hxxps://wearedevs[.]net/d/JJSploit

Analysis

max time kernel
283s
max time network
286s
platform
windows11-21h2_x64
resource
win11-20250217-en
submitted
20/02/2025, 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/d/JJSploit

Score

7^/10

defense_evasion discovery trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5032	jjsploit.exe

Loads dropped DLL 1 IoCs

pid	Process
2544	MsiExec.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
70	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File created	C:\Program Files\jjsploit\Uninstall jjsploit.lnk	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\infinitejump.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\aimbot.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files\jjsploit\jjsploit.exe	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\walkthrough.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\beesim\autodig.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\tptool.lua	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DFCA8141BEA94D8D1F.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\LICENSE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-gl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-as.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-la.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_1215549735\ct_config.pb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_1215549735\manifest.json	msedgewebview2.exe
File created	C:\Windows\Installer\SourceHash{6A8ACD21-60F4-4550-8D6D-DBB3FFA8C7C4}	msiexec.exe
File created	C:\Windows\SystemTemp\~DF6D1F669997FB16C2.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_787046089\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-cs.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-kn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_787046089\Microsoft.CognitiveServices.Speech.core.dll	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\Part-DE	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\Part-ES	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_817304204\crl-set	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\Part-IT	msedgewebview2.exe
File created	C:\Windows\SystemTemp\~DF650C7C5DC36226B9.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\Part-RU	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-or.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-mul-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_1215549735\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\manifest.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-et.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-sq.hyb	msedgewebview2.exe
File created	C:\Windows\Installer\e585772.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\Part-NL	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-es.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-mr.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\Installer\{6A8ACD21-60F4-4550-8D6D-DBB3FFA8C7C4}\ProductIcon	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-da.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-tk.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-be.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-el.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-und-ethi.hyb	msedgewebview2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b9e9bce7c18b30860000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b9e9bce70000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b9e9bce7000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db9e9bce7000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b9e9bce700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133844957564036341"	msedgewebview2.exe

Modifies registry class 27 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC\12DCA8A64F060554D8D6BD3BFF8A7C4C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\PackageName = "jjsploit_8.12.2_x64_en-US.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C\Environment = "MainProgram"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\Version = "135004162"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\ProductIcon = "C:\\Windows\\Installer\\{6A8ACD21-60F4-4550-8D6D-DBB3FFA8C7C4}\\ProductIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C\External	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\Language = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3449935180-2903586757-2462874082-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C\MainProgram	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\ProductName = "jjsploit"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\PackageCode = "0C7F8E08B1B421D4A886CBB7E79DC45D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\AuthorizedLUAApp = "0"	msiexec.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 313662.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\jjsploit_8.12.2_x64_en-US.msi:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
5624	msedge.exe
5624	msedge.exe
5080	msedge.exe
5080	msedge.exe
5016	identity_helper.exe
5016	identity_helper.exe
4976	msedge.exe
4976	msedge.exe
3536	msiexec.exe
3536	msiexec.exe
5716	msedge.exe
5716	msedge.exe
5520	msedge.exe
5520	msedge.exe
4104	msedge.exe
4104	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
1776	msedgewebview2.exe
1776	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5736	msedgewebview2.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	336	msiexec.exe
Token: SeIncreaseQuotaPrivilege	336	msiexec.exe
Token: SeSecurityPrivilege	3536	msiexec.exe
Token: SeCreateTokenPrivilege	336	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	336	msiexec.exe
Token: SeLockMemoryPrivilege	336	msiexec.exe
Token: SeIncreaseQuotaPrivilege	336	msiexec.exe
Token: SeMachineAccountPrivilege	336	msiexec.exe
Token: SeTcbPrivilege	336	msiexec.exe
Token: SeSecurityPrivilege	336	msiexec.exe
Token: SeTakeOwnershipPrivilege	336	msiexec.exe
Token: SeLoadDriverPrivilege	336	msiexec.exe
Token: SeSystemProfilePrivilege	336	msiexec.exe
Token: SeSystemtimePrivilege	336	msiexec.exe
Token: SeProfSingleProcessPrivilege	336	msiexec.exe
Token: SeIncBasePriorityPrivilege	336	msiexec.exe
Token: SeCreatePagefilePrivilege	336	msiexec.exe
Token: SeCreatePermanentPrivilege	336	msiexec.exe
Token: SeBackupPrivilege	336	msiexec.exe
Token: SeRestorePrivilege	336	msiexec.exe
Token: SeShutdownPrivilege	336	msiexec.exe
Token: SeDebugPrivilege	336	msiexec.exe
Token: SeAuditPrivilege	336	msiexec.exe
Token: SeSystemEnvironmentPrivilege	336	msiexec.exe
Token: SeChangeNotifyPrivilege	336	msiexec.exe
Token: SeRemoteShutdownPrivilege	336	msiexec.exe
Token: SeUndockPrivilege	336	msiexec.exe
Token: SeSyncAgentPrivilege	336	msiexec.exe
Token: SeEnableDelegationPrivilege	336	msiexec.exe
Token: SeManageVolumePrivilege	336	msiexec.exe
Token: SeImpersonatePrivilege	336	msiexec.exe
Token: SeCreateGlobalPrivilege	336	msiexec.exe
Token: SeCreateTokenPrivilege	336	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	336	msiexec.exe
Token: SeLockMemoryPrivilege	336	msiexec.exe
Token: SeIncreaseQuotaPrivilege	336	msiexec.exe
Token: SeMachineAccountPrivilege	336	msiexec.exe
Token: SeTcbPrivilege	336	msiexec.exe
Token: SeSecurityPrivilege	336	msiexec.exe
Token: SeTakeOwnershipPrivilege	336	msiexec.exe
Token: SeLoadDriverPrivilege	336	msiexec.exe
Token: SeSystemProfilePrivilege	336	msiexec.exe
Token: SeSystemtimePrivilege	336	msiexec.exe
Token: SeProfSingleProcessPrivilege	336	msiexec.exe
Token: SeIncBasePriorityPrivilege	336	msiexec.exe
Token: SeCreatePagefilePrivilege	336	msiexec.exe
Token: SeCreatePermanentPrivilege	336	msiexec.exe
Token: SeBackupPrivilege	336	msiexec.exe
Token: SeRestorePrivilege	336	msiexec.exe
Token: SeShutdownPrivilege	336	msiexec.exe
Token: SeDebugPrivilege	336	msiexec.exe
Token: SeAuditPrivilege	336	msiexec.exe
Token: SeSystemEnvironmentPrivilege	336	msiexec.exe
Token: SeChangeNotifyPrivilege	336	msiexec.exe
Token: SeRemoteShutdownPrivilege	336	msiexec.exe
Token: SeUndockPrivilege	336	msiexec.exe
Token: SeSyncAgentPrivilege	336	msiexec.exe
Token: SeEnableDelegationPrivilege	336	msiexec.exe
Token: SeManageVolumePrivilege	336	msiexec.exe
Token: SeImpersonatePrivilege	336	msiexec.exe
Token: SeCreateGlobalPrivilege	336	msiexec.exe
Token: SeCreateTokenPrivilege	336	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	336	msiexec.exe
Token: SeLockMemoryPrivilege	336	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
336	msiexec.exe
336	msiexec.exe
5032	jjsploit.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5624 wrote to memory of 5488	5624	msedge.exe	77
PID 5624 wrote to memory of 5488	5624	msedge.exe	77
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5036	5624	msedge.exe	78
PID 5624 wrote to memory of 5308	5624	msedge.exe	79
PID 5624 wrote to memory of 5308	5624	msedge.exe	79
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80
PID 5624 wrote to memory of 5732	5624	msedge.exe	80

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://wearedevs.net/d/JJSploit
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc189d3cb8,0x7ffc189d3cc8,0x7ffc189d3cd8
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,2886177724399949253,13362821839323231779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2896

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\jjsploit_8.12.2_x64_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:336
- C:\Program Files\jjsploit\jjsploit.exe
  "C:\Program Files\jjsploit\jjsploit.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of FindShellTrayWindow
  PID:5032
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=5032.396.3833469056132410494
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:5736
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x160,0x164,0x168,0x13c,0x170,0x7ffc047db078,0x7ffc047db084,0x7ffc047db090
      4⤵
      PID:5776
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1708,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1704 /prefetch:2
      4⤵
      PID:5296
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1376,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:11
      4⤵
      PID:408
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2260,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:13
      4⤵
      PID:1568
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3584,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2084,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:14
      4⤵
      PID:4696
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4696,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:14
      4⤵
      PID:5976
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4572,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:10
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1776
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4280,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:14
      4⤵
      PID:1648
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4776,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:14
      4⤵
      PID:1048
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4768,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3000 /prefetch:14
      4⤵
      PID:4952
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4980,i,13654176539548871483,15977484003756159267,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:14
      4⤵
      PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://loot-link.com/s?RjIfl5V1&data=JTEovJn4INFLF/gJ3pLGy1Q/qvvXpVH8mkAJbVZNCWuwsKSGwfuiuC3rBia4cKmv
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc189d3cb8,0x7ffc189d3cc8,0x7ffc189d3cd8
      4⤵
      PID:4580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
      4⤵
      PID:956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
      4⤵
      PID:1896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:3356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
      4⤵
      PID:4904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
      4⤵
      PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,13709280831534742674,11041594253099285193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
      4⤵
      PID:2284

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3536
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 95D9DAF6A1196FDA1CE5CB41B44C031A C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2544
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:5684

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e585773.rbs

Filesize
21KB

MD5
38b414888c0c360c906ecd44345aba60

SHA1
2f47060e37d9bf6eb96ee35f8feeb40404d64397

SHA256
007d47cf5c1b72f1ba36cbc9f530a7cff5b1610d42e03c3213d28d06a1ffffe0

SHA512
3af71dc963ba9640c626128214a68cdb1f94bbb1c5a5cedc8ed564ea779da270c9393b033365c0b2e5111eadec83b1f7bc5811952c8b90b2c1c3c2ea18ec0b73

Download Submit
C:\Program Files\jjsploit\jjsploit.exe

Filesize
17.1MB

MD5
b393f1b89a320d6a0b42190c6dcb6860

SHA1
209e800233976ec908a87db948b5aa175d99b1e8

SHA256
ca45895af0e91692514e6f4b8b494e68392821fa18503526243091d7d49e3064

SHA512
21be0b7a232e7182455206b13beada6e9614335a0b3ada9875a68620efc14f43723778910dfb6070a47ee8f177d02add1d5a2e60d616fec914a88b9ecb01f0eb

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk

Filesize
1KB

MD5
db980c302291c6bceec6dc22c20cd2a2

SHA1
bf6769dd411c98a1c5520483a9dc0c38a9e5cbc1

SHA256
7dd0801466addfe988097e692af3621592c8ec1614b2ac43cf54dead1945d059

SHA512
044deef458b6105f7d6cbb34df66e1f7045ce6b9408ff5c5c6d65993f44b2e0c82cd088b882842f813fb96a4b8735d69f1d34582e46b20af4183c202a5e4ea10

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk~RFe5859b4.TMP

Filesize
1KB

MD5
44388baa17ca905f110072614844c361

SHA1
f57a4d3bd77d3549db9e85fbfde8f25e25a7add0

SHA256
d54dd47294728b9f9acae5852e767cc4c3297eb9a86baccddc805e2b0b95b569

SHA512
c978cfa60fd6c001eccbb0e3c9c8006832c27ae0ed74ff4db577e502e8427160b77295e43d832e248d4edd198a2e5332190f909f13dacdeeca5223b9389274e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25d7facb86265ce3e89835dd7b566491

SHA1
4db1197fadadd7742986efdc2ca76f89cef96942

SHA256
3d225a00da389fde7674a7eeb98e8572be2879252290ac00faa3a80ea671073f

SHA512
cbfc02ffc441edc20c72b35d20b15178a2173e2a1c54e3736f7ba6d058e1ac7a5c1b15798bf5b91ed3a8197430f0fe84aa3d75a8aba61b4f4dd85c1b3fe68bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ab6627d6da0724908361604b2b351b7

SHA1
d6e7960616dd38cd05633face9bb0bdd061e3211

SHA256
88a373cea6d7ad2daaee9168a0519f8a23ab9ec9cbceab97df4c8d39fe1544d0

SHA512
59903d7dd6da68cb4378eceb6e356d5861514b8365da747da4cd05615ec7c7a51c810cbac6a7a00256db1aeedad80ef71b6ff06bae61e1884e620cc4a45a2d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
036b21e73eeed7abe18bd7d1e870078a

SHA1
6486f684716a508a9cd09a39febce403a38e8e3f

SHA256
8e9e78b413f8c3b323b11e5130d903b4ef9fbc367a9ae4a6ee151164a37d67b9

SHA512
3ddba2de3bddc7a9eaf56a9726096a6244c8db11d98495077789ff1668c8c269ae3fe02e3b9bae1983aeed646b882bac2deffa745b8adfffab2db60ac7fd5dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c7d32bdd1cebf24c83219f9d0f24212d

SHA1
46962f16576c1abeb8caa0014c16fd9bce3cf0fa

SHA256
a6c55f13650f3b8ce941a5de685fcc989fdd5d2c5f9e0052fe4c8cc6a7adf1c7

SHA512
8afb8a357148804b7d61707f32be162dbb42f1a1ad032dca46d6f601a065efceb5ece00ba86e859078264eb4828be0024db291e26596702ac01a6eb22298ba58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2a47dbfe88b9b4f9983377d9b80775ee

SHA1
e2be5f98e634ce6d1338bb432e34bf4c05bd90fe

SHA256
361505bb4c1c9b44da336468dd2a7d040e6f206b91a8c3e19e23f487f6317cc8

SHA512
1e71377b75a9f7bdf4c58b2f41ae76db8196e100b1c9fec5e287910aeec6155cff6f6abc6788657a3da7630c9dce85cd241a6d3cc001fe67cbcf52685904b730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
54f018c7faadd7f5b41d17f7f1936216

SHA1
da868264cb4b9f9042c9cdfbb8d47fc4c5103438

SHA256
1980c35e4ee98584dfe74d3952308346b93a14eea90d549e85191a5ef13cec56

SHA512
1407472a21c9ada68fdd2f7c09d5c46b13fda4d5e3f2fe5436af733727f08585137cc2162122904fdddb26a06080b61c05050f4f29dbba911082395ee030850d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3eca067efe3ad90c620b2d06638f99c2

SHA1
14e3dbaca06f651527b9a282c81432dc3fb9d1b0

SHA256
231d05a7c55bb071ce1dc638d9852dfc08fc8dbe810f06b91b9cf61ddd9411db

SHA512
9801d76969412c3ed65201738d6bc8579b926a5b8ad3c1f06d1a46db69babfe1a95b9405eec580c1ced83f179d234850b741f9ccf6999e74f8d92708b498cea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
2cfd31433dd6b6d52eef88eab063b999

SHA1
a9847930587fd0fb7fdb5592fb682b63dae8af44

SHA256
e7b2658df922dc2eb5cffc602ba9ae48b15f739fef17e83fbb1d83cf8059b700

SHA512
03d44bf59eecffd4f667610339d9c63ee8661c450d309c2e9d9ee0b60e8fb2a9842d65fdd54a624f8cb015816f3b3d0510160ae24f82bdea5e3f98bc070a5035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
7ccf1767c3f6a77189012bd7c646bb4f

SHA1
6d452f74a8df6c2d3bd87b26127ae952ab3541e5

SHA256
370c9175a068f1f54590dd3094775e97d6785789512e509ed16479881a709d63

SHA512
866593d68e2422c9a6fe2852f732172323ca4609de33f951e6183804b8defc099d939f832e44b25ff6a4c6ea561471516ebf62a4af3295951052d6cbc0b3b2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
8128be8e36501a9d17380b9862069f10

SHA1
f58777f781ed518f3c6b2230239ed97987bcf643

SHA256
71a85d44135947a1a3ff72274f79e007f32698ff60c91bfcc0a295a260cbb8e2

SHA512
df0426656c82ad312e25656ae771c8b7e02bfb756e36e17f953f4871b915efb7b409a0b8548330bddc0755833e4c1c82060558aec5621bb847e94e9c214130c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
2fbba52d5ba9dda06a8cc843c65c6fac

SHA1
44f366412f0ae610d8e73367a87e1d51ab317280

SHA256
f1cb1a0019f7f24412b94d239fb07fd1651862e081c756628ed80f5d54cf1b69

SHA512
320cc738ed7dfe36acce2d8f215aebdf1fe4c0698008ee75af0ba4edf7b5b0d06d46645340831da15dfd35d82eacef67ff4a6b81089cd190fe527f05dfda1781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
786B

MD5
dc94af03077bf3f391b4fb07a4d48b45

SHA1
5bb93fa12173f9f046cbad47ca649945135e652b

SHA256
aaebcb339c9ae2ebd4443bc0c6666fed45df520bcc6ddee683e828fddf58bda4

SHA512
27652c54b54207f71b564da8718bad7ff4724ef361234a5457f8aa748aff27c01496984b11c9596e736e880053089ff12d14f535e02b452fce8a14df38757c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
5KB

MD5
2d417548d24545ced3a0324656f70b28

SHA1
1f57164e1e3db641cf54280546c501ec954b24f2

SHA256
00f447fcb2de4974cf714a36432af7bdfe1a3c9436b13f1635a6de2c37d37d4d

SHA512
795e7ee2af41b673e5afedb1842bc19334c16922acd7146f72faddfdd695e26bcc35b2b399af1d15808eb48208009ce324997f255eb8e370fbf4f13d4cebfc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
59a5aeea0ee64f46e070e64dd9618942

SHA1
c65a3791c6649b3fc91b9fd4b80ca48e8ba5f7a3

SHA256
387b647901a644b23cfa296a088b93d2cece9a06ecd244a7a3f7fa833982d455

SHA512
71f58dcbbd501dd989d0ac219998e032adfcf67d1f7df95f13876788f528074b9df0a9ea320f81787be4a2cce7832259617134414267da24cb2cd3f35f8c5a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
438ddbcfae452fe13eabe4b4ac1683bd

SHA1
b0b052959a5a860ca76dedc23456993d40046bc0

SHA256
7825b3807e3aa9cef8b4b78b3ca976abefe50245053f2d5a66c1c44db07dc456

SHA512
d50a92f7188233df1e60f13dbbae0864f0a1f5fbf70bcd47e394fb22752cbd2d567c747391a1793230644ae3d6dc24b39eb0e86e7a64a334149deeb3401cc95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1b2f2f103dc3d2c8367e40a1c514ca39

SHA1
0f19c1cbbb2a382f5934203762fe0d8df35c78af

SHA256
1dbf7b6f53b8de802805d5b5da2ce18107c76c841ec6f03b3b81dc9dde97162c

SHA512
a85016486f6ac4214022bd97f3ddc4687369d98eb074bb76814e47f4a14712224d431a2c5af5374e010f9969d89afa405429b2c4ac18b702a25e5ca9320ec2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
268d35d702442b5d674890b55d7d9e36

SHA1
62b189ec8b865c6ce9d0bf754cbabe12871cfaa8

SHA256
97e5d2fcfabbad8687dd9c3981c72ce09d65d2ecc45c7de0753b594574074799

SHA512
4a078c9495b9908eb97f8392897207bd645ea097a2127e891762262a7dc73a909e6dd3522578ef03e09272553962fa9273fdbc29c78d82ed0b6ffc323287499d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5df0a53d6aba223bc173dc92becf3ce2

SHA1
6ba0e7235d52cfadfa929fc6bae931b72f0edb8a

SHA256
defa92137a4e11eb2d064d30893a405e17ea26b6603286c99e7c4cb082179d7c

SHA512
3ec263f207e891cdeac0921f0ce9a0d71fe5fed8cc7d743e9cb996db18de1d5ac4e90f145a502bebd97a07466473aa9004bc2e684623afdfaea48bca3c92f5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1f19063c766168c0fa5b7b85165babce

SHA1
615e0933b5c04268329222644ef46f4e17134ea6

SHA256
8c0ac90cb83e6f553f9cca67c0fd8d6010aa222f580ba7425589c0ca3f13fbdc

SHA512
22b83c3a887efd9c307ba851be77ef59d6be189a8a49aabbf08fe6b6bca715c11ac39482a18113d4320472a2598786996af3d0f30caa7fdc65d8367357aa73d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a8ee596393f107f21e23ef84d494e7ca

SHA1
a7ce6ebda267d9d636b99a9e39769fb54b859e11

SHA256
d19f8751c2b0007ed5752e742d5d31277d1db463f2b3613cb1216d8ffaf4bb17

SHA512
615cb738b3a9d4e7700c22798867a9f9365622c0c345b72de8ca3291fe33e074c5b32ebeb6eef1d6ad5ea232fdc91beb620cd53a8af7fc5cf6c797ed6b6a182f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
703B

MD5
238c869cbfb5c97f1b4a4b8abfdee6ad

SHA1
ee8cf44829bc90fe647ea0bf0ef8f2d2661f1c48

SHA256
b165ebdf15634a57c6b4671fab426351105f7ce2fb35eb7e01c6dbd3a8615a23

SHA512
8dbbd65aae874b76d8d4bfb8865f60785bd67e3f66b6766e041249c8e3d2d9e3e697bd86e306e67a083d157dd25aaf50e32863cfa9051601ff49ed10e04007b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
aee474afee13066e85afcd0451330109

SHA1
71384da05ed35c96707199b05c9bbff05bb0c985

SHA256
90313dda08ca038b276b92ac0afac91c66e08b61b476051f7a98caa7683c0ec4

SHA512
3073f5460ced4259fabe8718bbafb14f8970fb274ddf99f532475afc1d2e334e57fde708385011ad897928d5c2ad5203f88acad993d13c80833b9800c3c8641a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
106daa600e2de63ae5fa0b410dcbb806

SHA1
37fe498ae3cc67fb063a23e04707acaa549ba165

SHA256
31efaec5dc44a268de5e8e390af2aa3fa40684014687ad240b0dc8d608ac51e2

SHA512
42f740eb497826d022688df3f9291062c8d8b07a959de40249391b3f036c5435e9c8a06cd6e1e9bc0be2a15f3a5e90b2395878f80f5398ad645d7b2e81273091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ff5f.TMP

Filesize
48B

MD5
0c8f73965807ca99b49e8ff1fdb5c664

SHA1
64f8210bc15795a75f4061cf8f299f8935a47977

SHA256
2821fb36a988547f05533d0f638d90e95f92c257ff7d1cf84fbfa006b6d9144a

SHA512
a39274250a51f96dc895dd2d9a77eeb043fe07e78e9301912c139d1ef4abe96ba43f662f035443f5a087ff8c236cb33d668b3862652b26c5f4bf13e867ea45b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
c15402d387975aa37808a819c2023440

SHA1
0908a5f63bc8458fb4e3b36cc28153f14c1b92f0

SHA256
69111d515ba079a6bc14a756a953eb3132c59d713fd4989c6afd81eeb2f1fafb

SHA512
99fe4611d906bce078520bcba8f9ab58cf86a41f247bc3e50dc5fff35dc81af358ec119556eef6da6ef977127917d8c5d07dc63b57eb433c6e79081abde6aa60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13384495707182711

Filesize
69KB

MD5
546a097b8b52499e47174d86cadb206c

SHA1
b171aa666fa719697e74c81a1ddd1d0958af46ff

SHA256
8e4b152da289e410f27c7f2ecf136969d723af81ae5ba4459e626464c2692e22

SHA512
57b22f4c0f4aafedd53413bfbdd11abf80870473a82bd3ecb31ca325799399bb402097961e928b438fb5ba5a0f55f0595a90e2ab6eda434fe85a81b59ae2e62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
31642f82b3fb0f7da44f97cb729bb366

SHA1
4cf924b46d8121ac2cc918edcfc41dbb48a6d7e5

SHA256
46f6559f814382825618bb4c4d85053a0e2e2406639dec6f99a0e0e9d02335bc

SHA512
680a6df0d68a65986dff5f17a64d6ba64c37e6308d910cc4ed867b469fc291e8c6c555f1348e97e6607385926ac3c74b004bdf180896b153b9af6e0749949711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c291317fb460704989a6e980b5a38df4

SHA1
6a1a56266734dc9183184fa81166c3221d7c8048

SHA256
846e97199759d53a2e9a07119ecea962e6c17e54cc72f236cce4b1fefb9d9b84

SHA512
508a848e382b9ffda36ee5b014166162e5660bbb06464e6ba484a2009eeb9357f047c3eb9864eb4a9a80af4269bf96da23de6fd1b88993afc60d335f2f7d0df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
b83e816827e5a28fcff85fa4fd3d3fc0

SHA1
2774325ab50b3182931681a26e6076a597ab07d9

SHA256
f235572f24de7c372fc3abc29500ebe2da6d0164e4b01b561975383340faffdc

SHA512
96e625ece57372ebe89496ac860b0c7e3fffb7ecce68f69f13e094e241fa49fa036114f35c9c139c02943004125f35355013dbf7debcaaf5d3ecd7dd49cdfed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e32c81dfd93c1029bedc779bd9687ba

SHA1
026262b1b4d48f4653ace4292cbb23c1401bdd59

SHA256
d0b6c0216ce42fee645a1efc737500a88a787e0d81c9ec6843c754450499186f

SHA512
d241f9bf06a957415ae1f40db65572cfd1b6439d472b7a31412799720e71b88287a4d22dcaf7bd825f2e0159d2af70076730982213de476c4074f0f829e608f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
972d752548c096967b9058cbc0011ff5

SHA1
d0cd6eb87d8e0e301882b7395c74a0d262adf40f

SHA256
e7a540bf86070f58f38480c2dca010ba8b07c0bb21c90d9735543ef287382d23

SHA512
2d1668886eab87b25a181ff433f18a7373aa81132d667a1f5d5f13572f4af98001b2608358e44cfe656a9ec74ddfc8dcaf952835ebeaf0af0dfda0d954e649e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\abd9323c-0019-4c01-a7ac-a48e14e26945.tmp

Filesize
5KB

MD5
a8758cd3a7c2cae704b65dd4caedf1ff

SHA1
76e2ba0f3c173490fb1c93f260b2e18fbf4f2e0b

SHA256
2fa0536816b4f715807aa799670db1c16e8997812f4e0cbbc06d946ed2ef5489

SHA512
07d9b56f8814bf5ea36398550f2f355ebadf940f6c470c22a0804d03fe0087ec47d423ea84e3c5cb905c88e6a1110fa9dffa7401010f7debdc7712adea072888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e55529d8-ad84-42fc-991d-013c57f8e171.tmp

Filesize
8KB

MD5
ab618241eb5cfe1fd1487c16b21b556b

SHA1
2ce846941ad3123f97d144197c28ccbf3679114d

SHA256
dc313e35757812f2b4ba0e426c4adfa236772666d98ce91855c07d11b1b96c99

SHA512
88d7b1c66acf77993cc6a40d7aad86c80242f6b5091655f259f86e61ae6dd29d9a68372f90c1ca58d6417d460bfbb2e543a4032185b87fec6b06daffbe7c1b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
2.2MB

MD5
b7deed5f49bb93938c04cf6c1f39672c

SHA1
cbfc558ac2385759b39db8d701841a7e6f8e940e

SHA256
9b31946bac7e73f513a5af0172dbed233040c786646dff76f5718c9caae69953

SHA512
2dd07ffa7f41a1083f07d7bda73bdafccf7af2964edad02f649e7f7bf1704ea8d528b77c7a5d9a4506a3180e98705d5260e2ea069f7606ba7140c182c45a904c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
7KB

MD5
e4e89bcbee70fd722b1e6cf11ce1a761

SHA1
384cb9db49007e6bf2edfeb850457ea696d9d0b1

SHA256
1c5dbd346dd86b7a41e5ce0dcae97ec65abc003cfaae7a805d59f76518c5ac8e

SHA512
72fe62c722ea085c202cba1b92071b7d48d403b064fcdc24a934ec86f4688a28a6cc65ca9893f1c069e0fa24406c55a2f7f5031111b9e0e218c2f4c6f69d0f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
09afe96b00f5de3be860bc534f525040

SHA1
d671c3788c6bf1e7d4c2e0b641da55424731acad

SHA256
9fcbde8a6fd080073944e8e935156b540df58cc08bc1c4b7e5fa645922be9d22

SHA512
79c198bade071405566187a4d0f9b0fe7426ed42fa46c9ce65d575bcde9ba21b17601dabbf51684e62edf64ebd9a3345a6afa0797924c0952327a763b83bba39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
c9d342d31d7b2d8bf73a20c719a07575

SHA1
455b6f0e732e272773a39df7aad149d795f8bda8

SHA256
18234fe0c1dfc804e5ec542e041e9550ab49e08341b73737d0612d115093879b

SHA512
fa489b7a63bbc2e00dc2131e10ef4a6566b6a57bde9d807a1109a4bda5af57ad51edf4de417cb921a5c8f3c9749e3c08b04d81c390f784b0e20c257b6426a16c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
1325421e5a467257e2b14cb46c037811

SHA1
92ee753039f94e66b5f2d757a6a993a31dcc8fa5

SHA256
a003d73bd9d1d6f8a638dd45960cd7ff51819a947c72cd05a92b68946439a973

SHA512
1152ca1d2a11f63527d6dc5ba667e0bd8833580dbe38a6440ec93e5e05d5647369c6c86385eaccea45c70140a93be06333de0e837183d1e43b5c2cc00f02f442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99c01f9061db2c49b7c04ed14bc6b7d3

SHA1
abc00708775b92da2f773fa88bf9ab90254dcb25

SHA256
21a05a4463182d8207874d6b510de1b69f1be7083021207a76bee97caa9447cf

SHA512
a95f6f9f6d46fcd5f317cf4dcf1c26a85b2d679120e02fae6367432a2a7eb15978d56dc6429028581fa08fa633c1bfb0a2a6f204d6a1c1f5b25f4120cfc85cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c5c0f202cea3499f5a2a51a22de8c7f

SHA1
9f48f9334c4abc8b0d080321e834661b6598b2c1

SHA256
563c5cc64117a5d957714928cc5c4444451ea469ce3273c67bf8207a31f3ca8e

SHA512
6137d0c531518f0e9731c6d4178cfc763a8d20116a7b6079ac3530915c1ca546cd5b932036c77799970dd474cfc658f3a28df9a565c5c395a11fcdeccc352f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b30709594f0e1ca6e672a90ec67324c7

SHA1
fbfd486cead40a5248301358d78ad1e9a19ad5fb

SHA256
25160b609addca2249b4d3b756a976ae6e1364f04a69e08ae22f085910228819

SHA512
72d64e7409095a4d90de6738b39da27b7272544913bfdf07a0b8bd4a893925e88df86201577cb20c0127c3789115fd8be84c1140baac5d1ede8eb06d0540bc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c3a01eefb5ab8dd315b87c84cd8777a5

SHA1
6248bd797723fe0cdb9fd443ac77dec9ccd8be7b

SHA256
d042d2f3e5142fe4075ec95848367b269ceddd421c1407842cbc5d708ba5ec25

SHA512
5bd6a2423b02bf2c409d20ae0e57042fc95889db1999d8ef23cdfe12c9d1ad176f24acb4413cc6a5e489a46061214beb3e93091aef8df7f86e023bb0a291cb80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI23CF.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
3ab3415eb5add4c5ff6e003244a4d030

SHA1
d59fea06ae96a3ae918d1b59cfa1b4dea3ca57dc

SHA256
5adf4a2c1544420c8f3d95d48beabde918c7717cb22475a60a6ed3ee4088aa81

SHA512
648f243b7e501ef69102ea1e8b54bbc043c3d0cab9eda7ff979c004d38208f2ec640d38a3bdee8267691c855b4d7fc70273165993a72e5d8df9ca0668ab76e70

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
cf3ef334720ba26e026fc9e4651b3568

SHA1
1186288696f98f7f09149ab40f6d872439f8a0f8

SHA256
8e43a2b0cd19600fb8ca1b7f6f712b91f172b7226cba0a2112d456ec2e0c207f

SHA512
3b841be8e2bb2e667323048a6e4f03f6cbfbdf70d00108641cadb2345a614a7f2e7135cc536aaf54161f7cf2b2cdc5d7bc8ecf9e862e2356ebf13842f180b891

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
da411ca180bc44600920e4c5543eab8c

SHA1
517b55b18c16b8548db7e085e93090912b045931

SHA256
f18538a92a9c763d713be67a0e6ed0a583b3b0b98c9de512f38a3fd98b859910

SHA512
1c0af0ed4aa6499bdeab7b0ef882230be3055e7ae9724789c012c24b51168cb464708111bfd0ec85d4d39562a3b784175fa1de53002e725f160f06f2870bafa2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f5f2c0f5abb01b0910dc66e4c6213c90

SHA1
a5ce6132b71fcd41227f590e3a82b78b5b9f5ffd

SHA256
eb39dc28a06984d6e79cf9fe3564d9c4c611cc1dad640c0901070ae346f56bd2

SHA512
1adde06aca5fcf994fd2277cd7a0c89f904025c6520074daeac67498c2b3eacb7545a9bd97cc5aa4b5d859335f0e61c0abd60e52683f8dc5ed859765054abfcc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
aa51773b347947333ec5dd26b5512b15

SHA1
cc6ee47d58f077951b8b5b1908d79311d89c6b33

SHA256
c12e88551c97a246da7316ca78ea2af7b1e4f87072c016caa07cd5bf906566a2

SHA512
015bb54b17aee70fa5b36f64ee1d0621b05f757054b86edf9a02ad010c49dd9eadbd4f6896fcae580adec1d1fd547b395ae9abf7c911e9dc928342573de71ab6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State~RFe597dc1.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
992efd077fb0dcd0128619138e7ec615

SHA1
5205c4430839256b8c4d121da5cc26e7b535a0dc

SHA256
bde41cfc7a0de96f86156a36a391494bb66d09d124f56ea3dab2a8af8a001aef

SHA512
29877a74a644e6c225fb813211cf3eff8407b6f956a583fd5ad7f9b5e23a93d99e800c25aa1567316e096cbf38deae58c616debccb7f25b6beada45d5f9fa854

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
772c6417ee5c00703a8e3354687e5199

SHA1
84a90bd9694475e1031a3309d5d0087db69d3941

SHA256
a75c289fbb289ac134b3ee2595aaf35b1990ff4c317f30d11865241f29fb8ff4

SHA512
6a6d99eb0453c48abb0a662f29740e9b4497065c6be3c5f5ed631007cc073992c60f5b142f7b992e4db050f8c99769294f4f479de145b75cfaf5958e0e95bfdc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
6d7343b2c8642ec9f4811ca926c4b609

SHA1
a851aafe6e2e3a3f91f381d5c2936d5500cc083e

SHA256
01153f568d6f2dd6b465386d5935542a58522a6a384d5012e947a61a0afde229

SHA512
b6e72917272d9d277c1d55b5714d977661326e1c4bc47cf2536c4ced2257e21742d0c758d6cffbb15fe60ccee833d0ac2f102e596057736b3a6e0531b858574c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
87a288152d2a99a016f13c607750760c

SHA1
45f9dacc2f92c944a7b6868b089e208215755b65

SHA256
8bdbd1b5f597574d736cd3da52509c15459e330b8579b5a1c59978f3a1ac3fe0

SHA512
572bd49ed5c3291fbe91eb00f3708756589312affaecaa279998cdd5216c544bd1e79dc2b3a960608fd022cac6d6ce1eddd67743bc4cb30d674de302c52c700d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
0a8503637bc05443d4321741e12ae344

SHA1
b0ecb7145ace083e78f0cfac08ba2ff9c2d46b50

SHA256
3047db0fbd414b8e7777703281f759ecf328a36ea998e8065ebf8103f090c726

SHA512
e7990353964088a6e88750bcf015eb14cc1dde59470c515dd9c0526b52de70950d780917e9ef822a047fd3a3e280724f400c9de4ad3146b69cfa1c9b0a588a03

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
306e642606f06872c3e393dc453bfe74

SHA1
d191be8f918755dd6547d1780f4132ccb8abb41a

SHA256
80095964beafb04cd137ca83bb9d22beaefac1d15f3835181e144fa21a46f246

SHA512
dbe030e6811f46c02a964460c70e0120b8c16d5d48d29297e74d487c3f912bb818fd5009ee5f4fad13a8cb5b8e6b1ffa5251ead20849a87987ca868789aa3d82

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1022B

MD5
35b9923605baaab796803f18b70c4002

SHA1
46b1811dd57709a9ece5da447998aa5330ec37b9

SHA256
8381dd9ab23bae903d0c2182e6ae50de354fce0223d558bfb45dc0d39d00f289

SHA512
358d889e1aa13096e71e126bd26fc8e39f18e0e7929cc2403a340eea0cc792f4bb275496d235a23f96e4f6831a3aafdbc1495acffee097d96406ff972a747dbc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1022B

MD5
943546f61f67743927ed3ec317d07fec

SHA1
52619719ed1716ea15273ce6eedbccb8a785f5f2

SHA256
f05cf9519fa0386bc3a6fd31437f03210d93582c443db9390779312e984d34d2

SHA512
e1e6542a828cf47e488b8ad94462dcc008294bd39e52503aa4a6159e04edb3980c1d3399490abb0388d8658707c68b4f931b798f73cb579485b6141485475291

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1022B

MD5
10b8dfccacc2bf8dfdb1332370123998

SHA1
96af5df00d0de93a5ef7eb032ed1106008e8554f

SHA256
ca93d1001cbabed530077347747136f12874fea444ee4cb411670235612e16c8

SHA512
f0fe16814045f4960aea2420d3a0944b05a66f3292ad31893d8d520c440823be49b9f69e37caa78a7e6b11f4fabce3da355d807679d80cd66c0e4e40772b7fea

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
932b1127f865cbb8de0628885cf6af94

SHA1
d41b4ac0fed65a0525ccb62f290e92bb5dd73f66

SHA256
51b77a59750dfdc001939a6e2766be7dd180c105f8c511b4fb5ab97d7b88166f

SHA512
b6e710d4dcc5a9752a25e77f05208f6cde71852f2b852ff0945e0a1cfa7c50bc497ad5213f84bbe7a82499d8e204c55f15b39f423194aab7a6c10a553ad7557a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
7bf61ce349798c49e3ede7dc16565e57

SHA1
ed8b70bff014c7e835073fff0d6b7aa89ddafd41

SHA256
61af0aa6d466756bb6d9c4d5e7d9280b45fca8831070a2ac29055efa0de896ec

SHA512
a948793caf5bc0ca662d1493013b7c40822b8b8540a9cca677bd9cbf2ef4419b091b4d416fde41a79af56b5fbda601029865f98e446e62a507bb333a0f10ebe1

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
7d58d1988853cab21d9be8be4e9d56f5

SHA1
cc929933dca892405c161bd3492f41f1dd0ff434

SHA256
e98364ad5507fb2bc0434817fd146c3738a8e6e3c78b518abcbbb917563752f7

SHA512
48c631123aaa6c26d3b58e1c0fed274df37277e699357ea7fd673bac4748f0f5950b80febd212d101abe9d1df72a2e0bd0a52d3b163f0553511fd1ace051d084

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
ee23920bcc7b3b74b40eb38f6b8b5f46

SHA1
23347672fc18ec09dc3d9ca870538beb161e2a60

SHA256
bfdfec4eaf3a32fdb2ba62438b695a23685eb336c8af60ebdfef4f669889824d

SHA512
b0b468cfc0ab72d652afef0245cdc41cbb50db9d298b605b28cb07f2bd895a73c21a08bd0f655f6931cfdbd59778002bbf98cf18b431ade9ce5cbf4a68753be6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
662db54e93984c6f7c63e48a69f449bc

SHA1
2a595de5ba1aa1f9f66a367dac74c2004c85ea59

SHA256
4fbd5ab3836a01887b0b328d8a9f1583be788283ab604f5d6a32f2ce7945c2f7

SHA512
aead898171ee28621a1c4dec7e128fe46dd9c202cc92f6cb41edf28838e5dac48eab070266d8c8608a77d002b17e99935a9920affa4fcf66135fcef1579e3ad3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
d58d0eada9119da404d1eb15c681e633

SHA1
8e8c7e22430649cdb076e0c12b6d6a58227a46cf

SHA256
4b4bd618e4fac8de3f493a9e35088546798dc6fe6d07461b70efb58428085f9f

SHA512
5a6367d32e35fae07a503dd417a0e872de2fe3965ec7d83fa6074da6d93c55df66b4f8bd77d2dbbad0d01099efc013488aa014ecebb3f863d2bc96e4aa2498b6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
af661027491a59248044bb69419cfd96

SHA1
8a67cf69b9f74993ec0a21e2a3082cbe611a6278

SHA256
e21c71d7a41724af5af6071033ecbd30d4b94cf7927fa8eada2c1404144f9243

SHA512
e461c8ab6c63cac9bea077c165079a90222cb51c8e96f011d518f4c981e808072465a96df6fd53267d7668f911a897885d7d28421739d00aff2666c3f21084e2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1022B

MD5
85870a4b2660708b80b88c55d7a46ab7

SHA1
ee564c69b2beea9385ed6d4c382a3720e8073b0f

SHA256
4132ee30765ecab07cbcb50e8b765b997203bdcb9cd10893aaca0fdb3edf85d7

SHA512
f440af4366c3dc7ceeeb0612fb2ee5e727e40b794153ae588dacfdd2f0f80350f5da06476382a51b5245a99871980ca3deceecca7101a036afc32251d01fa75c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1022B

MD5
35479260df82ceb8c1af814ace858a67

SHA1
f4e12926022b7c73de5b15e858350b8e9dd591d9

SHA256
64acb05657834e930b1ba5e40f2a600f32b43fabcf8a373e9e3554c850c07f4d

SHA512
c8ce9fba3a835d9da774ffa05ac0aa7ed266c37c6dc90bfa14080d5776133ae2ea002baeb7c14bafba29c63ae321e3ce6c9439831ee6668216ce755a8daf5391

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe58c6c6.TMP

Filesize
1024B

MD5
ed58e3f92fa67882c7d5dd2949fc49f5

SHA1
3e57354521af37823f2f4d7f355c074b11575937

SHA256
21d221db2fd5599de567f76791e0dfd2c64bcbf242b79345b5fde9ccb1857764

SHA512
acfd527f152f240d686313b2caed1dbe5b3e2c457402cffe17a7ed18986469949320db2860bf2dfa7f0cec7bcc2722391fad0a3cbe45ba81858a561ab03eb479

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
53b938dbbe093bdef4fa037986a72995

SHA1
5482e682cc6d79bb40b6207b19af711c688855ad

SHA256
1019d42971baf15d9db801b3137ba7b645b19df5b93b9f35e62b2dd4f4208946

SHA512
f5c696b3e5461e4d961275a6eaaf5b3b6d931eb33f32352dc68f26ca1a71ff8b0e0385a16809f6eeee82d1e51b089162406ee6f194ca18a34f58542af78015d5

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences~RFe5906ec.TMP

Filesize
6KB

MD5
0b64f0832ff63ca4736254ba71292ca7

SHA1
85a4d212bc0194684660a2ccb88803fe5c73d4fc

SHA256
af9d3e32a9f123f4c1ba27a06fc7407817fa43059b595506f9c2bdaa492f86a8

SHA512
0c5369151f42a69dda05145b18f60dbc43a63e706c5048322b2e2139a59bc3dd2a2b36bbed6976e433402474ad3b232d216436076328ed66537734198539f5cd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
0b69ab50d5c1a2b608278b7c010eeac4

SHA1
8fa2d0322f4a17410a8de44110bd725604b58c8f

SHA256
e72b63445532c45b7027edd1c46fd8bb4b37dfaf4d243e3fd99bda18d24adfd2

SHA512
ca170dbb94557afffa75d04172e5d6ea16e417ec556a41e58c68486f6b7ee9918c0b1fda7892b1277fce2b3317b3ae4353a214caec8083aca57725e9882ab52f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
3KB

MD5
cb71e5898b5900c354b3d16473ee03c8

SHA1
04019d4dd5eee4bf0bbc7be1603f5bb8463903e0

SHA256
410350755775c9546538bd72bcc0a088589b0b3bc0b3c335ccfab42349448191

SHA512
24c3aa99609ed275902d1f2fb9543e277e6aa9fffae96facaec4ad8ffc0649a80322873fe919cfe279e5e09b49878279d9e8caab7996733492254c19b14e3df0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
33e7df11e497cfa6d6346df4f4904046

SHA1
1725b737f3a1bd11f716b0beeb3b743eb8f4f613

SHA256
78ad0fe4d0f27fe60b52d4b39c567be26fa8d48ce0b7ca5b7014ce82abecee7d

SHA512
9c5d9c996ff1b4431d92b72f86071b1635f030f68156da91114b8249665525aebd6884ff385b75138791f50382e7207035ca86b5096c7d773e52f2e76bf3957b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
1KB

MD5
62fc74aa97d6e7c300987136c31a5247

SHA1
0dcd65519e9a6ec96f6580f4b1b37e3c123ba133

SHA256
6ff51ebf835cee63e3cb985d4a521e4bc474e0f59bf06a5427df3646bb56c1b2

SHA512
5ff2ed3bfcd6d030096c85ae94a7ce2a48d316737222c28cf970d9b5a6371a997ed5f25866c91627b4a84f54ce1a9cdcc7b420bc084c474d14e1203a65c17425

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
9cca875be02f4cc87dc9022cfbdc1856

SHA1
40dcb32c93beedbd4457ac70969f039c7467b4d4

SHA256
d13e03862ca8fd1006ee22a02cb1efe21e1a92ee9301ef405f01507c3e9b5f17

SHA512
e747a6b07d216bfd49d524adea015bd1669d18ec6751d50c28b27aa8846472d4b8b69f0b0dee15302248558fc0a986b17095d3f6e010f256fbb78ac72cdd71b3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
18KB

MD5
616200ed12464009feb97100abb89a77

SHA1
673a49259cccd800998ee50c6f11a2a32e6ac285

SHA256
3f179c9283a0a6e71f528b2479d2567e8d5897969eee9fd23c2a0dacc5a6ba40

SHA512
865636eabfadbe78841a709193a7b4f36d8e4e636a0713d808a73e6f961f246c05811131e0638cc0624fa2f23640e33c2b31facdd745eb56a64a9843b7f5d046

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
18KB

MD5
2d946553d5670576da4cb16e433e883d

SHA1
c4488ba18ef0c1bb2b55caf0d93c606277eebeb6

SHA256
91a770af8559f24546ad65746a8624e52a36a36014296d23089dc03991bb6c44

SHA512
8fc134a4108316c5b3971d33f19cfbdcd099bf614293b6c949ffd8f4f1f439b926b5164a1bdd27ce18031cb758e86be61bbc3a9ced2ee6b51f036b014c82e5bb

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe586869.TMP

Filesize
1KB

MD5
c0112f10d49ee9053d3074c666e6e762

SHA1
8db10e089df51f0ff865ac53184b8b0fd002329b

SHA256
a80c17450d6a7d151e61a9ec0546f4d5ec71b1d78638e929dde053ba8155db7a

SHA512
f3145d13db8336d59ede0228c37c3bc25e1a35463773b937cc55c56337d5312ec799e9f0cdd3c8dd947a5bc6135f9db00cfd38b1698767633396d25873fa4303

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\PKIMetadata\21.0.0.0\crs.pb

Filesize
289KB

MD5
24a3775317d74ceea8fba6f0cfbce562

SHA1
fed5009eb51938d0894a9bb7aee8a97873d9b6f3

SHA256
192b206ad6f649f6c8767f6a3b11d9c5354710602bf0aeb4157eea08d7461ef7

SHA512
245951359283bff026aad50f7768a9aa59c1926ca7aa441c8f6a3715be34925332eeef4115a442a7841429400105d59d13937ee3aa9b80e83f1982893aefaa8e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\PKIMetadata\21.0.0.0\ct_config.pb

Filesize
10KB

MD5
09b6469de61db3473bdfe04951f08529

SHA1
d64b455ae9c65d8d8629a128a9f3505ef3df3555

SHA256
1c435f4448dcf1784637fa9470546d12d7db2420a11cf8b5d6343439dd401c60

SHA512
049d3c0e05aa3ab1d4d51cc5bd72603f47aa33141bf771cb86baedc19b8973911445ce74256ff1118483175cf4a104262a22ae9431a6366cbd1f7d28553fcbb0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\PKIMetadata\21.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
2d8bcb7c4b2dc669429bd40f7048f62a

SHA1
43a332c99105dcfb67893ea167879c3ce6bac8db

SHA256
7a0866cdd7bd21b8b08d166edb3f6adf8c859b47988b9b3ba3f0eaafabe10ff2

SHA512
15d3c7c6df2c3c75daf7ea9165687c5a6f8acac3dfe83573e20aa1bd425dde8fc659fc2c1b050b3e8ddb28358a96b9e0c083e61fa5d63ae34fa4b0bb63db8a76

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 313662.crdownload

Filesize
6.3MB

MD5
d8be6f14b4dd7a85a5b5479e88b940da

SHA1
4c1ed04a00fb4fc31cc4c10172d0e6f310faacef

SHA256
c3daa5b6503c601bf868de990dc5fe055c266a7cba6e269115290c37fb8a4d05

SHA512
77964855eddaf57ebf7810185eacf2bd40bfdd883473ac063223ea496744d81db678c171707d44cfe19077df1fcfb8888a54021fc6af7cb4547dcc464ce717ea

Download Submit
C:\Users\Admin\Downloads\jjsploit_8.12.2_x64_en-US.msi:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_1215549735\manifest.json

Filesize
102B

MD5
2c2e90b63e0f7e54ffc271312a3d4490

SHA1
4eb9d97e1efc368420691acb2e6df1c61c75f7e4

SHA256
72dbb7d6b647b664ef64b6a14771c2549c979b9c57712f3f712966edb02d7b2e

SHA512
9ec9e8a34cc56a694ac845a4344600b479d11347ec5279d955ab4cf55590440f3491e0a1b635ddb9db821630885e5fd63c269fc2a5d1abd0a0d0062ae21dea8b

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_1600666621\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_224628244\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_306714726\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_787046089\manifest.fingerprint

Filesize
66B

MD5
5bbd09242392aacbb5fac763f9e3bd4e

SHA1
14bb7b23b459ce30193742ed1901a17b4dcf9645

SHA256
22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

SHA512
541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_787046089\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5736_817304204\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.6MB

MD5
551130de25961824c012cc8c74c3bc62

SHA1
546e1059e3907ce5e51a1b33240598d4eac33494

SHA256
bd17aa8950fb277383ffaca1efcfe538b05d4f018b4ee222798fa8050aaaf68e

SHA512
e929b0f3466e6d208260916f8ff41703181f863cc70c629d44bec812c759b7d5642cfdcfd93d921fc02d1462472f89f1eedb18d9f9fed5231d95f9a6cc2d91e5

Download Submit
\??\Volume{e7bce9b9-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{61281f96-6c8f-409c-ae8e-5ac873f2aa9b}_OnDiskSnapshotProp

Filesize
6KB

MD5
4b00ed498196f748c51c403b9719dc28

SHA1
d8f722e1b0b0ed2008c2bdc6130a8649c84bfa45

SHA256
01bda066e719296c0a4aa799e8cec139d349d88aed46d54e9a9d96eedab5efcb

SHA512
f4fb2969c7e9de3fb6ff2e7cc02ea90c35433211070c0e65765681d2940f1e51970c4a24c772b6f90bac3dc3a440ce14ef753355f0f04f92f5e086b57b1e535e

Download Submit
memory/1776-1077-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1073-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1067-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1076-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1075-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1065-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1074-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1066-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1071-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/1776-1072-0x0000024192C30000-0x0000024192C31000-memory.dmp

Filesize
4KB

Download
memory/5296-448-0x00007FFC25600000-0x00007FFC25601000-memory.dmp

Filesize
4KB

Download
memory/5296-623-0x000001FA7AA70000-0x000001FA7ADE8000-memory.dmp

Filesize
3.5MB

Download
memory/5724-559-0x00007FFC25600000-0x00007FFC25601000-memory.dmp

Filesize
4KB

Download
memory/5724-624-0x000001A8D2C70000-0x000001A8D2FE8000-memory.dmp

Filesize
3.5MB

Download