b10bc558c851cafde8ee

SHA1
e24d533437a08dd051c7ca8166911bcb24187535

SHA256
22016eed5ec496f949a5cc5e738df154545c3fdfe957ebf8290a3e790f9a237d

SHA512
cb3aa927510468ea73b77781c281dff461f45ec03496a23071a0bb730ad354853b18a9cc02b97e5e9d654b37e0d0197ea06bafd69853cd7fe101d8ffb51df7ac

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
3cf16cbfc0bd0c1930dfa60bd028dfb1

SHA1
622e305f7466980cca916c3cbfd4c86ab0bf5abb

SHA256
08171e222eb3ffcec165004f520d8b0fb91201981a3133f87339f0cf26f18c46

SHA512
0c2872b75008e1cf58b633e0d035f67482c63f42956b91c6c2b82dd3f96e7d7c30fc0b1ea795e5fda0bf7995e92d8e464b3c72b4b51501315a3726cee80aff18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
dd3a82303d39d4d3863b0ed455f4e133

SHA1
61a63c1b1ccc4e2f495f09ad712e0fcef3dd0a22

SHA256
a74d325978bcbd89a239b11a5e5843ea78b9d455e1b53c79d1fdcdf8f5fe1be7

SHA512
afea7ac040905a339431c2b2383d665d9ad61ed94195b9293046f28b3258a5926f274e466641aeb0bf18a4aa78c06e4cf68373b76a3266b9d549ffa2d560ba6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\AlternateServices.bin

Filesize
11KB

MD5
ed8ea2cc2ed11c60fb3525a523e84f4c

SHA1
1a413aea02292dcd86cd39c0f08b0f9f629885f6

SHA256
cd40877a8720e77785c8764b6c0fa4ac268449057fb420ce037e6b3ced94bd7e

SHA512
802128bbf3405a3c60b5f0b62b8e0450472b329b75223c93abf283093a61573d85ab822fea72a2d06a9a1168d6796d0d1ed7cd0d8eec90a8101416fc926b1919

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\AlternateServices.bin

Filesize
7KB

MD5
65cb1045e95e450a69a7ca80c16a337c

SHA1
3554cda689486609f05429384c7a47ee93085d1e

SHA256
f500f871c7f8eedadfa1749d16270d526675573bd8275d8bddec50ffc5cb900b

SHA512
90c3d53b7c19c2edf79dafbeedbeb080b9a9e753b01595751d761a8de2bf68915a76560cc40770c2bda2f3b4e0acfb9e2e436151b982a81026401c25f62bc628

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\compatibility.ini

Filesize
198B

MD5
ce9ef13caa8a74c25157b184aa038475

SHA1
db03a9935d8bb3ce6b120aca98feade536805160

SHA256
252b7fff962848c61092e82a3d87adca163849767713a93ab533bb397f1f53bb

SHA512
0f6f5053e78167ef5cc5fa70ed3a87dd116df0671a590299277a197341bed983e3d77e37ad2c33cd4afe880fab9ed1c7f7502210040617a01f97a81c1e1d4f29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4bda28ef950a332189669af9185f25af

SHA1
4d96de8e9ef27d477ebdd9796f8cae01d331a7d9

SHA256
173df790a2a79d3a7f51ea061ff39f531c1e26cd12dac0fca4a82409862b1d32

SHA512
b4ef9645b7555a3d57507bce4126ab32c44259eda3d97e918c02f73248d15f8fdacfe372158df4bd240a13680f2e1e5d9dec05c3d4aee297ccc5bfa17d0e651f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
74450074330f902fe4f21fa10b5fd47c

SHA1
d8e094aa112487184e8c33a6f7beec4a5666677d

SHA256
52c147464ddf15e1f3264bb185debcd1bac16e995337f18d3281f9e4a19ae9f7

SHA512
beb086197d9b8f6a92c953fa4ec1850526a5d1cc057d7a270eb78cd8df22200db7a8f2ee88aab2a45764e45085f18c652f0e3cffd1858f9a36f923fd9840cfd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\db\data.safe.tmp

Filesize
49KB

MD5
513dffa74c72ad9407edf3cdcafb0edd

SHA1
1dbde05a0695b5eeb3797eaa1157848361c5f41a

SHA256
471b234d8be056f8f57a03d18f05b5db2a8d068046f569078d963eaf4f4dce71

SHA512
3e2077326edf2a7bd39a85539836f0aed0296950882217aecf458e39d2feedc1039400effed8d68f7ba5bde4fcab42852ea3e7d086913aabc5cac3f280555d77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
e53dc29466447c605a745bc849b7eafc

SHA1
b496a570db7e451fc948fb41e79e596a2d0d0ab5

SHA256
bc81fade5b1110a8d2ef8fb6b84e9706c5dba0c287ee50a127a8661468520274

SHA512
d7576207ff219728bff947d04ed773940dda7f42f8f81d8ffec3f076dc878ab075f2a358ee9a464191f5d81e1989682f4daf0780d9bbe12560cd97d6f3c5dcdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\events\events

Filesize
5KB

MD5
3e70ae691acad158b33d297de70f5e62

SHA1
2cd74b3bef5ebeb71dbe981e9228ac7ff6c0fe3b

SHA256
63ca11b421653772b94b3e1cfe2907585cfb0520d4283e9dc65267e7d86d2ba1

SHA512
2386d6040f56462e62a2bcc4de4e38b101172a50aed73c3ca8de563fcdec9ae2d5dfea8efa1027c3d9ad3bedb1465070cc288b1e7de3b4be9e71c244f77c4ef0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\51ab6d90-94e2-444e-b63d-e2cefacd2144

Filesize
16KB

MD5
306ffe13f238983e7882952e38d23336

SHA1
f91ed418764ac218e9262b9bb3466719c7c08e06

SHA256
d4088c84090d04bb790dd559f729ddfa23ddeb3c91adf0462e1f9e998abdcf30

SHA512
7864aef204856923d600d46c47fe30be8c40aedb7dccb3fbb62dbe46cd9e3b7cfce1979dbdbb0d513cb6eae0d3ae049dd14fb1b0fc45debb10b8382e770e5281

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\90fcf5a9-75fc-4015-b8ac-435426591478

Filesize
883B

MD5
23c678c0a43578f8b9331f014519ede8

SHA1
98f8f8e35aeae9565f171de605dad254ab9217bd

SHA256
560b48a1c319d12d2360953bdbe1b763b9e1d44a40e58db2ebb8d108b0e165d7

SHA512
fd5de261ebf92d36e728923bbbb973903df239ab861021812d06d32cdef4309763bfa00207c7c64b90dffad732a1ccdadfb93b07ca4e44090fb750bf70e9516c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\ab1fd527-0f8c-4e82-a7a9-cff536a74f14

Filesize
2KB

MD5
e2f4a873bbd9424b78f7d3aee420e617

SHA1
96e9965531597cf108ff4456f7da31e505834464

SHA256
d5e95f3758827825098e5bccf69e09ca9113f6e5bd21398bf40e64cacb91e091

SHA512
8911d1a36c7f79f6bfe9ac2e8bc651bebb7e067484942eb6ffc1a19e43d6ce0bbccded13b4484e3252a5d07536d1dffdb8d5350d83ca7b53ad406cadd3466593

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\bb82f064-a747-4cfa-95c4-e9dd894c0321

Filesize
886B

MD5
13ab5a872fc39c7eab7b742bf881c234

SHA1
ca8735507dc557925734a82035e7936ec9677288

SHA256
36f172d2d0982cffa085f7c7b5a35b05eeaf6e49f0bab44ea6c32b6f025f6542

SHA512
0fa2bcf19cdb132647518d7fc49d7df628fd3b883e60cae6cf7249c2c6a906da812d4c467c050763678f6ac38301a27ebdaf70943150f110f10be01e4c94bdb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\ef64a551-6eda-4bb6-b1ae-88f339b81856

Filesize
235B

MD5
9574537e66d036c5f5e558c9307cbb87

SHA1
f4614e6184e892e996dce9d7533b7b2c72d9960d

SHA256
9cc02c3d86145c141e15f23a083ebe1abc1849f3c866129e8b5a28005ea2b2af

SHA512
83a9c6130b17f4f4b4e1847b93fbaa1ece9ff6350673248aab60a51ef17a9f3be4b04ddd5e6e15043e0ab43e07393fb0bd6d5b04a2fd172f5c8d47caa183213b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\datareporting\glean\pending_pings\f648a3b1-e934-4685-8971-56bb50763564

Filesize
235B

MD5
4227ae91c701f0a625e085307b4ff3f9

SHA1
b9876198c0948b2df8c8c1348937030ccf50c618

SHA256
a9ea3912a331d2dadc6fa1c2f400c0fe4506463754927b2245509b94a220d4e8

SHA512
e621246d830ad3d3cd2f36a7654cd4889ee1825893badf5f38dc299511a9e15e8171ebcc8c2b4cfabd7a7f799358eb58fdff8baeddefd4f468bb8c363d0625c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\extensions.json

Filesize
16KB

MD5
2ec8e9e9d13b2556370a4437a69f71de

SHA1
33a07ba2eecc04ccdee24f8a14b61fe7296d8cf9

SHA256
a28439b1f2dc7c785f474d01ee800c75213fd8ddb5ebf538ca09b1bbf3ee4a7e

SHA512
56083dcf36e960eccce3c38b61768ebd04927699c1f6140ab526c0ea9e1b176debee1650b085ffeae6a0b0e69035d8aad217da0267489c375678fe03ddb4ab77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs-1.js

Filesize
8KB

MD5
038546fcbfd1f9df38942204828966b8

SHA1
d2c8c86b2adf26a94a2af35cf62f5b407a113083

SHA256
408b0f0fad5dfbea2369f9c2fa6acfd3be36785e91bfa790be4d4ddfa32341a7

SHA512
b90deb7be5419537dc60f47381a4ea1976a189bf0c957d683e9a0482c34f46ae1b0752899a9f64021e02961c88e4f98fb4e249cd49a82ef82f3d3221d628590b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs.js

Filesize
6KB

MD5
03100af26e5e1f51c8824aed5a8b09c2

SHA1
233acba1a908b81462e5cf5182433b3edb4d7939

SHA256
ff09e87787bf1f5f16957e941849c3ce6ff03ee874c4270599ba8666690c2118

SHA512
d130d4c75078cf648fc0b9e7cb12cf51d8f6542ba4b8574b3e7c317b67b51f21df96bcee077e402272f4576091934b383c0e99d274fa0aa5bf703e5223670e98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs.js

Filesize
6KB

MD5
b95f44f9148fdcf13eb111bd477d6a92

SHA1
e07231942fd5820d2cd959d269f964315ecee7a3

SHA256
6ca9b84c3c86e36121b9e9214f5ec37580914bf728673f51fcac8d633520a7c5

SHA512
1f0aef722c5843f988702718d1394924be039f7f713662c9b4dfa883d449590590de1420ce3dc49f20e259480934b09d9e7e1a0dc00486967e7195c9fa1ef847

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs.js

Filesize
7KB

MD5
0fa4d2444bd36e483f37705d6d0a1f5f

SHA1
542f754de12d4a65db933bc844881218072130ee

SHA256
ca6a3d33f9202ad94af667aa117259c0b74612ec1484e2ccf266cecda92bca87

SHA512
47d965f4844456218b9be95bfabe3831ba437fb70909b6981e41eeb3c52b3df37bae91f617b4230dcc852eae6a238ef13215b8e8782eadc851aaf4633d43fd05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs.js

Filesize
11KB

MD5
e3dd0c4bc0a9453e0103b6bfd7ca9b1b

SHA1
2e5fc0511e65e9a438908aa6672a5a0d99f5adc6

SHA256
b872b77f60ff84dcc38eb12628dafabda1023b10bd55b5e75db6441330f87210

SHA512
f67ff47ad0d3f5969451d3d5d6c67b9a89a96ec09f8432ee0ded255d450647ab56b1394fc536eb010c74d931774faca6c7b35623442b8e9a09af7483d77ec689

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\prefs.js

Filesize
6KB

MD5
c3a325deb757d77f3ce9c3b3f2a6c603

SHA1
969707ee7b7d88cd877f52709c34c741f58e4fe1

SHA256
121e4b524e6df8d61353b4d1a63beaad90a45667d3800adfcf9445a182f0882d

SHA512
5924daaae79b03fe37e21e2893d8672cfcf878ab0fcb4dd6c05a0a5ab0038c79db9d140fb1eebf47814bce05ac312f6ede65f13ed8a3d10b782385c468c081ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
d28a0d2f0aca03c6a3f944fe872bd362

SHA1
dd72d1b48b1144c0eaf9769d17f2f249e6213398

SHA256
0c46a2cc4aaefbf21cb2c1638d838a5d8d1a4f9dcda650b08204273086d938dd

SHA512
a0652849180c9d6873c56b49fa2943e9ba57cb70f4b7a6475ae06b85255af3fbf6e8bd5757c932b870a7287057361dc28ca6dbbef5e79af81e04253964ea8d2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
7af2a7e51ad7b366c356ac1603e05de6

SHA1
be3ba94d308ba1856023d57d8dbc61a209994b76

SHA256
02b72ebf501925d06d2c872bf24b3e2347a6d87a6acef24c0c2407cd4b6ab261

SHA512
65640f49c42ce49ee881ced749b4456b00b8d3be75d47cc2d1eaa284f467fcb33e8bc9341ced26ba2b5fc9cc59fb737df24da2f8dfa9230da6cb8f9ba72a681c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.7MB

MD5
ca62db2d1ef5c7ec0f6d9842e6db1ae7

SHA1
375c543546d1be6585ec27d37d9c174b32233913

SHA256
c04ee523e091e30706f75bcd79fb4fd820033e1801c452591a99625f1f5bbfb2

SHA512
cc5b150bbf024e7dca1b51ed25833e0cf87481e7959eeb87c42bb3d843c4916f99e193bd173e2960dadda9ca6ca9e77d082e3002a018c8a7979db5c68b32c9b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hvtnam9x.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
a59ec171d16f9eee6b8f8f2e7a399453

SHA1
1262ef41a4aece3b3ebb17eb4e533e1c7598bdc2

SHA256
57965e022ac5db3dfafd8869c44c2c45f3ad6d5dd7064e508a5ef7b2b726998e

SHA512
28d0cdfbccd8a05b53426a33f651956497d01ca09604abde31e2b47ade7b33c2f205ba8557a50c1736bb6422bd9deaad88c3f839f5cb9762b8232b49e00af518

Download Submit
C:\Users\Admin\Documents\jjsploit\db.json

Filesize
421B

MD5
187d7c241962712462fe0f77bddaf035

SHA1
f57438e86214fd691570e7a29de34f70c3c396e2

SHA256
b7db9a72d95f4c2319196110ce10895a695036e91c77144b7c1d844d8bb3959a

SHA512
250aa51fb7efe3ae6d68eb9639bcb2a66590c2932c18ce8f3decc625f08bc3c6efd4bf906b5116c34d3fa84648d7d5fc37b9ca9a51b4ccb056e27c9f6c3656e9

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerInstaller.MYmVqiKh.exe.part

Filesize
7.8MB

MD5
e7859398c10c098e678bd8fd13681f10

SHA1
11b731fc9b78dc9a742b2c06b79015fc911fdfb0

SHA256
e756ce2935d54ce1f9a57d5518bf47659a5eb4aefef72dae5349d8b013ee7f58

SHA512
7a75b55ff6ec09fb777b171e7222a2f3aa58c95d7edd6a60a2bd99010ea95542eeb7ca7e8cc52b93edb0677543d6003fd9b3d08915ee8b8f2b291668c85c4adf

Download Submit
C:\Windows\Installer\e579d49.msi

Filesize
6.2MB

MD5
900a51240149c0317a1a71738f6cecbd

SHA1
a207e7cac1d2062a5951cee7a4589ba52785e75b

SHA256
c70f0597c3f2fc5be12b58f9e8c297b09de1f477158b9de398f2068269f9056e

SHA512
b4db879d590d112a47bd0a7febd2af1c15ff8767daab1d64c202dc081bebce77840badec78f871da182154610cb068a4a52a9dbaac6fd4912580ab55623d6826

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
3f681db489c941b6a96b55855d3999e0

SHA1
797c636a99d9d64272f56f8c02c255339e0a8d92

SHA256
35f7197bb6889860bcf71da1769095706875a78a15e5609657a17d94bff18034

SHA512
978c3598c9eb52f3951d5526bff9f46076b4e97b0f223fd759b6c13c4cfcf36a491585c99c90fb1e5ca042f37b8faef6f3cbbdc312f1e2dc18baf8e47fa25dc4

Download Submit
\??\Volume{56358ab9-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{ef843587-c6c6-4aca-8d6c-fc7dbbcf4d45}_OnDiskSnapshotProp

Filesize
6KB

MD5
bee1b117667452aec2793844d0a66cfb

SHA1
2aec9814a8f4bfd98df29eb05b4521be95de8012

SHA256
a7743f0a4236f05de1128bd4af38e623c1802730963e47d28db5b93b8335668f

SHA512
8cf834a5b0d95819e3b434b2a138651fff555cabcd583bdc3c329b59ef8bbd4ae2f10b1bd9f8677ab99f82d0777aa7a2354c748155bd4b833559ec92b10143c2

Download Submit
memory/532-3706-0x0000013882D30000-0x0000013882D60000-memory.dmp

Filesize
192KB

Download
memory/4456-4688-0x000001C0DF330000-0x000001C0DF3DD000-memory.dmp

Filesize
692KB

Download
memory/6208-576-0x00007FFC2A280000-0x00007FFC2A281000-memory.dmp

Filesize
4KB

Download
memory/6208-1004-0x0000024982540000-0x00000249825ED000-memory.dmp

Filesize
692KB

Download
memory/6344-1005-0x0000014C35770000-0x0000014C357A0000-memory.dmp

Filesize
192KB

Download
memory/6344-583-0x00007FFC2A620000-0x00007FFC2A621000-memory.dmp

Filesize
4KB

Download
memory/6344-584-0x00007FFC2A890000-0x00007FFC2A891000-memory.dmp

Filesize
4KB

Download
memory/6816-682-0x00007FFC2A280000-0x00007FFC2A281000-memory.dmp

Filesize
4KB

Download
memory/7604-4689-0x000001C602D30000-0x000001C602D60000-memory.dmp

Filesize
192KB

Download
memory/7944-4759-0x00007FFC2A270000-0x00007FFC2A27E000-memory.dmp

Filesize
56KB

Download
memory/7944-4741-0x00007FFC2A3C0000-0x00007FFC2A3D0000-memory.dmp

Filesize
64KB

Download
memory/7944-4749-0x00007FFC28330000-0x00007FFC28340000-memory.dmp

Filesize
64KB

Download
memory/7944-4750-0x00007FFC28440000-0x00007FFC28450000-memory.dmp

Filesize
64KB

Download
memory/7944-4751-0x00007FFC28440000-0x00007FFC28450000-memory.dmp

Filesize
64KB

Download
memory/7944-4752-0x00007FFC285B0000-0x00007FFC285E0000-memory.dmp

Filesize
192KB

Download
memory/7944-4753-0x00007FFC285B0000-0x00007FFC285E0000-memory.dmp

Filesize
192KB

Download
memory/7944-4754-0x00007FFC285B0000-0x00007FFC285E0000-memory.dmp

Filesize
192KB

Download
memory/7944-4755-0x00007FFC285B0000-0x00007FFC285E0000-memory.dmp

Filesize
192KB

Download
memory/7944-4757-0x00007FFC2A1C0000-0x00007FFC2A1D0000-memory.dmp

Filesize
64KB

Download
memory/7944-4758-0x00007FFC2A1C0000-0x00007FFC2A1D0000-memory.dmp

Filesize
64KB

Download
memory/7944-4748-0x00007FFC28330000-0x00007FFC28340000-memory.dmp

Filesize
64KB

Download
memory/7944-4756-0x00007FFC285B0000-0x00007FFC285E0000-memory.dmp

Filesize
192KB

Download
memory/7944-4739-0x00007FFC2A330000-0x00007FFC2A340000-memory.dmp

Filesize
64KB

Download
memory/7944-4740-0x00007FFC2A330000-0x00007FFC2A340000-memory.dmp

Filesize
64KB

Download
memory/7944-4738-0x00007FFC2AAC0000-0x00007FFC2AAC5000-memory.dmp

Filesize
20KB

Download
memory/7944-4742-0x00007FFC2A3C0000-0x00007FFC2A3D0000-memory.dmp

Filesize
64KB

Download
memory/7944-4743-0x00007FFC2A3E0000-0x00007FFC2A3F0000-memory.dmp

Filesize
64KB

Download
memory/7944-4744-0x00007FFC2A3E0000-0x00007FFC2A3F0000-memory.dmp

Filesize
64KB

Download
memory/7944-4745-0x00007FFC2A3E0000-0x00007FFC2A3F0000-memory.dmp

Filesize
64KB

Download
memory/7944-4746-0x00007FFC2A3E0000-0x00007FFC2A3F0000-memory.dmp

Filesize
64KB

Download
memory/7944-4747-0x00007FFC2A3E0000-0x00007FFC2A3F0000-memory.dmp

Filesize
64KB

Download
memory/7944-4729-0x00007FFC2A8D0000-0x00007FFC2A8E0000-memory.dmp

Filesize
64KB

Download
memory/7944-4730-0x00007FFC2A8D0000-0x00007FFC2A8E0000-memory.dmp

Filesize
64KB

Download
memory/7944-4731-0x00007FFC2A9E0000-0x00007FFC2A9F0000-memory.dmp

Filesize
64KB

Download
memory/7944-4733-0x00007FFC2AA30000-0x00007FFC2AA60000-memory.dmp

Filesize
192KB

Download
memory/7944-4732-0x00007FFC2A9E0000-0x00007FFC2A9F0000-memory.dmp

Filesize
64KB

Download
memory/7944-4735-0x00007FFC2AA30000-0x00007FFC2AA60000-memory.dmp

Filesize
192KB

Download
memory/7944-4734-0x00007FFC2AA30000-0x00007FFC2AA60000-memory.dmp

Filesize
192KB

Download
memory/7944-4736-0x00007FFC2AA30000-0x00007FFC2AA60000-memory.dmp

Filesize
192KB

Download
memory/7944-4737-0x00007FFC2AA30000-0x00007FFC2AA60000-memory.dmp

Filesize
192KB

Download