hxxps://drive[.]google[.]com/drive/folders/12_8O2o_9tufEE5Dvup-uVXVdvSsp1JfE

Analysis

max time kernel
643s
max time network
643s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 09:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/12_8O2o_9tufEE5Dvup-uVXVdvSsp1JfE

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	JJBotv3.exe

Executes dropped EXE 2 IoCs

pid	Process
4412	JJBotv3.exe
1736	JJBotv3.exe

Loads dropped DLL 64 IoCs

pid	Process
3180	MsiExec.exe
4668	MsiExec.exe
4668	MsiExec.exe
4132	MsiExec.exe
4132	MsiExec.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown\desktop.ini	msiexec.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	msiexec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
122	drive.google.com
1	drive.google.com
5	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\jdk.unsupported\LICENSE	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\app\JJBotv3.jar	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-util-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-synch-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\mlib_image.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\lib\fontconfig.bfc	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\msvcp140.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-environment-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-crt-multibyte-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\java.exe	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-synch-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\include\jni.h	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-libraryloader-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\lib\jawt.lib	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\conf\security\policy\unlimited\default_US_export.policy	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\cldr.md	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-runtime-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-rtlsupport-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\java.datatransfer\LICENSE	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\java.desktop\harfbuzz.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\lib\fontconfig.properties.src	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\java.desktop\lcms.md	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-file-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\prefs.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\lib\psfont.properties.ja	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-console-l1-2-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-rtlsupport-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-datetime-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-processthreads-l1-1-1.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\JJBotv3.exe	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\java.xml\xalan.md	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-crt-filesystem-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\JJBotv3.exe	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-datetime-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\lib\fontconfig.properties.src	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\java.exe	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\include\jvmti.h	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\lib\tzmappings	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\lib\modules	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-private-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\javafx\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\jrunscript.exe	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\javafx.graphics\jpeg_fx.md	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-interlocked-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-datetime-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\java.base\icu.md	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\javafx.graphics\mesa3d.md	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\lib\psfont.properties.ja	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.prefs\LICENSE	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.desktop\LICENSE	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-interlocked-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\legal\java.base\COPYRIGHT	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-synch-l1-1-0.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-synch-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\freetype.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\legal\java.desktop\libpng.md	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\javafx\prism_d3d.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-sysinfo-l1-1-0.dll	msiexec.exe
File opened for modification	C:\Program Files\JJBotv3\runtime\bin\verify.dll	msiexec.exe
File created	C:\Program Files\JJBotv3\runtime\lib\jvm.lib	msiexec.exe

Drops file in Windows directory 38 IoCs

description	ioc	Process
File created	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\icon1735593305	msiexec.exe
File created	C:\Windows\Installer\SourceHash{DEA6A417-B31B-3755-8BF8-D48DF09B7F61}	msiexec.exe
File opened for modification	C:\Windows\Installer\{DEA6A417-B31B-3755-8BF8-D48DF09B7F61}\JpARPPRODUCTICON	msiexec.exe
File created	C:\Windows\Installer\e5bd33b.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID678.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9650A088-8CC6-3663-97AB-26A9265C2570}	msiexec.exe
File created	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\JpARPPRODUCTICON	msiexec.exe
File opened for modification	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\JpARPPRODUCTICON	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3B71.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bd33b.msi	msiexec.exe
File created	C:\Windows\Installer\{D1519E14-2AB0-389C-B7AD-51E57DC3C2DC}\JpARPPRODUCTICON	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1BC1.tmp	msiexec.exe
File created	C:\Windows\Installer\{D1519E14-2AB0-389C-B7AD-51E57DC3C2DC}\icon1735593305	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C99.tmp	msiexec.exe
File created	C:\Windows\Installer\e5bd505.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID389.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\{D1519E14-2AB0-389C-B7AD-51E57DC3C2DC}\JpARPPRODUCTICON	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1DC6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4E9E.tmp	msiexec.exe
File created	C:\Windows\Installer\{DEA6A417-B31B-3755-8BF8-D48DF09B7F61}\JpARPPRODUCTICON	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bd33e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI662.tmp	msiexec.exe
File created	C:\Windows\Installer\e5bd421.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI393E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{D1519E14-2AB0-389C-B7AD-51E57DC3C2DC}\icon1735593305	msiexec.exe
File created	C:\Windows\Installer\e5bd33d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{DEA6A417-B31B-3755-8BF8-D48DF09B7F61}\icon1735593305	msiexec.exe
File opened for modification	C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\icon1735593305	msiexec.exe
File opened for modification	C:\Windows\Installer\e5bd422.msi	msiexec.exe
File created	C:\Windows\Installer\{DEA6A417-B31B-3755-8BF8-D48DF09B7F61}\icon1735593305	msiexec.exe
File created	C:\Windows\Installer\e5bd422.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{D1519E14-2AB0-389C-B7AD-51E57DC3C2DC}	msiexec.exe
File created	C:\Windows\Installer\e5bd33e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI867.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000096fabf83e47a2dea0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000096fabf830000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090096fabf83000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d96fabf83000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000096fabf8300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	JJBotv3.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	JJBotv3.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 26 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "198"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Archive [OLD]-20240806T093616Z-001.zip\\Archive [OLD]\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B1423C193BBCC4D34B6F4D3AA87894B0	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\880A05696CC8366379BA629A62C55207	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B1423C193BBCC4D34B6F4D3AA87894B0\714A6AEDB13B5573B88F4DD80FB9F716	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Archive [OLD]-20240806T093616Z-001.zip\\Archive [OLD]\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	taskmgr.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\Version = "16908288"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Windows-20240806T093610Z-001.zip\\Windows\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Archive [OLD]-20240806T093616Z-001.zip\\Archive [OLD]\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\714A6AEDB13B5573B88F4DD80FB9F716\DefaultFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\ProductName = "JJBotv3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\ProductIcon = "C:\\Windows\\Installer\\{D1519E14-2AB0-389C-B7AD-51E57DC3C2DC}\\JpARPPRODUCTICON"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\PackageCode = "80809DC84EB39E44FAA63F30C97387AC"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\714A6AEDB13B5573B88F4DD80FB9F716	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\SourceList\PackageName = "JJBotv3-1.0.msi"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\PackageName = "JJBotv3-1.2.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\Media\1 = ";"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\880A05696CC8366379BA629A62C55207\DefaultFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\Version = "16777216"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Version = "16842752"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B1423C193BBCC4D34B6F4D3AA87894B0\41E9151D0BA2C9837BDA155ED73C2CCD	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\41E9151D0BA2C9837BDA155ED73C2CCD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\ProductIcon = "C:\\Windows\\Installer\\{DEA6A417-B31B-3755-8BF8-D48DF09B7F61}\\JpARPPRODUCTICON"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\ProductIcon = "C:\\Windows\\Installer\\{9650A088-8CC6-3663-97AB-26A9265C2570}\\JpARPPRODUCTICON"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\AuthorizedLUAApp = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\880A05696CC8366379BA629A62C55207	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\41E9151D0BA2C9837BDA155ED73C2CCD	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\41E9151D0BA2C9837BDA155ED73C2CCD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Windows-20240806T093610Z-001.zip\\Windows\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\B1423C193BBCC4D34B6F4D3AA87894B0	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\InstanceType = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\880A05696CC8366379BA629A62C55207\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\714A6AEDB13B5573B88F4DD80FB9F716\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\41E9151D0BA2C9837BDA155ED73C2CCD\DefaultFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{B544B0ED-82C6-4B98-9348-8DCBCEB52ABF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
2908	msedge.exe
2908	msedge.exe
3252	identity_helper.exe
3252	identity_helper.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
4224	msedge.exe
4224	msedge.exe
2056	msedge.exe
2056	msedge.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
3320	msiexec.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
904	msedge.exe
904	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1172	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1312	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1312	msiexec.exe
Token: SeSecurityPrivilege	3320	msiexec.exe
Token: SeCreateTokenPrivilege	1312	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1312	msiexec.exe
Token: SeLockMemoryPrivilege	1312	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1312	msiexec.exe
Token: SeMachineAccountPrivilege	1312	msiexec.exe
Token: SeTcbPrivilege	1312	msiexec.exe
Token: SeSecurityPrivilege	1312	msiexec.exe
Token: SeTakeOwnershipPrivilege	1312	msiexec.exe
Token: SeLoadDriverPrivilege	1312	msiexec.exe
Token: SeSystemProfilePrivilege	1312	msiexec.exe
Token: SeSystemtimePrivilege	1312	msiexec.exe
Token: SeProfSingleProcessPrivilege	1312	msiexec.exe
Token: SeIncBasePriorityPrivilege	1312	msiexec.exe
Token: SeCreatePagefilePrivilege	1312	msiexec.exe
Token: SeCreatePermanentPrivilege	1312	msiexec.exe
Token: SeBackupPrivilege	1312	msiexec.exe
Token: SeRestorePrivilege	1312	msiexec.exe
Token: SeShutdownPrivilege	1312	msiexec.exe
Token: SeDebugPrivilege	1312	msiexec.exe
Token: SeAuditPrivilege	1312	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1312	msiexec.exe
Token: SeChangeNotifyPrivilege	1312	msiexec.exe
Token: SeRemoteShutdownPrivilege	1312	msiexec.exe
Token: SeUndockPrivilege	1312	msiexec.exe
Token: SeSyncAgentPrivilege	1312	msiexec.exe
Token: SeEnableDelegationPrivilege	1312	msiexec.exe
Token: SeManageVolumePrivilege	1312	msiexec.exe
Token: SeImpersonatePrivilege	1312	msiexec.exe
Token: SeCreateGlobalPrivilege	1312	msiexec.exe
Token: SeBackupPrivilege	4016	vssvc.exe
Token: SeRestorePrivilege	4016	vssvc.exe
Token: SeAuditPrivilege	4016	vssvc.exe
Token: SeBackupPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe
Token: SeTakeOwnershipPrivilege	3320	msiexec.exe
Token: SeRestorePrivilege	3320	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
1312	msiexec.exe
1312	msiexec.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe
1172	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe
1736	JJBotv3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 3476	2908	msedge.exe	83
PID 2908 wrote to memory of 3476	2908	msedge.exe	83
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 2400	2908	msedge.exe	84
PID 2908 wrote to memory of 3420	2908	msedge.exe	85
PID 2908 wrote to memory of 3420	2908	msedge.exe	85
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86
PID 2908 wrote to memory of 3768	2908	msedge.exe	86

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/12_8O2o_9tufEE5Dvup-uVXVdvSsp1JfE
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0xdc,0x7fffac8046f8,0x7fffac804708,0x7fffac804718
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1856472340573146143,781956372679684790,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2320

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_Windows-20240806T093610Z-001.zip\Windows\JJBotv3-1.2.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1312

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3320
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:388
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BFF669BD5ED5897CC324E16DB85F8CC9
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3180
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F4136FD82A31BE347007D84A261F6F74
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4668
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DB29723DCCF2A306CBE6BED294A3A413
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4132

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4016

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_Archive [OLD]-20240806T093616Z-001.zip\Archive [OLD]\JJBotv3-1.1.msi"
1⤵
- Enumerates connected drives
PID:1076

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_Archive [OLD]-20240806T093616Z-001.zip\Archive [OLD]\JJBotv3-1.0.msi"
1⤵
- Enumerates connected drives
PID:2228

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:1172

C:\Windows\System32\enu-0q.exe
"C:\Windows\System32\enu-0q.exe"
1⤵
PID:4668

C:\Program Files\JJBotv3\JJBotv3.exe
"C:\Program Files\JJBotv3\JJBotv3.exe"
1⤵
- Executes dropped EXE
PID:4412
- C:\Program Files\JJBotv3\JJBotv3.exe
  "C:\Program Files\JJBotv3\JJBotv3.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:1736

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38c5855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
PID:1100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:1320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:2880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5bd33c.rbs

Filesize
54KB

MD5
dc1172fe14627ddef1d9689cfec656c6

SHA1
192cfbe6bca562919e1190c1df21062690f0a9d3

SHA256
c87a2e09c793e5725436c5205d828f3934d1be2bbfadfe61be32be8b7e0b229a

SHA512
41ea6cf9278a362a304de8666bc7763b5e300c127836cd763204f42152a156fab4be626bb94b1bc4dfbb971fd344621508f193baa81e19f4d40943e87a258e96

Download Submit
C:\Config.Msi\e5bd341.rbs

Filesize
97KB

MD5
a38a973f5d788e2cfa30444f68d3881d

SHA1
14261e73c105ee2dee9feb6433b78513716d722b

SHA256
6ffc136b1bd6968d5241aff06f08f287eff3779176ad4fdf8d94343d51c6486c

SHA512
e3770c025808826964c842fb4413a051c9edf5af4119837d7f485711e50a7af5442f82c228fc4e128481bae01795aec188d89ae07642537b753ce592fc143572

Download Submit
C:\Config.Msi\e5bd420.rbs

Filesize
54KB

MD5
6017346356c0a6d628fbe324e5069a75

SHA1
2feff714d435ee81c2ef3d4b462599f4cd6bc0ae

SHA256
39689310ee19a1994aae89d38d9a5deba3e442a00c1de2982aa23736d5bfece9

SHA512
84cf08577578e4a004c5f76bec5a7c4f273abdc14f443024b0fe949fe83aa6d3cb31ef04a39e23143d06b7b4be2a36853a55023c68bef3f1ff8527b9e9daccd3

Download Submit
C:\Config.Msi\e5bd425.rbs

Filesize
97KB

MD5
0d7c04bdeb8ec2634cac6052e3cfce76

SHA1
8144d35ea181c25d1a5dcdc41ecaa4b7e57ab89e

SHA256
c1d064b734f76ef762c405183d4969abcec9deef65c11cdb235559e3dc524aef

SHA512
dbf1c3e7312f1eac152f2c73a60e0fa1ea04252269907cb3ca216e540d60fe81b6567092e1d3e53c601f323357186f9a7c41f3e1131bcedc88437ddecfd6922b

Download Submit
C:\Config.Msi\e5bd504.rbs

Filesize
54KB

MD5
ed8cd58bb1342b44b274571c7577587e

SHA1
6696856455f44045063614282c861b3b5f111438

SHA256
edc61c96eb4776664485fdeb9349264a376470aaf39a278b293166e6591cd160

SHA512
d38553a68d319c9a81e45d4280f19a5f74a640b69b25cdaf6268d7349682e28dcbacf5e786cd6344b8c88caa14457aa877fab327833c6b264ffa745846d48f89

Download Submit
C:\Program Files\JJBotv3\JJBotv3.exe

Filesize
566KB

MD5
ccfc78420b2af4397bc801d6984cb233

SHA1
634b548812570b28eaf01ddd7dc5e8b1c778332f

SHA256
cf890ee78014d4d0c072bc7a7ac84c90f9d25eb837b70b892ef1be4c876214fe

SHA512
47b84cd94df6c31b9e6024eb13550bd98a377d073bb30b31e3d11f1e6007560a47c83e6dadbc16897a3f87512503fe52fdf30c50e96a4aefc1672e46fabc592b

Download Submit
C:\Program Files\JJBotv3\app\JNativeHook.x86_64.dll

Filesize
80KB

MD5
e9a449971b9efb0a2e12b9cfdd95c076

SHA1
385777659fa84e94a3812eb9a8afad27ae3ceed4

SHA256
b8c331c9f915960201da9af9c9dc8309e95e7d533741e71f4a5d13ca007d3e18

SHA512
bbcaf66b316cb60c63bb190099bee36a0059f13fa35fdf3a9a3e7e9a5304abe57acd71d644cde554427825249b460d58f0aba79f599f0c6fa40d23ea21aa941d

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
07ebe4d5cef3301ccf07430f4c3e32d8

SHA1
3b878b2b2720915773f16dba6d493dab0680ac5f

SHA256
8f8b79150e850acc92fd6aab614f6e3759bea875134a62087d5dd65581e3001f

SHA512
6c7e4df62ebae9934b698f231cf51f54743cf3303cd758573d00f872b8ecc2af1f556b094503aae91100189c0d0a93eaf1b7cafec677f384a1d7b4fda2eee598

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
11KB

MD5
7c7b61ffa29209b13d2506418746780b

SHA1
08f3a819b5229734d98d58291be4bfa0bec8f761

SHA256
c23fe8d5c3ca89189d11ec8df983cc144d168cb54d9eab5d9532767bcb2f1fa3

SHA512
6e5e3485d980e7e2824665cbfe4f1619b3e61ce3bcbf103979532e2b1c3d22c89f65bcfbddbb5fe88cddd096f8fd72d498e8ee35c3c2307bacecc6debbc1c97f

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
1ed0b196ab58edb58fcf84e1739c63ce

SHA1
ac7d6c77629bdee1df7e380cc9559e09d51d75b7

SHA256
8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2

SHA512
e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
12KB

MD5
89f35cb1212a1fd8fbe960795c92d6e8

SHA1
061ae273a75324885dd098ee1ff4246a97e1e60c

SHA256
058eb7ce88c22d2ff7d3e61e6593ca4e3d6df449f984bf251d9432665e1517d1

SHA512
f9e81f1feab1535128b16e9ff389bd3daaab8d1dabf64270f9e563be9d370c023de5d5306dd0de6d27a5a099e7c073d17499442f058ec1d20b9d37f56bcfe6d2

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-profile-l1-1-0.dll

Filesize
11KB

MD5
8d12ffd920314b71f2c32614cc124fec

SHA1
251a98f2c75c2e25ffd0580f90657a3ea7895f30

SHA256
e63550608dd58040304ea85367e9e0722038ba8e7dc7bf9d91c4d84f0ec65887

SHA512
5084c739d7de465a9a78bcdbb8a3bd063b84a68dcfd3c9ef1bfa224c1cc06580e2a2523fd4696cfc48e9fd068a2c44dbc794dd9bdb43dc74b4e854c82ecd3ea5

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
e86cfc5e1147c25972a5eefed7be989f

SHA1
0075091c0b1f2809393c5b8b5921586bdd389b29

SHA256
72c639d1afda32a65143bcbe016fe5d8b46d17924f5f5190eb04efe954c1199a

SHA512
ea58a8d5aa587b7f5bde74b4d394921902412617100ed161a7e0bef6b3c91c5dae657065ea7805a152dd76992997017e070f5415ef120812b0d61a401aa8c110

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
fa770bcd70208a479bde8086d02c22da

SHA1
28ee5f3ce3732a55ca60aee781212f117c6f3b26

SHA256
e677497c1baefffb33a17d22a99b76b7fa7ae7a0c84e12fda27d9be5c3d104cf

SHA512
f8d81e350cebdba5afb579a072bad7986691e9f3d4c9febca8756b807301782ee6eb5ba16b045cfa29b6e4f4696e0554c718d36d4e64431f46d1e4b1f42dc2b8

Download Submit
C:\Program Files\JJBotv3\runtime\bin\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
8906279245f7385b189a6b0b67df2d7c

SHA1
fcf03d9043a2daafe8e28dee0b130513677227e4

SHA256
f5183b8d7462c01031992267fe85680ab9c5b279bedc0b25ab219f7c2184766f

SHA512
67cac89ae58cc715976107f3bdf279b1e78945afd07e6f657e076d78e92ee1a98e3e7b8feae295af5ce35e00c804f3f53a890895badb1eed32377d85c21672b9

Download Submit
C:\Program Files\JJBotv3\runtime\bin\java.exe

Filesize
53KB

MD5
6a1d9dbaa83468b895369b36189843e5

SHA1
1cef446604c3685b44b4159cd3172f2307ebbff8

SHA256
870244ba088941b7cf6df8ab85fc3f896c9978129eeaa896a139ef998ce8d6b7

SHA512
0ba97f4038c9617100b7521b97c4e408058cb0cbe36073a6c939ecbb29d0e50a962356898069db557df09c3252ccdb19789ef3331816f51bc56b4b688fa07564

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
2c146bc8d73b8944f35506241b9953a9

SHA1
ac64abd745418cea35c0506b9cb0331b171b51ea

SHA256
89384f8f64a9b7f67c8deccaa721e2d76b8a17026d8083630859ed0cd1a9b58b

SHA512
02713948a156baccb2e7c38646193e82fef65400c086644866b698bc3e0a8c155a8eab829463e3868ce2b8a06608c5ea6de1e390bff976c5f92e2e42dd6c04f1

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-console-l1-2-0.dll

Filesize
20KB

MD5
7a55e51d07e1f15221eb11479adbc53f

SHA1
8d8e2beff4dfa78372201b26a67b9dc4b116290f

SHA256
f901b0bc8c00b3afc80e151e6f54b18f7672f932602c304fbfeedd5aa3ad63c8

SHA512
e89c0e45014abdaf7548de0352949c4ad496d97cad2f9e2f6c83a90f853b7b71354b9abbb957eff89076df79bdc9cc1c431b6f35875550bfb4198c3a68124197

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-debug-l1-1-0.dll

Filesize
20KB

MD5
02d669afdabfe420598041b848b71158

SHA1
25c0fdbc04ffcd570db041d02842d7530afeeb6e

SHA256
64a9ac181fd91b79270bf01759749394f57be171436ed46f43d165325bb82067

SHA512
5321290ec277fca8840e6c9cb7e77d39e820b1d98ef9c29040efaf2a7628c023209c936e08abfb6962a795130874544db25e1bac0d16256a1ebbca0fdcdaa81a

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-file-l1-1-0.dll

Filesize
23KB

MD5
fec01082bccddadad0814f30b43ab078

SHA1
a6f6d9b61bb743651d3f65824d06427ca492c120

SHA256
c15dacec228f40ce4c5b9d69bba5e6627bc484c6e9d6550a76db6f332e9f7734

SHA512
c6039c366cb47ca31c7501423384afc0678a07abeb0ca1d97ecb5aa3c3e3acf84c9551dea1e56d1dbd4472dab70eed1c79d1c0612ba2730327ce6d0dc151c441

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-core-synch-l1-1-0.dll

Filesize
22KB

MD5
393ced54d952c843ac9e16354bff642b

SHA1
407fe145c0068150827d95544f8344a24eeaf589

SHA256
bf32d8aea6faebe41b1454e4b80b5a3639ba2cd35a9715de25acd7f28bf6d4de

SHA512
b296ff475ad0bdb8419b7535ce8ee0e1b20382f477a87ed57b257ed382755b6e9a5578697623a4cbadc32ff601e6b45f0e581869f2c45926cbbeda97fd6265b6

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
26KB

MD5
5df2410c0afd30c9a11de50de4798089

SHA1
4112c5493009a1d01090ccae810500c765dc6d54

SHA256
e6a1ef1f7c1957c50a3d9c1d70c0f7b0d8badc7f279cd056eb179dc256bfefda

SHA512
8ecb79078d05d5b2a432f511953985b3253d5d43d87709a5795709ee8dbca63c5f1166ed94d8984c13f2ea06adfa7d6b82c6735c23c6e64f2f37a257066864e6

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\decora_sse.dll

Filesize
78KB

MD5
b9e033fa03a8854f5400140d6e9b303a

SHA1
3684386e1bd3f188a35cca6af7f4a4c29c08a67a

SHA256
f5321b70529060cd46cf93cb0e22a7ddbad1500c7a2df374d3db335bb8b963ba

SHA512
3103921fbe5862655496f304335380eb4dbf6138cb528ee627ada1629fe2962fad446eee6f1b64dedaebfa26bb3abd05f2f8d99f20af4927b6b0c09deb10de12

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\javafx_font.dll

Filesize
65KB

MD5
aea465e23160dfefb40638865c54fc2e

SHA1
938dc9919444b32750527d4657b830f96cfcc1b3

SHA256
3547474a6c1b355838470932141564ebe9f5874a6bcfebb4ecd850cce9a24a43

SHA512
5faf23f7cfa2f5a638e77b877866880a9e83828f63296d17139f3f63a093178bf1e37c0f5d4c4d2ab79c847bf7eb1c2c021535aac17a319f1fd0ea881d24449f

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Program Files\JJBotv3\runtime\bin\javafx\prism_d3d.dll

Filesize
174KB

MD5
15b462cddd350342fc61fa8d45711c66

SHA1
c2883241355908244a360e0c032d001544620af6

SHA256
efaf6fa1504f9ecec507427e29f947c83222c28d28636150a400467bac5f37b0

SHA512
4fd353421591d0aa3b9fcd9b7c0153f94e62c2c2fe9fec9d1980867ec878716f46222aed04e7731b1783a5bee35c5003c13c8459399bcb16e9333c626ec40ee6

Download Submit
C:\Program Files\JJBotv3\runtime\bin\jli.dll

Filesize
88KB

MD5
3a315274152a0ff52027c0ba0a960a21

SHA1
e3ebb1bb6fbacbb12fd9f6231d950666f2e5a034

SHA256
4a40a3a94d69ae05a2d31143c3877ff4ab5bb497445324d1bd693998e0b9ef24

SHA512
9705a7cdc86ee88b64235f4d9362c7b4e610367598ac4f4617a9761675c229b3ad94ecbd321e48718f14fb09419545c01ac975d5e577217a1a2ba85723c6c5b9

Download Submit
C:\Program Files\JJBotv3\runtime\bin\jrunscript.exe

Filesize
23KB

MD5
64bf706fc982d2a64e63e85bafc2213f

SHA1
ad4214482c08f56ad56fd4b2c274442c5a83ada8

SHA256
dd98e33ea9a30940c120675ed0217cf54bf27a2c461be79e75b3729212861c4f

SHA512
06085fa4d1c4042bae8049093ab9029a645c9b8ca3defabc25e9bf9fc0f72f2ad4d6457b906e3ce33e68e0061dbe4d14b2b710226e589ab4e036b32f94b08bce

Download Submit
C:\Program Files\JJBotv3\runtime\bin\keytool.exe

Filesize
23KB

MD5
350000c41fcbbd8339c035d9651d7cc6

SHA1
77c944947e7b1bcd5dd93e73ee630609005c600a

SHA256
54d5ee85ffc96e86e1a10ec6ff38f0db1442a0c57a939e512f1f5e2ff89870f2

SHA512
e2630ca868e69fb59265ac36765a247261834188f05031179032a1b57ba582c5b5d770a6c800ac21c5ae860a9bb64a094011f0cc5f098ef81dbaf9f97b71dbd6

Download Submit
C:\Program Files\JJBotv3\runtime\bin\mlib_image.dll

Filesize
498KB

MD5
406789628268d07bedb71b86e0f65b3c

SHA1
b00c85e94c938d1783eccf8be3076ee36600c945

SHA256
c5a8cd4e2f5083e0dffefa770fc19a714526f2873f05fdf9028c1030515ab8d0

SHA512
4b6bdd8905db9f7bedafbb983aa24e3ed943ed0738f74bcb881be1c01b7eaa6614abe214aee0ff61340a60ab179aa2ee7a16ab011704ecccb633e7d67c55faba

Download Submit
C:\Program Files\JJBotv3\runtime\bin\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Program Files\JJBotv3\runtime\bin\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Program Files\JJBotv3\runtime\bin\verify.dll

Filesize
53KB

MD5
fbb48f08c3cef77cd83fa6addac75477

SHA1
77534e2e6276b283a88e52432f07202cdd07362e

SHA256
0b936034ef2bc9d791eebe7baea932a9283445c2ab9725fda685795a00843573

SHA512
99cd0cc390e62dbe522da7143dab5a8945bb9ef1744915dac2478f9c20f9b067bd8ea1b8244248fd15595f68057db5b173c7bc50e7034ab265e05a285404272b

Download Submit
C:\Program Files\JJBotv3\runtime\conf\logging.properties

Filesize
2KB

MD5
0f00ec3e7a7767a4efeae1875fb5f3d4

SHA1
167808418571e9209b952188ddab2f4e62920e68

SHA256
b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f

SHA512
e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504

Download Submit
C:\Program Files\JJBotv3\runtime\conf\net.properties

Filesize
6KB

MD5
385443b7e4a37bc277c018cd1d336d49

SHA1
b2c0dfb00bf699e817bdd49b14bc24b8d3282c65

SHA256
5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08

SHA512
260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1

Download Submit
C:\Program Files\JJBotv3\runtime\conf\security\policy\unlimited\default_US_export.policy

Filesize
146B

MD5
1a08ffdf0bc871296c8d698fb22f542a

SHA1
f3f974d3f6245c50804dcc47173aa29d4d7f0e2c

SHA256
758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9

SHA512
4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

Download Submit
C:\Program Files\JJBotv3\runtime\include\jvmticmlr.h

Filesize
3KB

MD5
5b4eecc8c86ed9171011d0e2cd1e6220

SHA1
62c067a2272b60092c2effdfa31605634919bd0b

SHA256
b9484508a7d4368d4fd54453ee4555815ce294a28ab5f40d7523ef9af38e2563

SHA512
164216bbe251d5a8c369f2c54f8f941652c5c240406ab13462ce63bf57480bbaba5710b25e3fd45eefc53739d69dfcb614696742cf8867a2a8a0954e898da07e

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.base\COPYRIGHT

Filesize
3KB

MD5
a762796b2a8989b8952b653a178607a1

SHA1
c725183c757011e7ba96c83c1e86ee7e8b516a2b

SHA256
79ccb53e0dbdb8ec16747a516eb77c3737c797e544aaa0a552b8a886a70eef69

SHA512
9d88bd2910a0d7820732d498b11b4676a5a122f24093640d8f07d417e4d7077a3d411f5f3e96cc124483dbed9c940b9526ca8b19fbc7ce69cb294476fcaa6c91

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.desktop\COPYRIGHT

Filesize
35B

MD5
4586c3797f538d41b7b2e30e8afebbc9

SHA1
3419ebac878fa53a9f0ff1617045ddaafb43dce0

SHA256
7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018

SHA512
f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.desktop\giflib.md

Filesize
1KB

MD5
867001e2a577f88cfc856f45959502aa

SHA1
109c11cec13349212ba94b9f3eb7d0943229938e

SHA256
c8b99f33890887d27ad56fba9edd8ebbc668cfe0689168505a95613d1d4b32f8

SHA512
dafac31d75a7ab4ddd7666799a24abf22c1583ca22554a738cc26a77bf927b20dde52f12194670a5196bce3a43bd58de46944291727c8877fee1fe4a38a1f1ca

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.desktop\jpeg.md

Filesize
3KB

MD5
de0e5a6cfc652c81ee7b582aa004dad5

SHA1
fc3bed0e9b640daac5c5336badebb3a55e89dfd5

SHA256
580be596216ee11e2554b24ce944973acaede2ebf5ffba34a6bd8cc441c05043

SHA512
1b78c0fe3aecaf1d4da9d7c5d84cb15d7acebdecbf73b224cf72b9f84bc269a84b8366150a63a28485ee61d51595cfbfc5fbe6a175a9e277d5a41038c9e0828b

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.xml\LICENSE

Filesize
33B

MD5
16989bab922811e28b64ac30449a5d05

SHA1
51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

SHA256
86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

SHA512
86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.xml\dom.md

Filesize
3KB

MD5
13952c46b3867103ad7d1e9c6c9e906c

SHA1
4bf3f9908314b05f3b0f6e27be2c1fb7e25fffbb

SHA256
6686e8877667584a3a7c07344baadca1a03e29f677162d87c3c0811e990d1148

SHA512
8c71f226f0f07b471aea6b8e715434b5eaa6b4a59a653ec22c2489e743e9288a0c4537f479719f9d58737d0257470c9cceff9ce647a96e79fd757a4cdcfed499

Download Submit
C:\Program Files\JJBotv3\runtime\legal\java.xml\xalan.md

Filesize
13KB

MD5
b29a2d48a582be602d54da738c304350

SHA1
24d8fea1126acfc1ee4f990fd761d138637e6147

SHA256
ea67226be5cfe19c7e79725c2c24a16676323264d69f9747c528de0b44541b03

SHA512
1b63beefadaa6ab21a54a68abe901a38624453f7cc3ba6870e831dfb9c23990d19b67ada316e72a06129cfcb49ccc495c2ed6b35cd565f05e4ad1dceb87e8752

Download Submit
C:\Program Files\JJBotv3\runtime\legal\javafx.base\LICENSE

Filesize
18KB

MD5
3e0b59f8fac05c3c03d4a26bbda13f8f

SHA1
a4fb972c240d89131ee9e16b845cd302e0ecb05f

SHA256
4b9abebc4338048a7c2dc184e9f800deb349366bdf28eb23c2677a77b4c87726

SHA512
6732288c682a39ed9edf11a151f6f48e742696f4a762c0c7d8872b99b9f6d5ab6c305064d4910b1a254862a873129f11fd0fa56ff11bc577d29303f4fb492673

Download Submit
C:\Program Files\JJBotv3\runtime\legal\javafx.fxml\ASSEMBLY_EXCEPTION

Filesize
46B

MD5
c62a00c3520dc7970a526025a5977c34

SHA1
f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848

SHA256
a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0

SHA512
60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

Download Submit
C:\Program Files\JJBotv3\runtime\legal\javafx.fxml\LICENSE

Filesize
35B

MD5
f815ea85f3b4676874e42320d4b8cfd7

SHA1
3a2ddf103552fefe391f67263b393509eee3e807

SHA256
01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105

SHA512
ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

Download Submit
C:\Program Files\JJBotv3\runtime\legal\javafx.graphics\ADDITIONAL_LICENSE_INFO

Filesize
51B

MD5
494903d6add168a732e73d7b0ba059a0

SHA1
f85c0fd9f8b04c4de25d85de56d4db11881e08ca

SHA256
0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4

SHA512
b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

Download Submit
C:\Program Files\JJBotv3\runtime\lib\security\cacerts

Filesize
99KB

MD5
a4ce60734e367268e83c65b561736b98

SHA1
990e01d9a05f5270434015d9ebbba5463bece71b

SHA256
ccadbb4970973f42ad7391a0a2c4b8aad19559f3b322092a1f2cab044708efaa

SHA512
dfb1cfc148dc4e4a423f6fb11f7acb099b3b0e7b1ae3eb85bc56596d65c77388be289bc785cf70c59974e3d85a2b954433c3c13e3e4b58dba3d9be5c26cadd27

Download Submit
C:\Program Files\JJBotv3\runtime\lib\tzdb.dat

Filesize
99KB

MD5
d3c425ab13de85782e3fa826312750d6

SHA1
45fd07c0464bb7c77693383d19343dd67229c333

SHA256
bb4f4d771d79ed49bd7f09e2be97c934625b672d393ad178b09cae82e996e999

SHA512
343ce60cf7a80bd421b5fcd4a4d22d61d6fa19bdbabca39c2f9ab6c0f53d6792f09292ee31785f70dbc46f86ae9a0ecd99275735095ef271d0e143e4caf775bd

Download Submit
C:\Program Files\JJBotv3\runtime\release

Filesize
195B

MD5
d1df2c4c1684e1bbaaff2ba2b13b333b

SHA1
b428cd78914d463087e895651afedb5964f007b5

SHA256
e0085796123f575faa5a3ec9935d6017a0f578fc6ed370424f263500cc0e6d3d

SHA512
440f14747f534d62d2c50d49221f951c821cc33df4c583453bc7ac5c8e671174fee3754e706c6ec8c07939fbce2b43ad928e264b8596f3f6f618c4bead78ec6a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown\JJBotv3.lnk

Filesize
1KB

MD5
7e1ff7edad8d24416473349c2d9f22ab

SHA1
1f3fb9347bb5b4690a1726e937fc83c4510f2276

SHA256
adb700721bdc8718c1091d9b297c06dd29de657ca7a57440fa7685f8cbd62b47

SHA512
b2a532eab79f2b9f0a4e61b74970073a110a9ad81bb29d432142071919f2cbf281a479485236bdf7ffb4288016cb74a5f627fb117c0ddbf0789d57ab983ac478

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown\JJBotv3.lnk

Filesize
1KB

MD5
7a8d9d9efd43e72cc171d1d9ebe3afb8

SHA1
3a71e4b53fd5dbb82ef66fe9e499a0ede99c7149

SHA256
4bcf2dbd70814a9132c6090ecd5989082e7b2311b5abfe477d69da0e01581d1e

SHA512
53f63d2100fe11386c1ca31a0e64edb2c784bfeb0b03d2ec8da347e930c2cf47b3d6ddc8fefa5ad93f3e4af14575a0928158017d5f1cd01ee4c39118decdf9ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c78d003-e2c9-4356-bc47-13218872d5cf.tmp

Filesize
6KB

MD5
597fb0efa551f93ff6fad564463128a3

SHA1
6b1d93c220ac43733e7de736e8707f4a26c27f54

SHA256
76c38119e7d6621420dabdd07d7bc28d4bfa474ef6366c5924f6627734b8bdf0

SHA512
262887dc80ca5273ceec67b22d2f5cd6f23a609f08ec8a3bc802d741b6445312cbb510d718df899802b71946843710eac5055a39a4a4a3595da64c1b16fc10c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f68f4c7506097979b5c92c369a518191

SHA1
e1d03a9015f5808c7484cfa2f31ac2253ecd220e

SHA256
b0a438c0ebc0592ff7f08489f473543ba398e7410e8207403f281b4704277760

SHA512
807d6ccb5deb6745daa7b5432277aadc69b014b9b1e7a8128355240cc028d07e5d140c90a2783c29a3da6156678a62aa66ac24e65e2f193b797e71202a15f186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ec3130d28bded3bc8ace84daa02f6acf

SHA1
cc8edd2f5353d0c089421bc4bad6d9f213059de3

SHA256
3db385ef4331c91ccf60daf6791f386546029fac8a5afeacd02bf50b7069026c

SHA512
ab90c35af58de26b97c3d530734d9b5b4ecd034e459e26ecf0ea456f84eeaa1c092bd61bbfd8b15e17aae55d8de9861f14484a3d25d1839d89a8202326bf0909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
dcfb7941f4e06a0a30ffdd917663acee

SHA1
e177e5e3b782693e64e7488c7bf758d4fef0dd1e

SHA256
56f3c6661e699fc15336933ca9936a2e448c90d88e55a7e7285e83e93211c5ed

SHA512
bd4291e0c92489cf20c22d1987c4e2458e67d2d9f20a70334fbd083c8750b03f1bccc16f21fcb155bf5676be4a9d6eb7a91c1765d8ef93f8fa50499a217216b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
81417d5f32f94d8e0bde3dcc1d2b0932

SHA1
0945a3f4985874c1bd6bacb3ee326b67beda40cc

SHA256
96a1f0aa4497fcb967c50e760a41746ea4dd3185695e157d560477e105595bcd

SHA512
eb0d29eb8d7660f68e8c3c9fbf61092b86a51153573220797f6996586fc5a21868842dca96cd893ce0e0c326f425573c2c7a8f6ca7064c92ef5286728f18229d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f87aae1964ff5dd0b026bcfa7bb830cd

SHA1
56f0d788b60d1c069972b7dff1ab8fe426b0c399

SHA256
1bd64e00463619eb2a59a69e1af9352dee6336e32f06ed5f7f558711da765799

SHA512
0acc8d241717200a48449672610ff99780676abe7d46bfc29a7a70ae19f42d78c3341906c1363070c2e02323f4457f94b1f1de57d772b4fe51c38c6cb9e27c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0bd698839ba0bbc64ec4ed4469c2e0ea

SHA1
fc6856908c449c0086743ae90c6f481b219b068f

SHA256
d7de71b43eea7def7dd4aa1ec2c10cda732834cdb4adb64b06b5544b329a859e

SHA512
d137ec50ef8349871df86afe540f76bb4fb22480c5082218b9344e400ff45b8268d88680e8660aa28106a43edd9b16f11c99c2f0b8eb6a56cddb961c7928381f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
32fe90d8881e47ec282d43fb13445ac8

SHA1
ea2c6c670964cb275b55a5c8c8a15fc4133d93b6

SHA256
0b1a4835498b73815c70d467fc77ecdfcbe8cc2a89af1435846b080b07f44548

SHA512
f318b0c6f142232e77061b81e70ea7c6c00966158138b1a6f16bdcd2185cd15c80ffc9eccb813911c9de20b72e382eb31ac322885182d759597704beca48bd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0010dda2753e3a61f628b678ab0a284d

SHA1
6bd63015fa60b266c57a3273e15cfae4e35148cb

SHA256
62eeabc0fb04fa599a961bae52d6f00637f823b1212635fa35905fd545a75398

SHA512
7d1a11dc2522ab21b1e858e0759882ce5dbd4cff8a7074a8f70b34ecfa0ee00d5dfe7209e747ee34adcbf1a097478a39b01f9dc977c43a6c720302975fc91e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cc82faa6fc429593295d34ba311b1360

SHA1
fb9f22e808f0c523c75ba8294bdea40ba3fb9a9e

SHA256
f065c3e64736233dba6eafa2bed2915e91b3abb098f9e579e771d7c6bf4f8ff4

SHA512
802c04814d73566e7b98f2f874bde615e0a8994acbb55a0d93098bc597c2cae7ab9aeb0367b4a45051fc21b9dbf6306e023924dea879609584fe70671425345b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
62d801eb0f146be258b6caf466fc0520

SHA1
4af952611477bb171d96a13e57ecd4a15fb2d01f

SHA256
b2b701d9fbff1b3ef78aa6bdb53a767123ea6f16d53ba18a76ad7a80a8d6b476

SHA512
76451933c8a80edcd5aad7702238b81b08e574988362ca7c2feac89e17a75aebc39cf96dc8a0d7b27e729994336dff531017c7f56f8be7a649b5a00bd0b10e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3eb939db2bfb4472e17ab9de3990bb86

SHA1
d69eb732bec83441fa56d09eba1a7635d92e8458

SHA256
07440a23276a5e93d3eee42e3d885c96ec5beb8e54ce0e7f25a50625e8f99be0

SHA512
171499f5988c0a449c35c0690c784037eebb085beee7357fd64b7d5c6f7af2463304a39d02cf8de57cb7beb0ec51e7f83602441c55701f329adf17246ad56103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2777e6acb9259ed507caaee0ded781dd

SHA1
6d21c2d7888e800bfa6e16786ff7b91d1f7d58f9

SHA256
189ca818f5da47dfb0011b148ccc44dfd04637fbe1e0b60a2f1aff65f49bba73

SHA512
b3f438326c65bc7e158555df5c02ede15d31fed4d0c4d111a44f0536e56000ae1bd29602a1e0dc5ddb9fa3cfabdccd8638d0654642d1619c7b0c5b4a5db64581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1910753fdad19023a152dc0aa20bdac8

SHA1
ef31dd392fd727e340cb836fdd769f838b036ab7

SHA256
f3b84e35f03d07cc0e421ac44d5e2107436c3a10ce5df8ac2323763acdfe3914

SHA512
d6d037331b3a1a992d8ca414c2f03b8127ef9614fbbd83a0f81b1f82d6519c2e256eba930e2502ba80302308371b8008d4d2c981a7f131f7ed0d001f4dbe5237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ac0514fdc033c3b287f6e030ee07e0f3

SHA1
256e57044768d8ebe5af8c4106e7051ee6dadfbf

SHA256
5ae67694287cff320caa505cf7636e632b64b54a4d85d305743b9f3c4e07fb92

SHA512
68d9fde99239b4dbc3046b2c2053fe132885cc28d72148acb68cc17125c3b9a040f2b2d5027f8e5d2535a7a2b9e9ff8190f4addf6d7d76c89c5b224d2179b1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3d0b005686691655ee4fac929cd84882

SHA1
b95d5437435789de436fe2771612dc17a850bab6

SHA256
8f9e66cd2ded1c402c1061cecdcee480280fbe452c4c9926ab6f1aa0a85dfbcb

SHA512
51fdf4d71c0b8ebca6e6cfe136b3aeb09087733854bf129b542cf64fc89dbd2fa7c27ac95e1874cd197b9a4e6e3b63ed19631a95205dc2af8c1c190546ff2b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0935fd8a067c59dfb507a9f96798f5a6

SHA1
dccdcf425bf67fb2eb29573cccb20015c56fb9c0

SHA256
c72ce143f5b6fe5fa722641115066ecc9c97a7df96925ee3d939791c4607c891

SHA512
f697a3d563d575f9371a7f806747bdaa58afb6619d7f61072a2efc3c6e8cb9f8907ed1ed976bbaf849bdf0ebfe2f35c1ab807ba7023c37c4f30e47aa3b22dd47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
964841c03f509d42b00167446f7aaa3a

SHA1
fa9bee3dc7eac7b438cf4d1c2796e21ee0d951bb

SHA256
a73c250cfa92dda8db56dca2f59c02bcfa5c8b9a23c937faf4b256718713e201

SHA512
d454cfa98f28cd5749a3fbfa3439532f215c9af7f7f085dcd502cf026be2eef62becaa7c1caafd159373ddcd394d696f47a1fcac10a981986a3a8778befc567e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fecca00942970dbe25c0eef96649a96f

SHA1
4e681361e2fe4e09e6b1986926944dec9aabe410

SHA256
91f6f66ec2ec2bad8bc7f77438c7a6b0c905a3583c6ea3f955e2aca657d4b0aa

SHA512
120330db38cd3995a6e6b2b6a0d42e1660028a1cde72d34a2d2250356a5846abde0c22ae3e3488b253009e64a5716b5fa521b0e047661fe101bbf4ce3cdcaa09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a897d907ab80a864b10359e1e597641f

SHA1
05ad6a87878e70bb6f83e8458741ebd8cddee930

SHA256
818ec335f242e32d7db3371768fdc1898354e80d4cdd146fcc2d8c471d8f604f

SHA512
e5491bdf63b3c051a8922503bd80b555e52df39069eefbedc8f98e5eadcbdfa772fd8e947644bb068a26e0f83fbbbb26e83cd3975b37051fba0664a31febabe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c491014bab4556fba535c78d48d6d852

SHA1
09dd6ec2dc795c2fe3f5b83562c27bd92329eeb8

SHA256
1b3a89f626d62aaf0d82dad9a53172b39652ce8e2d025ba2a14b0548d83f117f

SHA512
bfa75b124ba89c3320a07469959de008269a0a3859f0c8caed37888da1a76c0d7dab2dc13c05f8bfa6a977b9780f5b137e7b9309c4cdff433ac5a2dfb814fffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d714b.TMP

Filesize
48B

MD5
e06f85e5a8ea4fc1e717cd413330ae8a

SHA1
d5b18332d446510db138606f571b863d528e16bc

SHA256
fd74c609a064bb58f2d36de223578ffb0b1f496de15bcff1400f3bdc22aa7ffa

SHA512
1853986b3d5f38f2f2abcab45713beaf7b0d87ddc3f587dfb091da78899ef6196c80fa4be341cb88c3729b1c4cf66ac41db1fbb575e781dbdebfef503e30123b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ac7ca3b7a42e84b0634875bb928baec

SHA1
5f9114835a20a88dc8c3019971f890cc01cb36d6

SHA256
ff068b176d8b1002935eb8b8a8bb0af6670203e20827c909071849d5c4da0888

SHA512
f49e5df2675210a2978e203066fe61ac004c694bc9d25fb527ee7241ba874679733af1d82ee3ff2d56c37141c58b279308660747c868d53507ac444db4e303f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f08a8a4ec56d20c9db91bbf8e372250

SHA1
fa785a2f2b3d7e4cacdab037a0c719d8ee205568

SHA256
69f70562cce61ce8d2a867d077c538ff6c03c07bea3bb04c82e55b3e6a8fb7ba

SHA512
004772526c54e0d4707c85488b19b5cbbcb91b0452c2f466fab96f8c72d1b2f92f466916f4df80d50109a5f38c116c99cae253058c96834f6ee5b52070f3b786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
391eefcd5d9134f9675c21a11d2ad31c

SHA1
6894e23405d610abc20bb4a08b44968ae3d85239

SHA256
bbed40e7f48aab1d513935a2c2fcb0db2389b818cfbb96f4b458713c179b6773

SHA512
77e276dedcfc63dbd5f789e75b931375ee2f2983b4fb172c232408a657df95619aedd8dd47d5af085e09eb0c1b739808c4a724c930295b3714b1eee1faf88762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29aadb8834d81482d344493b383f7254

SHA1
6430f65a0feac811ab57b6488ea7f4e739cef37b

SHA256
0d81ff53305e803fcca4dbeee8f9fdea3bed1e569fe1570812454210d3285477

SHA512
9b5b7c3c4572c9c8f27bc6380bf4f5d99fb1a0b3d61ff2fa60a1cd6b647b07dd721ee7ea9b2d666c7f6dd20299ae02277dba77c55b74ea4fcf24c54a93ca2860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c52c9405aa6c9c878d255a7400be8fb5

SHA1
6edec0054afedc5c98230d74928d2e2494095808

SHA256
f77c110686d9128ad98051de3028b2de85af7a50b7053ee3b7b159d6c4fee83a

SHA512
87f4b033a2b0628a297eb13ad49f34873c553ab9d44b66a25f54e16a160c08c003abaa714b252f1aaa47ee02d970343e0c1647efec8a5eb2fcb85bca40d23144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
293ea106d1333c89b3638fb30ae720be

SHA1
d562d629cc3301b8637b0d4cffb2601d5dd60d75

SHA256
6920db77600ca8fc90bed984beaca838b0f8c6e04d238467fb1aeb1812756cb8

SHA512
62e1baa8479a10ca438d82682205c8d17d890f6fa6506120023c3d1065732979be8dc5ae299c481b2020018bb2c6beeccab8d7040f24b3c78a02df5a02eef5fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c627927c288c44757ea6667d4aa11f48

SHA1
81bae9ba11407c7edcff57268f7fec17d00a9af3

SHA256
5220e55f59ba34b6bc4798258a9f857a1e1712a5fdf13a64df1c171daf0fbe64

SHA512
e4c1faa0e54134edd4a2906429f87cf09575c8f930bc67b28f5cb02abccd04afa4b980374039a74ae371079922d4204ae5f25ebd81207cd82cca4c4d415e30cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3773a45f0db2125d11fc4363146edf3e

SHA1
84da4381002f23da083a21dc266de8e4d27c1af6

SHA256
b903fb14c8e77883ab12976839e66eb65ced4d79db38e150a86c92113bf79498

SHA512
c002b24c50d89653d33d3c592731e19bdb55f13d80f3a2e9613d69671089d87cae76eaa27d13fd00eba77de00657a9c0db64089ad65adb614ad31591ed379e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4109aee98d7d2030a91943f8e615f939

SHA1
20e76c53b2cae9b8a58d3f58a096289eff6a237a

SHA256
47160463a5367ccbe5b25ee9eabb9ae6a9465cd2f1a9327cc72e1d15bf6d09d6

SHA512
12b7f566ec023cd9d5ef1c642382864476af56c4a0f22efa5989ae57adb275688a18e03979fb6976e238d71cf1f4bc54b27f43bc52b4abe3600f1332317a6a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23f82d367885f80dd4b71a5e548c1d96

SHA1
a0a32647cf21b6ddbdff154e851e9ee1f356d01c

SHA256
cba1df5fb9794037020b92c5377a0e1f80ab1c6aa61bf8cfe3d07458cd0baa4a

SHA512
77c647e46aaa199c074c1f2462b4bb7d11ae8f39716821fa3e375e84a9b5f5b168625edf23591eb4523276f047729e21e899b50b71a48fc746b85ba0ea8097bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c409a36b47cf12fbf13dce74312548ff

SHA1
ee939aa09edde85e0dba6a0b5f01aa07b689075e

SHA256
9b0ae3c59fbb54f1fb74f7450eaeed5a0e28e6db0760179b70c6ae1ca6ab0e25

SHA512
8e50163f2711a0c93cc001314a769413e5d0c7c9bc8dca9460743e857fa6c5f68bed9ef5f4303107928668dce9550bae3a81a98e32fdbf5a7f4abf0a271358ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0a15686db85922567614df3f9bff9e4

SHA1
1a9a515e5944b8dbb16d0a2acdcf6f29ca811cf3

SHA256
3feb5309998c4e4f9ecab84f1462b9d1c4f91b169534cc8d91d3399b2d03206a

SHA512
5b2979c91b4a23b006b5dbe4c9794af655e0795ff80dec9aa8733e3439143b34188886daf3b7753ffe906e3c69d64b5e641a6f1dd07021aebcb509a1bd5970d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8c5e210ba94f1301a97845bfcadec8a

SHA1
3f21b41ed02e56789762848fe1f5c7a3e4320e67

SHA256
5ec36950d932e229d8448d52d9a2d05d606e277f59cc884097c4dd4908f90b05

SHA512
dd82ecc390e6602ae81c5af21ee98d590dc1668cbc5ef249d1383f4cbabefee6320de7db2304c6ad44ad0c4e6fba246b5e5fe0966ef62e3c31fb830aa4e5d7a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c1d9760a07002bcffdaa8546296d1b0

SHA1
277d47264e60b0f955b1881b0d2dc1d02cf2cecd

SHA256
731404caa5aec951db0a2af92d63e5f351566f95cdc9d0ce11ecb5342cf1c9c4

SHA512
60767eb04c6b73b86f7796c9ec1b34a676c0b75a70d732b1f698a07ceef4f682fdbb2fc4480f968e629f846c7560868e3cffd495d888c1490bdcec95d2196e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb87f2adf0f36b51480aa6c0127703d2

SHA1
534bb59db66ac50f8eb6c272acfeb5a97f3c2197

SHA256
ef52b40e6ef4b9bf03d471428085200ede50f4062636cd6fee115ba1b159d71f

SHA512
d0b84e862275eb9d84a0b1775dcc3d4f73c2d954dd46603f7faaaba1221b0624ca6cac0ff9b28463c622d2e0d1088fe5885f73411425e4041110bcbcf3a6a76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4853d9691edaed57194c88b09482f21f

SHA1
c24a97c58955bf6d28deb6dd61a092e8466aa866

SHA256
e936ca4b2051a9162f75a666a43265eeb58d416f9399f89fdbd0b5656098887f

SHA512
80b3bb082fc586d15e9fda82ee8c66eecb905830fa15f76f92858891ee3c943b4732cba58581b9dea35adfaa92d1b433e0738d8ea5890afc46e7e3a9c09b7509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
351764c8b9b890f80fc722cd25509162

SHA1
8026bb473e1916c41179d75412308b6ea0a2e1af

SHA256
31523b155f397089cd7da1f22ca4d257cc2634c10757dad5a50654524376fc08

SHA512
51470ae69618c1192d64061c352fe7f93b2d7f362ebb136f0ba536218f0f46531378ff6d1908f40bfcaa247b56c61d4a89c7db8d2654487bb7d51f6861ea4cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6dd0f3aba30ff5198398d8b3960da1fe

SHA1
9bdcfbbb7277d23f06254cd1e3e66c12cb71770a

SHA256
c69ff34fc9dbd6e94221c9268bec4dcabb2a1f03f83dca8ac7ee5548cc380808

SHA512
8ca0cfef7675b1440e622721b7a85712b9e6199adb815bf8b343a4af50e8473ed18197d3e013f755b2ed2eb466d183d058a88c05bc688dff3faf5f38c32d89a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e33d22d393dd8d8f5f35ad174f022b7f

SHA1
7e299f07b5a0df6a6bb8ab3d9c1ce89429d8c21c

SHA256
0a38f74a0648661b54907855c2bdea3d70b3bfdacbae858580874b4fd9c85fb9

SHA512
72fac22ab7b84fb41f92521992d655e66f5637dc7d0a48d6c06bd196e0628c48c0c21f21d83fe5a5822eb5742037be165f1628595a45b425b9d93abd4125c1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
efbc76e398f7e1a0d75095ea13779bbe

SHA1
3a106a58a0f3945c7ac9b254991e5756569bfccc

SHA256
c41563b2c3a21fc6f67018ffe3ee1ab6e7bcd772869105cfe3b78ea4c8fb021f

SHA512
5716fe574c68d1b91d589e114dd725c19f32f660a6a0cbb0ca57e765c80e3751bb4c43fb2b472396c1e6e809901a280339398c2da114a06250ea9208588888f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fe8a4427b4c824fac051a95a4a62ed5

SHA1
ab8eab5f90a507abdf1ddfd395ce2be4737ab9c7

SHA256
ac439335ab1e0326657132b3c4581ab534e5f52860b0fe994347a381279f436f

SHA512
b6d13a398f41cadefdc8c021f58a3f78b3dfd2393e83808936a386ade27a21dbc8873fdb8eceaa4aa727a74e03d6c2f3ba652f34003e3497f2b427a9f0b45654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1f06ab43cc5cc1d290b04db299c9dbf

SHA1
66d50ae0f6eb4c669c132269326d46b72fec6981

SHA256
1a56f71322bb4501361d842fd247a042fa89e89ee49d278197745158c9b71308

SHA512
ede975b97564fb9580823adcc01b799e2dafd4e0ea1e80319b172ffc1d682fe357e97a66a904a42c3ce739e2f8dd7354528d3c797a404537bd364a87f211332b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f102b0fa41696d80777036cc9104ba1

SHA1
21fc475cfe1a29c8f759061759be1c30e85686fa

SHA256
9ceb79e6e2d718dcd616323711c9f6861b8a7890f817b11d4e71cf4e145144c9

SHA512
2ffc29c29f987d0529b5201e66800c6dc39dfc90fd8b85a281db7c63cc37481a4119ae0ab2d5c6abde921f7f7ea28efa2cb69b1c49631acaab309fea38df5227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f656.TMP

Filesize
1KB

MD5
6b3ef8cbb1d424b4ea37d473ce85e7a7

SHA1
fda62173f31a7c6861cb5c2984fff8f2fe92de37

SHA256
b7c9fa29426661c6327e47978aa9c6b10b303aa69bd964aca3eb009648be0811

SHA512
1320c77ce059f519c55b93a99f8901ba2bcc997e64dc85b2b29a9248f2fe60967e5dedab3a36ef4d2b4593816a9745d05887fe3e99f501fb6db7aea1f000833d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
46697817201d836bc8cc882efa63f03a

SHA1
e6073802678cce40881e69a137b96f5277440f4d

SHA256
8d8ce2c72f9df4b54c1b9f95cb954b83fe1798bbfcc81c7e83e65a2fed43477d

SHA512
7ef901d94c6f3f93a3b9fd073c5f1e4c7a57e6025787a0a6cd28c700c9c2787e0045df65aab3ba0ab4da238a5a0289946a4eaa86e09dc527b92738f202066c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4d747a19f13790afa06c910f7b155d38

SHA1
52f000fcadd12d6303ac6996f1105ce26051fbae

SHA256
f62404c7e3ea42759b271065c2f07a21506e90861973e8881dd8afacc6714889

SHA512
059d174642fc545a08558ca31f212d049a4f1a5c95aa98c6154edd19727d93b119ff05c7a905f7a9786e3735b691cf68ac2ae6887ecf8a474c5b447994b5d53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f5da8a94b2f3876a8a30904296abbb84

SHA1
cd3dc6ba70a2f8b0d6e5484d24cf5881acdb9564

SHA256
c83d176ffd44e361a6b311f76e501897d51e4b21e3364c667318c0e552a0681f

SHA512
2910451aa230d987655aff6c7859559e3c29adaab1e9d52bec86ee9f4a13e8141542273aad58a5dcd363e64a87e5437ae3c165461fabc875eb6ce5f89dbcaa03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
28d5823a7958918bc253d5ec10cc7fec

SHA1
fd8c2fadaf91b357c7b7e4bedf7420a5dc1d72f9

SHA256
e6a86321ae072e5aa9c2f1c14cd3326d3ef3f573a25a92a3c45efddb2f5ed272

SHA512
12c26e3ad320cd4693cd27ff641303343d01e6dbf92ebc6e1cacb6eafc4545a61e3a8ee038d9a7dc95c64966ac3e069b0552addb54a79acc2bbda5c390773d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
238f3af1a84920f4b8abcfc9d84d52c1

SHA1
82ac74ce222e67addf2d9e436f7a383dbca7153d

SHA256
dfd705185c53fe37d38e82f4992469b13c331ea4277dcb0b06ff056036f7f094

SHA512
f58b963b30b7c0745352a6948c91ebf29e1e949e2f956a0b6fc3004dbc9e89b1eac06a5689b101b59a733c0704ba16d7fed7a35c4994edfe0a44f315488cd425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2ed8a42be1929db03f10b14f1e6078ed

SHA1
c32e710482da6b85d4aab56a0fc938fb94bfe1e7

SHA256
503d53c0321b77bea6be974d00cb3059a304c77f3a1ac7374bf2905bee54cf3e

SHA512
567e9d3f9e2814a342fb944417b5ca087969966dbc4ded89d832c7d55f8527491fff6872ae5e38258b89a92622d1c045a559d9ac2b3b1e663bfbbaf280493f81

Download Submit
C:\Users\Admin\Downloads\Windows-20240806T093610Z-001.zip

Filesize
34.1MB

MD5
6497fd141cb795f4c7b62734985a2416

SHA1
637f16958af9ce45293071ac11ad89b94de35437

SHA256
e5b84b2bb51cff696416339673b7b9916f0fb33e500c882a9c827fc8761a834a

SHA512
9b4370d6cf260ae8d9c64c9e0e676049133588a2f462e7e33967753339c530deddc5fa62b83a6a9855c74f5f474e36aef69766c35ba9ff7895b54d5f751394db

Download Submit
C:\Users\Public\Desktop\JJBotv3.lnk

Filesize
1KB

MD5
2a68b6a72818913a09b7ca47548e6f22

SHA1
d5fd4a6aa8deb072fcc1bae75e8125da20ba2797

SHA256
3e9bc00fe0f8368a9b91be22de5023dbee986fcaef869979f1eb77389dc0bd39

SHA512
2bfc013ebb3e24fcad7667604ea1c7181afeac2820c339cf181c3570f6470dc78bfbc3e0a57361ad8e956895a26c62c091ed05db6c0cb12d873d453c1dc0e0c3

Download Submit
C:\Users\Public\Desktop\JJBotv3.lnk

Filesize
1KB

MD5
0c383120143991e39a17fefd0b12264d

SHA1
7791303a9e834b5bedb1288428a18a15180b388a

SHA256
a5a7bc035fd618ac7f7ff4b06b920b1af0e8da0a0919a7146e73e1d88e2a092f

SHA512
5f0a4042ecbd6480d537a97c833e633f1e2f3a2f7c56a146b400ea8e50abafb8ff74ca04a2596492e579dc05b7c876f46a9d99b697972f492816a5201391898b

Download Submit
C:\Windows\Installer\MSID389.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\e5bd33b.msi

Filesize
34.7MB

MD5
a1b837172ef0f284c54d0f9238b6c6bc

SHA1
bc489940ab5cde8429914e6e86321e5fb9c0038d

SHA256
af86c253f2f1715e5b83543eb5c8162e2749b3380f6a5445583a971091ea24cb

SHA512
223f71fc235136bb14b4fb03cf2d8f4e70a54d7ae1376cf8b133249873722617cf9c04b2cdfe3217cbbcb45e3d05891a92bac45c2dc27d6158b3944873a5e4a3

Download Submit
C:\Windows\Installer\{9650A088-8CC6-3663-97AB-26A9265C2570}\icon1735593305

Filesize
155KB

MD5
1a22ba7e511977689bfb35cbf2db061d

SHA1
94e2ef362afba93afc92a78c4b3f2ad2ae089220

SHA256
dbd3b20568a647fb68875e34510f94fc333ac5e0414f20a3f717a87c06604003

SHA512
1d61b2c282eb9311649a31884ff40a6b465701dce8f96bb6a76cc39f365c7edb4998c7995d7e230e3d870691c7f035379af0956b0fd24cd98661a5436f50d105

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.7MB

MD5
3c35b6bd4c3ce6a9f6a1ed4d4426773e

SHA1
e872fc912958773bd6da80718e0394f55dc015d2

SHA256
b5143459b1257f4bf4ea915ac21e71fd5c5c0493f8bcfde89e2963f77970d94d

SHA512
8d5472f2b092ffb90287a0649a34a2a6eb40adeb6ded1ec8d02dffb600fa334bef4b63bf70ec2b9ec56840ab39dd00ce6d8102d4ce0da9c13f4fce96bee7992c

Download Submit
\??\Volume{83bffa96-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{8c212243-bb16-41aa-9a75-8516fe268e9d}_OnDiskSnapshotProp

Filesize
6KB

MD5
380de7a4f4af30c6b7e3c81f070e22a0

SHA1
6d8660871bb008713036c358201548eae95e3ba2

SHA256
4767605c477a94c01c8caea43f4ca9b7f54f98b89a35035a87155a4d436324b4

SHA512
f3119e0f92fd2123dcd389cca6ca0a406b09d2a2085d699be3ab618fb48977e9b46b26d4eaefed85deb377c6d99ef856127ce84d94ac50c7d6d8c6b024e15f11

Download Submit
memory/1172-1530-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1526-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1527-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1528-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1529-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1522-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1531-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1532-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1520-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/1172-1521-0x000002059FC00000-0x000002059FC01000-memory.dmp

Filesize
4KB

Download
memory/4668-1913-0x0000000000EA0000-0x000000000162E000-memory.dmp

Filesize
7.6MB

Download
memory/4668-2040-0x0000000000EA0000-0x000000000162E000-memory.dmp

Filesize
7.6MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads