hxxps://cdn[.]discordapp[.]com/attachments/1264630613491712122/1264880379781709844/jet_raider[.]rar?ex=66bc7c26&is=66bb2aa6&hm=1a133d6f4705e037429132234ff19637a1de438f26c8cabd2e36cfc7a46badf6&

Analysis

max time kernel
437s
max time network
439s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13-08-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1264630613491712122/1264880379781709844/jet_raider.rar?ex=66bc7c26&is=66bb2aa6&hm=1a133d6f4705e037429132234ff19637a1de438f26c8cabd2e36cfc7a46badf6&

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4616	loader.exe
1524	loader.exe
1708	jet.exe
2720	jet.exe

Loads dropped DLL 16 IoCs

pid	Process
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
2720	jet.exe
2720	jet.exe
2720	jet.exe
2720	jet.exe
2720	jet.exe
2720	jet.exe
2720	jet.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral4/files/0x000100000002ab1d-307.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680556123952473"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\jet_raider.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe
1524	loader.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3756	7zFM.exe
3756	7zFM.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 928	3424	chrome.exe	81
PID 3424 wrote to memory of 928	3424	chrome.exe	81
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 1856	3424	chrome.exe	83
PID 3424 wrote to memory of 4040	3424	chrome.exe	84
PID 3424 wrote to memory of 4040	3424	chrome.exe	84
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85
PID 3424 wrote to memory of 1368	3424	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1264630613491712122/1264880379781709844/jet_raider.rar?ex=66bc7c26&is=66bb2aa6&hm=1a133d6f4705e037429132234ff19637a1de438f26c8cabd2e36cfc7a46badf6&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffffba2cc40,0x7ffffba2cc4c,0x7ffffba2cc58
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,18119666188050262940,6320220035302550030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,18119666188050262940,6320220035302550030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2088,i,18119666188050262940,6320220035302550030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,18119666188050262940,6320220035302550030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,18119666188050262940,6320220035302550030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,18119666188050262940,6320220035302550030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3540,i,18119666188050262940,6320220035302550030,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4352 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3852

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4568

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\jet_raider.rar"
1⤵
- Suspicious use of FindShellTrayWindow
PID:3756

C:\Users\Admin\Desktop\jet_raider\loader.exe
"C:\Users\Admin\Desktop\jet_raider\loader.exe"
1⤵
- Executes dropped EXE
PID:4616
- C:\Users\Admin\AppData\Local\Temp\onefile_4616_133680557163415607\loader.exe
  "C:\Users\Admin\Desktop\jet_raider\loader.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "start jet.exe"
    3⤵
    PID:3120
  - - C:\Users\Admin\Desktop\jet_raider\jet.exe
      jet.exe
      4⤵
      Executes dropped EXE
      PID:1708
    - - C:\Users\Admin\Desktop\jet_raider\jet.exe
        
        jet.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a63aebd66807c9189751a04fef73a2c6

SHA1
ada7e6fa0aa6a4491de505f59edb6f2367c1a701

SHA256
b32a2d785933c6a1a8a909651d62cf228fd2aadd816ad2c4ee6167f514a5120e

SHA512
03b21e768f75304c3f170934be5e57bcfb20a0e0cf0fdcf678cd9dbdbffcfb03e794962bbf1ae75bf3179d771508ed3fbe5f9abebfe87559e4788bf332522ed8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7ff16c98f8ab71dc371f8164c7aef6f1

SHA1
d37b1463ea61408ac5867822a290adb79063a165

SHA256
4f8b3e1b801e1923fee42b224e61bcfa51eba0ed92b51f2b4ad14a5634114daf

SHA512
482cb34114ca50d7b4afeeaece34d2a4e0d44719dff684be92e3aa349bae203833478a4ad786459d12587275e4f93d02ba0e429d15a93fde9147dc9086ffbdb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cc868dcf404f37c4850c1a471c72786

SHA1
ca27e684dde349cebe8a78a0332717ea500dd4a3

SHA256
a2f2ad274cbbe8643b1065de24894a5bb3a25fb936a7b5e3243f3a34ddefbae3

SHA512
ae815077d03c8bfbf7e026338cd05cf99cc53227bec3d5a415c52b7a2cd47e29a7fedcd43bd2f62cd9b696468757f029ee9c1f982d3535cb923d4d56f7e121fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
92696f2134d9bd9079cadac3386dc263

SHA1
4471c11ba214019487aa05c9538ea58e96f8f8eb

SHA256
68416a8db5c36672200f5bbdc67c443810db135d745ede0d876c3e7a5adf3fec

SHA512
263d98edc1bd7eacc091daf24e9f1d95b88e241613dadd1c676ab1f14277214ae12a16d10b5078322fb5e118440056ac0b72fdc5c3dc89696e20f50474be232c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edd7eaf1fd89880405257e556532a3fa

SHA1
eb3adde1773243fb058614379c23a101cf733ad8

SHA256
8f2c9227932edbb408fd4b8c345aefefd37c5694ae281475fd9dc915efc77219

SHA512
e6d4080bc1e3f80395a4324943bf7a61ad8792a41705de44dff4e514efbcfd403513c57ab0c44d1df43e17a9281f8095d91eb1cd3dd1deaf5e1fe61fa91011e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02876de7b567c02dc015553aad5cff4d

SHA1
e5a17bff5daa42491b9a6ff3b7f51a67be28050b

SHA256
61f9162b22f6eeb25d287feb769a05de1b27e24debfad68b813a79a08861e036

SHA512
3a1a35e002635e0d856e772fa4800c7e126efe86ae411b494dc2c7d6075ee23b9bb9464febfefdb1a8fde6324bfe6453e9930adbe213b5341c0a8892945dac16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3bbf27c40e33ada6b9e261c7adcdb5a6

SHA1
5f5831122e8a7981b9726ed830163a419027c9cb

SHA256
a6888b9b028cd05d1f563bbc687a374fd8b19427e2db1c6f7acfb04457561115

SHA512
4bb69fd375f3f73215e7733c0ff72317143f58dcb739068a5b311b151bdcea68e9d155c476611831ed2f492a8db6c61f64f66cbfcd28f087903f5f50c123d176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a32d116fecf7d7467173eeafff5a3620

SHA1
d51ccf491461d423ec1a6c05609aefe39da09a73

SHA256
71037b7550775035fda413d04362743111ccbf5d08c4dfab7c383b088bba964b

SHA512
0a04c89d3db4c84a588c4d0b46b5b390ef4a382ea4273a3ade63a06d85f761a93cac54513339c50bb414e3dc7b7ba191227ef07f660a8615e55bcdaf0169d4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b14c70e78cc736862732b47c1448407

SHA1
abd9bf2d5e54c8b73c40af916d7893425bce9186

SHA256
3a5d6a65f1f3283cf5466b71ff6270b9666222717de40c4dc6cb03dc708640fb

SHA512
32a3be3f9c4a4c2c637401d6b7ecb763196b90f3af99d7a6cff0acb8ca22080b8e53f0be258180762e54ce173d1938741cae37f4b24387f3b063b3fef4fd350e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
a5bbfb3eb043355efda1791a651585e9

SHA1
6a2ac7410634d3ef25bd9ab7f48cac317c0aa2ee

SHA256
b4675d57d0f272ad28199ff9d9da5109c8531655ad09bb9880222beb9c9cd7d0

SHA512
3878463b32cc2567a9a4d8040756fff7a0573c653f970cd57b4cf34c7430085608899e97258e2b10f5c14325224538176af19329d657becd498e99f108a55514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
15d8a728b3daf867e1a1c3a6875a1213

SHA1
f7a0ad6df52763bdf5065cac03dffeec4e3b0e3d

SHA256
b338d83bfdcc359e2ff25ef1748c8c7d08c1d969491f1d1589b803c90d3b51e9

SHA512
4bd83413ad472217d47c880e4897d196ee085fba54a1dc9692e2b34dc8246fc430a0f7934500669c9cbaaffa924684814a0d8e3e37b810759a89eac902ce19d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
693595801c9056645bc158a964561f51

SHA1
b08b8183e35ae07c7c7ecd61f12235508eb4d3b3

SHA256
1e15aa6016f0d34074be40b0499a0784b640ce5531cc3ef923ed89aaacd66042

SHA512
741bef458cf4ffcf0c8b164c92dc2cb348fa8498f189ed10c7eb4de12074996e6b63938f2b0d040a630171492467a27c0992621c8e13a6e14fff560abf963bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
08e2866ff1e8d175acdd4f040cf615a9

SHA1
ea14746593e51127aedaef5bbfb2eb99c9a42adc

SHA256
0c72c659a2796a58fc2099c5421b24029ac1e936f2d8ea3b93118d49cccda751

SHA512
21123a360e66465069e4a2e70182cc336e3fdc4113c70195dd478aa99b9d747e31a1ff77830767e2cfe90763697dabfa6485e54e46e9e4ec2dee2b05de6047ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
120KB

MD5
6a9ca97c039d9bbb7abf40b53c851198

SHA1
01bcbd134a76ccd4f3badb5f4056abedcff60734

SHA256
e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535

SHA512
dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_socket.pyd

Filesize
76KB

MD5
8140bdc5803a4893509f0e39b67158ce

SHA1
653cc1c82ba6240b0186623724aec3287e9bc232

SHA256
39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769

SHA512
d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
34KB

MD5
32d36d2b0719db2b739af803c5e1c2f5

SHA1
023c4f1159a2a05420f68daf939b9ac2b04ab082

SHA256
128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c

SHA512
a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\VCRUNTIME140.dll

Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\_ctypes.pyd

Filesize
120KB

MD5
6114277c6fc040f68d25ca90e25924cd

SHA1
028179c77cb3ba29cd8494049421eaa4900ccd0e

SHA256
f07fe92ce85f7786f96a4d59c6ee5c05fe1db63a1889ba40a67e37069639b656

SHA512
76e8ebefb9ba4ea8dcab8fce50629946af4f2b3f2f43163f75483cfb0a97968478c8aaef1d6a37be85bfc4c91a859deda6da21d3e753daefe084a203d839353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\base_library.zip

Filesize
1.4MB

MD5
d0023cc60cfde42c6b54321a48b87e12

SHA1
345d82b420b093e22215cbcd82e3f42c69177779

SHA256
89dd3a7a5e9627d859585600d732c712ceb237cfdcf0c3d6ec3c2411e7886ad6

SHA512
c807f0bf65123b5e18f2c114d9ceca591399df06d2b775be4f87358e8d0f67748160f917268517754b74b8b9acde85a809e4ef947b42a8174c5b0d14e67384bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\python3.dll

Filesize
65KB

MD5
0e105f62fdd1ff4157560fe38512220b

SHA1
99bd69a94b3dc99fe2c0f7bbbcd05aa0bc8cd45c

SHA256
803ba8242b409080df166320c05a4402aab6dd30e31c4389871f4b68ca1ad423

SHA512
59c0f749ed9c59efdbcd04265b4985b1175fdd825e5a307745531ed2537397e739bc9290fdc3936cfd04f566e28bb76b878f124248b8344cf74f641c6b1101de

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17082\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4616_133680557163415607\loader.exe

Filesize
8.5MB

MD5
c5b9c687e6881205e65868de9011c8a4

SHA1
2e9ab71735b4ff8800cafab31b99f0391d69bd3f

SHA256
8c0235766eb624b0e445274203eb072750a5e3957e27431f4aa081edea044da6

SHA512
f9141a40fba319c0bf740a934d0bc7f483db5bfcd482e0eaf3a5460c403882a5cfb8ece37a27e1e5fb3c19820d875d154525ba1348675acc9db58d19953b44c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4616_133680557163415607\psutil\_psutil_windows.pyd

Filesize
76KB

MD5
ebefbc98d468560b222f2d2d30ebb95c

SHA1
ee267e3a6e5bed1a15055451efcccac327d2bc43

SHA256
67c17558b635d6027ddbb781ea4e79fc0618bbec7485bd6d84b0ebcd9ef6a478

SHA512
ab9f949adfe9475b0ba8c37fa14b0705923f79c8a10b81446abc448ad38d5d55516f729b570d641926610c99df834223567c1efde166e6a0f805c9e2a35556e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4616_133680557163415607\python3.dll

Filesize
64KB

MD5
34e49bb1dfddf6037f0001d9aefe7d61

SHA1
a25a39dca11cdc195c9ecd49e95657a3e4fe3215

SHA256
4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281

SHA512
edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4616_133680557163415607\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4616_133680557163415607\select.pyd

Filesize
28KB

MD5
97ee623f1217a7b4b7de5769b7b665d6

SHA1
95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0

SHA256
0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790

SHA512
20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4616_133680557163415607\vcruntime140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\Desktop\jet_raider\crack.dll

Filesize
2.3MB

MD5
10f5e8139433eb7087c7946c0659cdf2

SHA1
a5ed6ad5115e3d1a9b274d5132ee51d94ccdf568

SHA256
031ba5a69b202f5d7a5dccb8fe7795aa711acdcf9d122e776f08badfd24a510e

SHA512
413638b28320378930c33726246eae113925e7034d05503d4e0277402c600f850f8d96d0c259925d7dcac1abb12353c0935dec7f466013d523bd4075be621d48

Download Submit
C:\Users\Admin\Desktop\jet_raider\jet.exe

Filesize
34.2MB

MD5
5e06053d551d8d4030796d1f962aba92

SHA1
6cf2351a65be0515dc1392b59902774f476c36e8

SHA256
1ed92d4e3caae52e8b39dbe22d031c4a057355befa038045ebc7383e1da1f9b9

SHA512
9ecc16aa0c0e8ed6d817b701e86a6db320c7167d399349bd97f109dfade95d6ee3f786dd4b2004e0e396a090fb509633aea6bbe46065853a3abf42f3c2782bee

Download Submit
C:\Users\Admin\Desktop\jet_raider\loader.exe

Filesize
5.3MB

MD5
220b4b281507ffd8d024a8e2010ae919

SHA1
d0eafa07d838156ab06feb9c1154273740cdc207

SHA256
17769dae61238f67e247ca62d0402e383aabbbbc886d9a11b23e3a071596f567

SHA512
b6ba7f79f6fb8972c9ef075c3cad55b99d390126a7988349054a71d4e987ba3b6d6a79127b6f44ad633fb682d275dc113fd23b8648b104681d921ab2b41b3886

Download Submit
C:\Users\Admin\Downloads\jet_raider.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2720-382-0x0000000063340000-0x000000006342D000-memory.dmp

Filesize
948KB

Download