1f6dbb268f7c795d282f5d5704f3f4b1b1ddfe820a2bcd1f58d6440dfe1d5239

Analysis

max time kernel
147s
max time network
156s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
08/09/2022, 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_Installer.exe
Size

55.2MB
MD5

f0944bac6d4354ab45acc2ca174b0c3e
SHA1

64174bec344c2fc34e37be3b3f2a818932f91a27
SHA256

1f6dbb268f7c795d282f5d5704f3f4b1b1ddfe820a2bcd1f58d6440dfe1d5239
SHA512

50d18e426db7066041993385702de918a1ad15f4f8cbb0e3ae7e013e750a02634d05b19faffc92c7d4785c419d97db4ed21cbe70aceafa0852adbeedc9d0183c
SSDEEP

1572864:JJ8WsLBVOrKhBD+HgOYzXNfeZtTJt0hwS8LlMUzDb:JJ8WGBkraBh36T7ZLlMUzf

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1928	JJS-UI.exe
2244	JJS-UI.exe
2064	JJS-UI.exe
2256	JJS-UI.exe
2668	JJS-UI.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	JJS-UI.exe

Loads dropped DLL 23 IoCs

pid	Process
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
1928	JJS-UI.exe
1928	JJS-UI.exe
2244	JJS-UI.exe
2256	JJS-UI.exe
2064	JJS-UI.exe
2064	JJS-UI.exe
2064	JJS-UI.exe
2064	JJS-UI.exe
2668	JJS-UI.exe
2668	JJS-UI.exe
2668	JJS-UI.exe
2668	JJS-UI.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 63 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85347911-2FDA-11ED-B390-DA7E66F9F45D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf00000000020000000000106600000001000020000000790b7d687420695605e02825041faa0328fef89e8595777c2926e7a1ed0765a6000000000e8000000002000020000000b54848eeeda5e98bc61859419cff300710cc85e6d20de3fadeb0caa0eab8a84a90000000f8b141af10d32b92e9e07c8fcfc96e41f3de2e7b2759de5632538da2229c4215fcdbcf64890fe4af08e3d41b9527f1f49889904130a992522176bed7b4b7e7c721bd691845c137dfc8322bb66a35556635eff6d7f379d4b8bdd2f6059b746b072cd62b172ffa032a1d1d59e1c5774814f5c6e66041e67eadb5e1e79b7494ec50bb76c5ada3e89c7d02ae09f25ab8257f400000007710c350e999edf18738db834bdb1668e2ee675b4daf3396848f72a3577aff180eff615e9c056e3e5346d19d158941f31846bbd0393b9437dbafd304331ca8ad	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "369450089"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8555E3C1-2FDA-11ED-B390-DA7E66F9F45D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0885c63e7c3d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf000000000200000000001066000000010000200000007480893ce61eaaca2998f34bf1563932d75d02017850334f8a7fdd106300c088000000000e80000000020000200000002b8368c3e13e708f7bcafaa2b5e37f54567dba80e0fdca8ed92785c75d0d94dc20000000c6e00667bfc77b8d196682759d0004c61f4cbcd57c00210e83d3869c61fc659e40000000f0ff1c36eaef62797b2325032185cfe663ce732ce165f4071b45c3db45350f44a7b5200c4c1cf77f5221e8abfad85e20a3a384b0dc050a17d6d3d901cd940d75	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
896	JJSploit_Installer.exe
776	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1708	chrome.exe
1708	chrome.exe
2244	JJS-UI.exe
1680	taskmgr.exe
2256	JJS-UI.exe
1680	taskmgr.exe
1680	taskmgr.exe
1688	chrome.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	896	JJSploit_Installer.exe
Token: SeDebugPrivilege	1680	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1680	taskmgr.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1680	taskmgr.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1708	chrome.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe
1680	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2136	iexplore.exe
2136	iexplore.exe
2108	iexplore.exe
2108	iexplore.exe
2496	IEXPLORE.EXE
2496	IEXPLORE.EXE
524	IEXPLORE.EXE
524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 672	1708	chrome.exe	30
PID 1708 wrote to memory of 672	1708	chrome.exe	30
PID 1708 wrote to memory of 672	1708	chrome.exe	30
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 688	1708	chrome.exe	32
PID 1708 wrote to memory of 776	1708	chrome.exe	33
PID 1708 wrote to memory of 776	1708	chrome.exe	33
PID 1708 wrote to memory of 776	1708	chrome.exe	33
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34
PID 1708 wrote to memory of 916	1708	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\JJSploit_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\JJSploit_Installer.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef69f4f50,0x7fef69f4f60,0x7fef69f4f70
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1032 /prefetch:2
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1744 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2832 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3148 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=660 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1524 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,5231999718949739168,362545729999990873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:1956

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1928
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=gpu-process --field-trial-handle=1052,12830852977598700707,2529273571380947300,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1060 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2064
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=renderer --field-trial-handle=1052,12830852977598700707,2529273571380947300,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar\build\preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1356 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=utility --field-trial-handle=1052,12830852977598700707,2529273571380947300,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1412 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=gpu-process --field-trial-handle=1052,12830852977598700707,2529273571380947300,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1060 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2668
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/channel/UC3YNONzSHPW12m3AT48fMHw?view_as=subscriber
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2108
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:524
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/c/Omnidev_
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2136
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2496

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1680

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
2ee9a0f10adaaf70581c6baf9027db75

SHA1
26bfbf914818dbb6916a2c79db3e6032b35ee3ab

SHA256
d20dd99e374b418a26ef55e81b54fbe276f32b24e27c843fce7ca077c00e774c

SHA512
e4a2be922f732efe9ba68155c448fd0613ea9ec212cc745c3e4dc71bf750003bbd0b3c84f5cb7d4edbac0926866c166aebb66b11689f81cf1e4a72e65fed0635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
5a11c6099b9e5808dfb08c5c9570c92f

SHA1
e5dc219641146d1839557973f348037fa589fd18

SHA256
91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

SHA512
c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_CF87DC3CD4D7D734E7613C483D179E8C

Filesize
472B

MD5
721eb245d022db7af3e30ad4e6b94226

SHA1
4a53b4e9ad119295498594089826bddea4d0b9a6

SHA256
6f350e89f4e7a0cea74c003493ea950c768ffcbea234bcf68a818b60842a2f3e

SHA512
853c57d9006561092dfb58baf67ddd1a8898447043c5c40f958ad52a14744dc7a9117e3202afd5027657151f3834030d7080a0c332fba8e3127d2a94b8559267

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d4cf2f31956fbcd829a626233895dd27

SHA1
406a06a36ebbce0ac0dce2c0c43c0a4cbcaf5658

SHA256
8303ed0555e1d6e5582360011b40db05fbf1b334694d3080d8bf9ed3cf1189c1

SHA512
3e691b52ce7c4d3499ac2bc7d957dc0feed94727dcb1cadc4b342688f5b127d8b8a44c65a4a87dcef876afc45dbfc7dc4a68cf06fe197040785a53c585789c3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
00cb798882a3637a9c88a80bb3b1dc48

SHA1
292921cd7dfe2cc7ac4d0b17ffc47ef8fe7a169b

SHA256
d17befd4d0015c8c3eafc27612f93d8592feb79be9706979ecf39626b596ba5a

SHA512
64833f91fbeaf64a1255abe3f34183cd73ad231aec035eba47d554cf388cfd50584ef31725cad72e93b98ba3fa85435e8acc99425a3997993ab1bcafb80f2ec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
00cb798882a3637a9c88a80bb3b1dc48

SHA1
292921cd7dfe2cc7ac4d0b17ffc47ef8fe7a169b

SHA256
d17befd4d0015c8c3eafc27612f93d8592feb79be9706979ecf39626b596ba5a

SHA512
64833f91fbeaf64a1255abe3f34183cd73ad231aec035eba47d554cf388cfd50584ef31725cad72e93b98ba3fa85435e8acc99425a3997993ab1bcafb80f2ec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
1cfe9adf2587f949ec751fe8cad113f8

SHA1
a449eb7c8305dc6ad4654b44ef7f934c30eed868

SHA256
90b9bcf11a11aab88da0a1a8416c2943da38c9c79ee8dc35ae9910958821a248

SHA512
96f17f623e606b79a057a7f59e7bd20e0f9e49583f17ee30161853d794e74ea7faf39b0e30341163a67975808ad825ab31a3215337c3235ad4465dd88f797343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_CF87DC3CD4D7D734E7613C483D179E8C

Filesize
402B

MD5
7991a0b1955c33cca06eab4977eecaf0

SHA1
5cf65986b79a8dff988907ec416005d20d2bbaef

SHA256
68f5c12ac56eab8cca973cb5c6b55523cdea351c1be2475d2e2b0af3bcd54bfd

SHA512
54678d21cc285cec39ae5c5559516abda8c77613e059664794f45be37ebb54576bb4194af29c63e01c936d8f5c9d3994e9d8ae45e7a084b3686e46212a2980ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85347911-2FDA-11ED-B390-DA7E66F9F45D}.dat

Filesize
5KB

MD5
848e7cdd0464fea8eb70dbb6547d9499

SHA1
81a7468b7b3cf899b79ad4b5cfe2c56eef5ef434

SHA256
a3e8f3060003790b3e33cdd0275bbb548d60bdafaa626e190157cc50891d8f40

SHA512
aec0db3e4c8a009cf8280d6be5d2c6c80110f78e5f6e31b11c95566677456d145eb58f3f6fae80ca3da125ecec1ed0d37f2305e3b48f1faeaa6ac41af16ac42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8555E3C1-2FDA-11ED-B390-DA7E66F9F45D}.dat

Filesize
5KB

MD5
c07398476c9807fb4612f5467f3a760d

SHA1
f18f228ef7ee7d4e6e66df64ab2d048835af11ef

SHA256
5f64f963b8715c6b2ab5a436db42fe636ffe8c8fc588e496572404fd9b3cca00

SHA512
695d308a8b4535683ce22021089947463955fd8b6d462aaab201472bac35f72042495dfe27c4603f44c3dd753eab1b86679fe478e8f6b3d5de8ed9d0284fffd8

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\D3DCompiler_47.dll

Filesize
3.5MB

MD5
6bc4ada9a7cab72f49c564e6c86b4c3e

SHA1
f0fba01542a0fbe585106f7efd884df65e8c89dc

SHA256
7d0d1290382ea0e44a3178446a0c202696237e27dbb5f8f0827691092b8f2228

SHA512
d7ec39514c104b40a42cd3ca956ba84f5a78f237a39f40d85ba54983145bce2dfbc7ec5e0cbc1bf8ab64d1d370371a7cba5e30202d2c1f37782db32486ed7f6e

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\chrome_100_percent.pak

Filesize
175KB

MD5
3ff806f44723cee528a1aaee4d3a289e

SHA1
56830e7ff31f803077aed774fafebd4e6c5e6c90

SHA256
65cb11d090b32e0fb3c740a736c13c0a47cb1bcb265c084e3de5bb7474fb662f

SHA512
03dafb839308d644a9943ba66838536fbd1f606cafe392f90925ce51766b5e3a9064d60ca8463bacf7238258beded570d5a0007f3ce11c14f87b10faa2da2977

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\chrome_200_percent.pak

Filesize
312KB

MD5
bd66e8de6979dfe12cbaa29390d11a64

SHA1
967916eb7587f0163fbce50c7b4822d06e939d5a

SHA256
cd584f20aeed80fe5852d5d5656a12d25d9116d6b805ddbec3874d310925df2a

SHA512
f77bd5004d8da54e8588ffcf6962b3244b8e4a9f6310d31f0c7c44d913504577c9e3fb858078705c384649fbcf26223d8f98dd02778e259a8924028f2be3bc1c

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\exploit-main.dll

Filesize
5.5MB

MD5
54d099a6809bb9b09a49e525e6439d5f

SHA1
3c401379d51f3e0748854014fcf7ab7e859ab2b4

SHA256
c686c9ab00a07595387f52888634c72fddc141d124e096ef583e6233cc46a615

SHA512
2ea592c304bb5733d1aff6728e5668f002b2272aa4e05ddba5fe63f9ad05a059ad6f3d711ad3bc268b5053b2f0dce4037d5d7d773f9594680bcb5dc7ef19e832

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll

Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\icudtl.dat

Filesize
10.0MB

MD5
3f019441588332ac8b79a3a3901a5449

SHA1
c8930e95b78deef5b7730102acd39f03965d479a

SHA256
594637e10b8f5c97157413528f0cbf5bc65b4ab9e79f5fa34fe268092655ec57

SHA512
ee083ae5e93e70d5bbebe36ec482aa75c47d908df487a43db2b55ddd6b55c291606649175cf7907d6ab64fc81ead7275ec56e3193b631f8f78b10d2c775fd1a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\libegl.dll

Filesize
304KB

MD5
2fec05027b1db52241c68b5fb6bb5ab8

SHA1
6572166b997d4a184839aaee860df62a2d4d5621

SHA256
8e246db7ed22106f8a30ec428310befdde0b20ceb40130ec974eebba2073b11e

SHA512
7a1b3819f82b83ee419337fedba664df9e76d95af5e44767517d720ad0e1518a4c0fc1cfdf34af9a1aa20c7a5736cf1a380208c39454cf02c567749893fa4c9b

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\libglesv2.dll

Filesize
6.6MB

MD5
10de79e499b2bf943ffeeb1ccf176100

SHA1
91cd06464698ddde2387e6629d71e91490adc67e

SHA256
675e2546dac53d77ad1e531713fcbd43cbbb275b7db8c0198bd3dbbfb2cdaa48

SHA512
61c4c124814e9d48176a3c9a943f42573af1c70400a67e5d7f753e21fcafe16f414f4c14354c8696b576cf2f078f534edb212bae5867f4e9fdc969f617f669fb

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\locales\en-US.pak

Filesize
75KB

MD5
a2201115723fd61d1e68ab001e6cdca0

SHA1
a97073e22adf7b300e702e717743cd249e64b4fb

SHA256
3333cf1fb2b0c15ea819787ba672d2274f3136e6a8729f2e5d2796b740688183

SHA512
e68c451602a0c2cd47ee3652daf1d74d87e6e61ebda9166cbb182301f03118b72288968695f85a1bcdefb45e4753ba7187dd5159b6694952f33238af39d89479

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources.pak

Filesize
8.9MB

MD5
5118ebd39acde0236a71fad2880add8c

SHA1
1daa8e701f17a793c0e70f4b0aa36fbb376962ae

SHA256
e3386c5fd98dc711a70eae7a9f6bf3139de3e9a15e3a022d343a459b747c6471

SHA512
925ae1d8c643e4f3c20221ae850a171e6032d9e391cf07e5efab4a4a29e8f6640973a8f0dc97704df5263ed93dfd4c32650c656fbc9874c98ab87c6131fdcaa8

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar

Filesize
25.3MB

MD5
34fb914bdde30baaf76fcf8f339a80a6

SHA1
d10d56f61a79c8067360f76e7a04453aa08d36ea

SHA256
02bd5b89a9c867e52bb409ea7ea5a8c1ad7f725ac48767a02fe99041186203cd

SHA512
31974c7312c2dca4bef38bcf7a9f2fff6bd351f08bda37e8778fe6d3253639721e737d744ecaada9e058dfa8492647d29584bc26da9ba0bfc49aad2c23e6f68c

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\swiftshader\libegl.dll

Filesize
326KB

MD5
cb5e28007c9d61871ceb5dcb2b657985

SHA1
f2fcd64cbcfd8657a6326c152b14f6114eb74606

SHA256
c3dc1eaaf67f0a8c7bf80dcdd2830d79c5d980fca19aa854512cd69c79df8b1c

SHA512
18635d1120cb983601c234bf662d85939f0046a84bfc652f680c078e52a0cfc41b2e2b3098f3a365663f14a9ea1ad51c93527370f58d57788e9ceea46b507dee

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\swiftshader\libglesv2.dll

Filesize
2.9MB

MD5
34c323f53fcc4021f446fb1e4c14ff09

SHA1
d4160430c8fb300d7d5505fc08d671e53f1e1b6b

SHA256
6202bf896139be5e8d7f38ffa1e68c65828ccfe02c33e7912c67883031f4647a

SHA512
e591366d71edf938ea5b921b2efd1647c73a97442c2fbe038f1f35e2fec0323848c20e6858189f655ff222672a40b3d8d31e1cb7bcb22cb00597e71d5172f655

Download Submit
C:\Users\Admin\AppData\Local\Programs\JJS-UI\v8_context_snapshot.bin

Filesize
541KB

MD5
bd06321191c06413bb9c15c3987859ef

SHA1
eb6a73a3429f3151632a05d5ca5e3590b782ed85

SHA256
cfbc1a5e921074913a87b1ce7d6d99cb4accf6d7926d242bd264846142dc635d

SHA512
48ddbd1d8c77857b2a2bee65f4b903441bd675fc7bf53e96be2a78557f85c00f27344e7cdd29352ec9977417b991316365d66f5e40b4b9884415693aba283ded

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J1M7AALL.txt

Filesize
183B

MD5
6495effe542a69a50c37d89f40499771

SHA1
624fdd7282d3495338f09bc921fcff5620e43eca

SHA256
af7ec65e2c1281d3d8a474b6d7c6a774b7b901fe7b947bd516efedd9162622ca

SHA512
a48f837c129abfc31441050ef210fdfd87ecba8f0035666db21bdc91348a5f62720b9b4272d5e478f0a51585c84a8ddec30c316d52071573a3d7226b737b7e73

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MMO2D213.txt

Filesize
183B

MD5
592288d8aef2af7a1762bd464f5ba053

SHA1
eda6ad571185ae8e4daec265b7872a9cfe4d89f8

SHA256
76983622e6371285ff2e14ff2a825c3da443ea13ece7bb8b383750bdeeabb232

SHA512
47ed544db938ed2eaa0616d5953484293702089fe00fa0297672ee22b9975d22e0582cf60e35f2cf424640ebd2557dd49f5cf2d9a0e1c5d7860880cf79e031d0

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe

Filesize
86.3MB

MD5
3bfbd514c74d10b5d0d803fb28b23651

SHA1
1f1ca5ba8b64ddb4a74665e4179ac3cf27e99158

SHA256
a9b47f62e98f2561cf382d3d59e1d1b502b4cae96ab3e420122c3b28cc5b7da6

SHA512
5ff8d1cd338777e99f93923d8382d36a3f147fd3ecb3952096274e10db88fc114c91c7f5133063a8e6090d5805a797b45f361f0c04b3418000fdfb323d2b1e22

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\d3dcompiler_47.dll

Filesize
3.5MB

MD5
6bc4ada9a7cab72f49c564e6c86b4c3e

SHA1
f0fba01542a0fbe585106f7efd884df65e8c89dc

SHA256
7d0d1290382ea0e44a3178446a0c202696237e27dbb5f8f0827691092b8f2228

SHA512
d7ec39514c104b40a42cd3ca956ba84f5a78f237a39f40d85ba54983145bce2dfbc7ec5e0cbc1bf8ab64d1d370371a7cba5e30202d2c1f37782db32486ed7f6e

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\d3dcompiler_47.dll

Filesize
3.5MB

MD5
6bc4ada9a7cab72f49c564e6c86b4c3e

SHA1
f0fba01542a0fbe585106f7efd884df65e8c89dc

SHA256
7d0d1290382ea0e44a3178446a0c202696237e27dbb5f8f0827691092b8f2228

SHA512
d7ec39514c104b40a42cd3ca956ba84f5a78f237a39f40d85ba54983145bce2dfbc7ec5e0cbc1bf8ab64d1d370371a7cba5e30202d2c1f37782db32486ed7f6e

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll

Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll

Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll

Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll

Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\ffmpeg.dll

Filesize
2.1MB

MD5
f193d766add1c6386ff6dbbccf7e176a

SHA1
c467242b06dd9ad3b81f47f3fd4cb2faf320f0f1

SHA256
cb7e3974970f4e306e444a4b605e4ed9a83fe62383cfa4897755c77eecec7893

SHA512
8ea7dcd2a417d3cb49ff8523a250ee804158101b355f61377f967d7ff309ec743e9c3c055022179c37dc736314ed73097b601c9376d11cf34d750049ab6e1984

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\libEGL.dll

Filesize
304KB

MD5
2fec05027b1db52241c68b5fb6bb5ab8

SHA1
6572166b997d4a184839aaee860df62a2d4d5621

SHA256
8e246db7ed22106f8a30ec428310befdde0b20ceb40130ec974eebba2073b11e

SHA512
7a1b3819f82b83ee419337fedba664df9e76d95af5e44767517d720ad0e1518a4c0fc1cfdf34af9a1aa20c7a5736cf1a380208c39454cf02c567749893fa4c9b

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\libGLESv2.dll

Filesize
6.6MB

MD5
10de79e499b2bf943ffeeb1ccf176100

SHA1
91cd06464698ddde2387e6629d71e91490adc67e

SHA256
675e2546dac53d77ad1e531713fcbd43cbbb275b7db8c0198bd3dbbfb2cdaa48

SHA512
61c4c124814e9d48176a3c9a943f42573af1c70400a67e5d7f753e21fcafe16f414f4c14354c8696b576cf2f078f534edb212bae5867f4e9fdc969f617f669fb

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\swiftshader\libEGL.dll

Filesize
326KB

MD5
cb5e28007c9d61871ceb5dcb2b657985

SHA1
f2fcd64cbcfd8657a6326c152b14f6114eb74606

SHA256
c3dc1eaaf67f0a8c7bf80dcdd2830d79c5d980fca19aa854512cd69c79df8b1c

SHA512
18635d1120cb983601c234bf662d85939f0046a84bfc652f680c078e52a0cfc41b2e2b3098f3a365663f14a9ea1ad51c93527370f58d57788e9ceea46b507dee

Download Submit
\Users\Admin\AppData\Local\Programs\JJS-UI\swiftshader\libGLESv2.dll

Filesize
2.9MB

MD5
34c323f53fcc4021f446fb1e4c14ff09

SHA1
d4160430c8fb300d7d5505fc08d671e53f1e1b6b

SHA256
6202bf896139be5e8d7f38ffa1e68c65828ccfe02c33e7912c67883031f4647a

SHA512
e591366d71edf938ea5b921b2efd1647c73a97442c2fbe038f1f35e2fec0323848c20e6858189f655ff222672a40b3d8d31e1cb7bcb22cb00597e71d5172f655

Download Submit
\Users\Admin\AppData\Local\Temp\389bf266-9796-4441-a405-c79811fb51e4.tmp.node

Filesize
117KB

MD5
80b6d5f12dfe42f21dc5ec5ee793ad08

SHA1
53aca73b99b75191bdce2a025151848b370dfeae

SHA256
0d7f23c4e4b1a3dd6e2e77465b4bbe1487a82e9681c327e48090abf3c726ec0f

SHA512
236fa76c080f915f221d0584445261b87c77425400f260555395f0f5a29ca3cffb6ee8c9e477d1d4895c10406e651c8d87771f1b1de889fca5bd6bc4f818bc9d

Download Submit
\Users\Admin\AppData\Local\Temp\nsyA9D.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsyA9D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsyA9D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsyA9D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyA9D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyA9D.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsyA9D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/896-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/1680-125-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1680-126-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1680-80-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

Filesize
8KB

Download