hxxps://wearedevs[.]net/d/JJSploit

Analysis

max time kernel
150s
max time network
150s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
23/03/2025, 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/d/JJSploit

Score

8^/10

defense_evasion discovery trojan

Malware Config

Signatures

Downloads MZ/PE file 5 IoCs

flow	pid	Process
533	5348	jjsploit.exe
538	5348	jjsploit.exe
540	5348	jjsploit.exe
555	5348	jjsploit.exe
557	5348	jjsploit.exe

Executes dropped EXE 1 IoCs

pid	Process
5348	jjsploit.exe

Loads dropped DLL 5 IoCs

pid	Process
3308	MsiExec.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\D:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\D:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
540	raw.githubusercontent.com
126	raw.githubusercontent.com
127	raw.githubusercontent.com
538	raw.githubusercontent.com
555	raw.githubusercontent.com
557	raw.githubusercontent.com
125	raw.githubusercontent.com
128	raw.githubusercontent.com
502	discord.com
503	discord.com
505	discord.com
533	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File created	C:\Program Files\jjsploit\resources\luascripts\beesim\autodig.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files\jjsploit\Uninstall jjsploit.lnk	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\tptool.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\walkthrough.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\infinitejump.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\aimbot.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe
File created	C:\Program Files\jjsploit\jjsploit.exe	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_206922353\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-cu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_340272518\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-af.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_340272518\manifest.fingerprint	msedge.exe
File created	C:\Windows\Installer\e58533c.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_206922353\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-el.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-et.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-en-gb.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-es.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-la.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-mul-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-pa.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-pt.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-uk.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\Installer\{F5FDF003-9345-4EC9-AA0B-E9D6E46BC669}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e58533e.msi	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_340272518\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-sv.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_206922353\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-gl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-hr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\manifest.fingerprint	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_206922353\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-ru.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\Installer\e58533c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-gu.hyb	msedgewebview2.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F5FDF003-9345-4EC9-AA0B-E9D6E46BC669}	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-ka.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_206922353\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-sq.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-te.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-da.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_340272518\keys.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping7136_340272518\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-cy.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-nl.hyb	msedgewebview2.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x000d000000028059-2632.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b7cf3f444b48aaeb0000000000000000000000000000000000000000000000000000000000000000000000000000000000001071020000000000c01200000000ffffffff000000002701010000883801b7cf3f440000000000001071020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d083020000000000c050e1000000ffffffff000000000700010000e84101b7cf3f44000000000000d08302000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090d4e30000000000000005000000ffffffff00000000070001000048ea71b7cf3f4400000000000090d4e300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b7cf3f4400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 28 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871649398520753"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe

Modifies registry class 29 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\MainProgram	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\PackageName = "jjsploit_8.14.1_x64_en-US.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-780313508-644878201-565826771-1000\{1D73B8B1-002F-422A-96FF-879D53ED595F}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\External	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\ProductName = "jjsploit"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\ShortcutsFeature = "MainProgram"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-780313508-644878201-565826771-1000\{59553BE7-CC93-44B8-B080-3EE144362570}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-780313508-644878201-565826771-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\300FDF5F54399CE4AAB09E6D4EB66C96\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\PackageCode = "8EECE02541805B143A2A3ACDD4621C86"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\Language = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\Version = "135135233"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC\300FDF5F54399CE4AAB09E6D4EB66C96	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\300FDF5F54399CE4AAB09E6D4EB66C96\ProductIcon = "C:\\Windows\\Installer\\{F5FDF003-9345-4EC9-AA0B-E9D6E46BC669}\\ProductIcon"	msiexec.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2428	msiexec.exe
2428	msiexec.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe
5348	jjsploit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4836	msedgewebview2.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe
7136	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2796	firefox.exe
Token: SeDebugPrivilege	2796	firefox.exe
Token: SeDebugPrivilege	2796	firefox.exe
Token: SeShutdownPrivilege	2884	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2884	msiexec.exe
Token: SeSecurityPrivilege	2428	msiexec.exe
Token: SeCreateTokenPrivilege	2884	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2884	msiexec.exe
Token: SeLockMemoryPrivilege	2884	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2884	msiexec.exe
Token: SeMachineAccountPrivilege	2884	msiexec.exe
Token: SeTcbPrivilege	2884	msiexec.exe
Token: SeSecurityPrivilege	2884	msiexec.exe
Token: SeTakeOwnershipPrivilege	2884	msiexec.exe
Token: SeLoadDriverPrivilege	2884	msiexec.exe
Token: SeSystemProfilePrivilege	2884	msiexec.exe
Token: SeSystemtimePrivilege	2884	msiexec.exe
Token: SeProfSingleProcessPrivilege	2884	msiexec.exe
Token: SeIncBasePriorityPrivilege	2884	msiexec.exe
Token: SeCreatePagefilePrivilege	2884	msiexec.exe
Token: SeCreatePermanentPrivilege	2884	msiexec.exe
Token: SeBackupPrivilege	2884	msiexec.exe
Token: SeRestorePrivilege	2884	msiexec.exe
Token: SeShutdownPrivilege	2884	msiexec.exe
Token: SeDebugPrivilege	2884	msiexec.exe
Token: SeAuditPrivilege	2884	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2884	msiexec.exe
Token: SeChangeNotifyPrivilege	2884	msiexec.exe
Token: SeRemoteShutdownPrivilege	2884	msiexec.exe
Token: SeUndockPrivilege	2884	msiexec.exe
Token: SeSyncAgentPrivilege	2884	msiexec.exe
Token: SeEnableDelegationPrivilege	2884	msiexec.exe
Token: SeManageVolumePrivilege	2884	msiexec.exe
Token: SeImpersonatePrivilege	2884	msiexec.exe
Token: SeCreateGlobalPrivilege	2884	msiexec.exe
Token: SeCreateTokenPrivilege	2884	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2884	msiexec.exe
Token: SeLockMemoryPrivilege	2884	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2884	msiexec.exe
Token: SeMachineAccountPrivilege	2884	msiexec.exe
Token: SeTcbPrivilege	2884	msiexec.exe
Token: SeSecurityPrivilege	2884	msiexec.exe
Token: SeTakeOwnershipPrivilege	2884	msiexec.exe
Token: SeLoadDriverPrivilege	2884	msiexec.exe
Token: SeSystemProfilePrivilege	2884	msiexec.exe
Token: SeSystemtimePrivilege	2884	msiexec.exe
Token: SeProfSingleProcessPrivilege	2884	msiexec.exe
Token: SeIncBasePriorityPrivilege	2884	msiexec.exe
Token: SeCreatePagefilePrivilege	2884	msiexec.exe
Token: SeCreatePermanentPrivilege	2884	msiexec.exe
Token: SeBackupPrivilege	2884	msiexec.exe
Token: SeRestorePrivilege	2884	msiexec.exe
Token: SeShutdownPrivilege	2884	msiexec.exe
Token: SeDebugPrivilege	2884	msiexec.exe
Token: SeAuditPrivilege	2884	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2884	msiexec.exe
Token: SeChangeNotifyPrivilege	2884	msiexec.exe
Token: SeRemoteShutdownPrivilege	2884	msiexec.exe
Token: SeUndockPrivilege	2884	msiexec.exe
Token: SeSyncAgentPrivilege	2884	msiexec.exe
Token: SeEnableDelegationPrivilege	2884	msiexec.exe
Token: SeManageVolumePrivilege	2884	msiexec.exe
Token: SeImpersonatePrivilege	2884	msiexec.exe
Token: SeCreateGlobalPrivilege	2884	msiexec.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2884	msiexec.exe
2884	msiexec.exe
5348	jjsploit.exe
7136	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe
2796	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2128 wrote to memory of 2796	2128	firefox.exe	83
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 4484	2796	firefox.exe	84
PID 2796 wrote to memory of 1316	2796	firefox.exe	85
PID 2796 wrote to memory of 1316	2796	firefox.exe	85
PID 2796 wrote to memory of 1316	2796	firefox.exe	85
PID 2796 wrote to memory of 1316	2796	firefox.exe	85
PID 2796 wrote to memory of 1316	2796	firefox.exe	85
PID 2796 wrote to memory of 1316	2796	firefox.exe	85
PID 2796 wrote to memory of 1316	2796	firefox.exe	85
PID 2796 wrote to memory of 1316	2796	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://wearedevs.net/d/JJSploit"
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://wearedevs.net/d/JJSploit
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2000 -prefsLen 27100 -prefMapHandle 2004 -prefMapSize 270279 -ipcHandle 2084 -initialChannelId {c118ff10-98e8-4b92-a99a-334b63d3b3f3} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2496 -prefsLen 27136 -prefMapHandle 2500 -prefMapSize 270279 -ipcHandle 2508 -initialChannelId {adbf329b-49d5-4a9f-827a-8aca9b0cb452} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:1316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3860 -prefsLen 25164 -prefMapHandle 3864 -prefMapSize 270279 -jsInitHandle 3868 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3876 -initialChannelId {8026ca9a-aafc-4379-811c-8904681a087d} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4024 -prefsLen 27277 -prefMapHandle 4028 -prefMapSize 270279 -ipcHandle 4116 -initialChannelId {af26822d-8d3e-4b33-bb93-651d418c8de9} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:4972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3296 -prefsLen 34776 -prefMapHandle 3304 -prefMapSize 270279 -jsInitHandle 3028 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2676 -initialChannelId {8383334e-d3c3-4b26-bfe4-d744c0811f7e} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:2556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5140 -prefsLen 34906 -prefMapHandle 5144 -prefMapSize 270279 -ipcHandle 5152 -initialChannelId {c3cfd1bd-b3cf-43a7-a473-7118a337a988} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:4984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5356 -prefsLen 32847 -prefMapHandle 5360 -prefMapSize 270279 -jsInitHandle 5364 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5372 -initialChannelId {b879312a-afa3-41c4-aa47-ce44b42f2e08} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:4892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5420 -prefsLen 32899 -prefMapHandle 5408 -prefMapSize 270279 -jsInitHandle 5508 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5584 -initialChannelId {bade7537-add9-4a7e-aebf-b81903a89b49} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:2224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5772 -prefsLen 32899 -prefMapHandle 5776 -prefMapSize 270279 -jsInitHandle 5780 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5608 -initialChannelId {0133bdc2-a299-4a92-b7dd-d7f77d2af47c} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1320 -prefsLen 32952 -prefMapHandle 1324 -prefMapSize 270279 -jsInitHandle 1328 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 912 -initialChannelId {9813ad4e-d592-4064-af66-136b3c60fd48} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:2888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6368 -prefsLen 32952 -prefMapHandle 6376 -prefMapSize 270279 -jsInitHandle 6380 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5900 -initialChannelId {e5895f3e-7613-4263-926c-a26fc7d6999d} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7176 -prefsLen 32992 -prefMapHandle 7164 -prefMapSize 270279 -jsInitHandle 7196 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7180 -initialChannelId {b7e96970-dfe2-4d53-8286-3497a1fbdae0} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab
    3⤵
    - Checks processor information in registry
    PID:4216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7384 -prefsLen 32992 -prefMapHandle 7192 -prefMapSize 270279 -jsInitHandle 7240 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7392 -initialChannelId {f8cdb997-7342-4b96-a3b1-9cf9e1ba99e1} -parentPid 2796 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2796" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab
    3⤵
    - Checks processor information in registry
    PID:6056

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2884
- C:\Program Files\jjsploit\jjsploit.exe
  "C:\Program Files\jjsploit\jjsploit.exe"
  2⤵
  - Downloads MZ/PE file
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:5348
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=5348.220.1549282907987706501
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4836
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7fff0926b078,0x7fff0926b084,0x7fff0926b090
      4⤵
      PID:5220
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1732,i,13567446478202435215,10960627851688106309,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1708 /prefetch:2
      4⤵
      PID:5112
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1956,i,13567446478202435215,10960627851688106309,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2060 /prefetch:3
      4⤵
      PID:892
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2356,i,13567446478202435215,10960627851688106309,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:8
      4⤵
      PID:2560
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3356,i,13567446478202435215,10960627851688106309,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:1292
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.14.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4900,i,13567446478202435215,10960627851688106309,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
      4⤵
      PID:8176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mboost.me/a/P?altId=MbWA618KfBJgqotU
    3⤵
    PID:7116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://mboost.me/a/P?altId=MbWA618KfBJgqotU
      4⤵
      Drops file in Windows directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:7136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7fff0751f208,0x7fff0751f214,0x7fff0751f220
        5⤵
        
        PID:5648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
        5⤵
        
        PID:6404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
        5⤵
        
        PID:6432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2500,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:8
        5⤵
        
        PID:6452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3236,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:1
        5⤵
        
        PID:6688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3244,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1
        5⤵
        
        PID:6700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5012,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:1
        5⤵
        
        PID:6660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3484,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:1
        5⤵
        
        PID:7024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4908,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
        5⤵
        
        PID:6804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
        5⤵
        
        PID:6820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
        5⤵
        
        PID:6924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:8
        5⤵
        
        PID:7180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
        5⤵
        
        PID:7376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5992,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
        5⤵
        
        PID:7392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6276,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:1
        5⤵
        
        PID:8024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=3424,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:1
        5⤵
        
        PID:7248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6536,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:1
        5⤵
        
        PID:7268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6696,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:1
        5⤵
        
        PID:7352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5268,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:1
        5⤵
        
        PID:7656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5192,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:1
        5⤵
        
        PID:3000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6680,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:1
        5⤵
        
        PID:7812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5148,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:1
        5⤵
        
        PID:7956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6080,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:1
        5⤵
        
        PID:8116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=7072 /prefetch:8
        5⤵
        
        PID:7264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3636,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=7224 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:6668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6768,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:1
        5⤵
        
        PID:7980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7596,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:1
        5⤵
        
        PID:7460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3664,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=7808 /prefetch:8
        5⤵
        
        PID:5128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7804,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=7612 /prefetch:8
        5⤵
        
        PID:1544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7480,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=7880 /prefetch:8
        5⤵
        
        PID:7912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7440,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
        5⤵
        
        PID:7636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=5076,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=7788 /prefetch:1
        5⤵
        
        PID:7800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6604,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:8
        5⤵
        
        PID:7680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=5464,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:1
        5⤵
        
        PID:4752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6712,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8
        5⤵
        
        PID:8148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,13522310957026853801,5484178376335862383,262144 --variations-seed-version --mojo-platform-channel-handle=2524 /prefetch:8
        5⤵
        
        PID:5124

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2428
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5AFAE98761B19A55539F819273A9E5FE C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3308
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3208

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x16c 0x310
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58533d.rbs

Filesize
21KB

MD5
cf23199e02595bd93454496862f912ff

SHA1
2697f8c5775e570729bf8cdc5739b90a63b4ad6d

SHA256
a7ea146d9e3872e52ac19c3033b23b17affbb280e90cc9f6d927b7839567fb4d

SHA512
e14b2a26910404f2d37e07a7a9763a323875949c4468d84c5d143af91ef5cca012d1a1460158427bb2b2424a182859b165d6425bd5f9197a6324f9e620ea4294

Download Submit
C:\Program Files\jjsploit\jjsploit.exe

Filesize
17.1MB

MD5
383ef1f70f833f175c588cab85110fda

SHA1
4b5780d1bd89efb409b15065874877b1424c31ea

SHA256
2c349879607ff4788b904cac39a1593d676b04eb4fe783f02bc1418d8c05e1f8

SHA512
19671ecfaf42f5207c3683f881f91e262ed3f0e5a994b6aaf25f1c9a22e29658c9faf5b21f32f64ae430eeb05ab9fa8dd150fae196db6ff949157bc61768726f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk

Filesize
1KB

MD5
4e8078c9c70fce55f8c3a3006422deee

SHA1
3de688a3b370dd68079d1f0e5eab19f196e152c2

SHA256
0bb945ea62d5af5a10594b1cca15c432eba65743c9364d71fe07cdf501fad73c

SHA512
e979cb5d5f34c27a5307365d9e20f5d7490f179deffbf2abfaa20d06883f949438e0c331fad0134b766a9129f691a336a8ac1182227e7b0164f7420dfe95d7b4

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk~RFe58558d.TMP

Filesize
1KB

MD5
216acdcd065159d07edb5c2991d324aa

SHA1
6bbfd5e30283acf88bb715b98d59ccf1933434da

SHA256
116b51faae6aaacd351847963d6e3fc026c23dbe5c639f3b137e4fcac21039d9

SHA512
b22a2d578b0b610cdcc79b4fc2e0640abbf83fcef075f614aac4dca352a8cdd3916ae1d26d2de5117054df1a66696dc20ea669f557e6f2d9dc3c39d841996a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
aa9afd16e8041e8c80250b50ea6899e4

SHA1
a3a698d431952253255c343f2b35f74e73e63088

SHA256
2bd7f856d73f78bc3a4de32b447b21babad42c009b19fcebe2f8cdeca2380926

SHA512
344de0888df8851d957ca6fab055eb9e2f1aa6d958022c2c30442cd6aad4d158d0a99f8908184abc60fb1e0ccdd3d9395d8c0d37fc317d3700974c3348d4a5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bd9ff8f794f810de4458ff7c2ea86011

SHA1
f017dad0f6860c229a2333b3753bf033277e3968

SHA256
7e38272d84c903cd41588c5b8221f3c9ec18d580a48fdddd64062f2c19a91a6e

SHA512
3e329332ba2d17310295677d25d738d0bf302dca349aae2847b4a6cda2e67e613cd4a5b4b709cf207a7a415dc44c1071fe86e189ccedc8c3963d636f172bfa50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
7dbf43df6df897210e0d9dca5ddb7832

SHA1
f175a4ed4721e30203e6c05c94b1f9c0f7400c07

SHA256
1a8d5cc3950121c6eb1a7f9882cc8fea4130395a83d9e465cbd0c5850ce3b671

SHA512
06c0ba24c0df3feb9eac1447330928a107a1c487724bca07d95426d0d91f6e85e3048f03cde99bb8b99f27f8db2e6fd3d25506c377b415c2557084f5894a070a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe597611.TMP

Filesize
3KB

MD5
2b152c79d57bcbe4bc56a05f5b03d31a

SHA1
dc47867b95be90d8b783aceff09898c434c4dc46

SHA256
7695fe03471295be4861fcd3318567606d7469b0acbdf7ae99318b0b1f10f0ca

SHA512
36f5fecba5ca08fb149640874c54646ac8eb47084eb7b6fc2948e4d96eebee00344dfb3ba9eb73a51eb4a9ae739dc2794c43529ea00e67a71f4f0f5e956ec7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
172KB

MD5
a27c668c5df841587e3166cf972d3862

SHA1
d98b4f5dea6c0df6f79a9a5ba84495637a874853

SHA256
ddf76f23f13b8f8c33fc39c61c97ed8d1fd98dffc7ced0a37f3d283b0e44a2c4

SHA512
82d55f7b88baa16ae4f945dd37fbaa971f8da021b6d34d86e8e0a5a9d0a6e2ba5b710c050541ecddc828151eb85a458db11555bb1ead556f903007e969b1c824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
353B

MD5
f7decbe6ab83fefbb1de4d66441d41ea

SHA1
46a62dd9a71b963697fda6d7fd06beeca5e451e1

SHA256
441625ecbd1c603e9d33f63ecee6c83fa12d6a30281faa198d7924453d652403

SHA512
a48b74d6ec12b37c0ec1e7c8bd84814049a00e4c9ea1181f96b1a644152b0878522ab4edd40edebccf06aa77bc57c08ec16f1c47314bda5d312db2a9a720c1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\2fffe90c-cefa-495e-a526-fea2df0c9c5a.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
3ca6b4cf31af81fa839f12a22ed80518

SHA1
1302588e4c1459649fe84f739fdbe83a5ddae96c

SHA256
56b24b8527eabb3ddcd8ae8c24e1762190b24a32555aa28042753b60dc82f684

SHA512
456f55f7f8b7247b7b1ea8abcd8d6aa9d08fcd3acc0911994d5a86cbda237e4361b318118e3f1e258d7c026b2ff8b4aa8c2d073888f567d87f16c961b3a72353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
824544a59d73d4b6bc6dd2c0ac71c5b3

SHA1
5634f6bfc9313d324450bb0ab6d650bb9a5a84c4

SHA256
bd3c4f444ecd39f9a27a3f269ef4e654d3821edda4420d198f98ae8a34a4c348

SHA512
cba6099262c19615d7d19ea27b0f48eaa2abaeba9964233b479c2fd501299ab9569d931c41918d8b8af21b36ac3ae88af5a5e8f8ea84c782515a4112b01357e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
cb1b56b301d4b970bd487fc9040e4bd8

SHA1
f4fa2304c82fe6732a303ef3abfb19fe79b98304

SHA256
52cf0d71761c2028d3c066cad1e402712c9c16effa9e5e9471bdb98a4c2b462b

SHA512
7be687bb0da993d6e7620f0cc71cadf8716dbacc4f150fd123dc06c1d3e99946ba9fe5038f3e70fd6245647fed48a338ac83e1522d4235dad44b5d1b5dcb3449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
6c8d9e982c26d2e54e0d5f59e42d6e76

SHA1
0ff0cb48146166efaadad58383f60d32f3e4b3c3

SHA256
636ed8fdb797b4c087a9ce4716aa0c7ffa3aca1dc834aa992b2c4cef92d8436c

SHA512
f04a90eb469a26140a54d6a21a994e1b313e49914d9db2915cb89b0b75935659f1311dc41e25a4531daa398c8e66dc1ec9d94bb48bac52983559b31b61612cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12f37fac-6137-4e62-a3fc-760c30dfb97f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d9ab085-e530-424e-8c47-611a4cc10076\index-dir\the-real-index

Filesize
576B

MD5
af776d37e20eb336bf4a738f6823916a

SHA1
629bdce7c574677f5422e57a3f27136ed232cb55

SHA256
8816f9be52ba7c4d9f879ad27ed1c0652ee659117605a203de37e6b45287f85d

SHA512
58cf9ba26e7dcb8222949725802737268277221e72738f2bf409dc5db5389ee3f04920ec1a4eec0ed7d23f9e3684fc1e556ec8b76c586aa232ab4824f18564a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9d9ab085-e530-424e-8c47-611a4cc10076\index-dir\the-real-index~RFe5920cd.TMP

Filesize
48B

MD5
f3d1dc305138767937ec0d90aa772b66

SHA1
1e5bf4c8a7f4c55928d1574a2d64ddca40adb1bb

SHA256
8ea7d68378bdb3a3448716646281b0143931cc727938c9de2eedbb3f58f9f3e3

SHA512
a37b2406bbc23e0467742ca1d7f29e4b1697f0ff69f06e7ebcf78f0047899ba545ac891a85e8cde7353c300fc199e7cf5e1399927def93c49abecca43833dcb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d7c5c558-cefc-4eb1-8b4c-dc4d790effa5\index-dir\the-real-index

Filesize
2KB

MD5
8235280adf194860625423556a7ffa71

SHA1
42b81e25a8e1a01bff50ffa107acc782afb82bc7

SHA256
8b12e0f4b3a32de25f5b4a5eb0bbf290f2dcb9f8ec14f96d612baffd27f1bba4

SHA512
4c4df8a383475c8e14353ff17c5925fa60452b1f8115605a5dc085611912764f0b9f44cb404691619769eb537b4f3a599c421a94dc808409a4cab9e9752e29ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d7c5c558-cefc-4eb1-8b4c-dc4d790effa5\index-dir\the-real-index~RFe594cde.TMP

Filesize
48B

MD5
bd89c6bb4aae4e5ed8d5f07062fc0efd

SHA1
f1688eb16afa65705bc93c2eef026d05b632f186

SHA256
c169b8250d12302b9205ab92a0e4483f3299d87977653ab866a862fe5a983e2f

SHA512
447b6faaa234dad999a870afd7cf73c7602c3ff8eb7283d6ef6d0e8ef5cc156b4d3dd6f226e5cd18ee8284b3e0d5fbc6c3514c00392e4f42f0e9c83a0f451d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
01c9e1d1a3ca5f4ec310b6c07312629a

SHA1
0036d195af863753272fac9507f9f1fb69b4b44b

SHA256
09bff97a6cd8779fa9c89b3008d04d095940a4723fe29bb7b053022ccb4edd9c

SHA512
eb13eceeb047b035aad4db144ca3c0fb05cf2896c342b1d4134a6e858453a2e97bf63b1667354746918f4f403bf9910e9ed3c8a8f7b9e31f147cfc80227ef2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
186B

MD5
c0fde0cb74514967cdad23e3b668644f

SHA1
085bbc818fbe6d226fa5a6053a358314c9b2021a

SHA256
f163cc8842aadac17d92f3795471bdb792bc65e54781ca6e8aa665dd3c134897

SHA512
69e7b6694d228211a2ce78d857f73f1f8b8cb60f4f430e3e9b46298782bd64b0bbf79e48954a2d26e7cec8e44399a1d5852cc5837a6c4c5e52689dba0377340d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
326B

MD5
d66c071938fd21cefc88fd6e709eb480

SHA1
08f0c62c69fa3e112b1742d2fb1821e4f5bee77c

SHA256
92696b20d0ae074cf2714ffc000c240dfce0dee7526c75cadb0b0f02a58ae5a0

SHA512
032c32208329b2070e29a7559dabd35f42e02af020f383c6798fe28f25374b3c39a5dfc545ce0561c5f953170ddddbf4e01990e83416daa58ccfda08c89731d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
8b4d729691814d2976e74ac154740ade

SHA1
345d00dcfa45221036666cd7e4dacd6cf6fe1cf4

SHA256
77c761f7801eb25ca67a9f65a70d30d0df125d26c12aa5018cbf05f8848b4b48

SHA512
65e42d4b499776110f7cd91364d18eabe331e6ac02f8791b5a82e14d25e6932d119b45c581c1f9eda15848ce8a4a055ac427db6faad680f0f33c1cd66cc330b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
6613f115a0cedff0e710de1dee4a351b

SHA1
0d28184ad78ffc415b63091f5223da5fdc997927

SHA256
2533d1debb5c23d5a0e793b1b05bf6fb2156f2d519dff3670952b71e619e7dfc

SHA512
8eee8876c1492b452683615662150cb3e759ce6bf5b7a2c4fc85e9445e2703beb7ab1c721b342f58ced42aae0dff590224ff8ccd2f3e72d08259df0be43338b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
269B

MD5
9e2bcf5e79529bd1b10b651363dff4ec

SHA1
7cb7a7f4215b51b500520aa48d24aec9475839c5

SHA256
5d7891d3aed542e9463602ab41c91d2b764034aa7ba1cbd28ee90737c994d7aa

SHA512
3ca2958aa4315c354508f2e254d9718262fefea000e61d462d81bc8f8541e44f5caa48473103ddd5d4cede2c05e10171ba81ebcce74b9a5c69655a844d85e53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
c036197962e49c3091cad51510c8ac66

SHA1
471a3cea81a995b7789cab9b07a616722cbb731b

SHA256
364f620c5e21ab312cb64de5221732a5bae42e28a7698fc0c213b1101cda4c85

SHA512
dde08c2d8e15b594babf7fafb93a2838ea37d3903c3fff5e297ff42aeb7b177b5755b4f1c0671e1fef4728e6ef9f3eafa87f4b5f0817461806f5c99da3a204e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58c56e.TMP

Filesize
119B

MD5
f571fb57656cb74eb8963f791046c03b

SHA1
b6387879a5db318b93400946eec096a0b2f99001

SHA256
2111f4652fc412296123d5c2aac54d2f17178041e92d039c60a624af612a6dbc

SHA512
1dcb275826c2c69b6ee3472e24abf3b21e86add2b18295c59b64664d4c75735a5df54832f05ed89030c06c5da8c969c78d42cd76f75093ebdc98d95863095432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fdb70e3ccedc8e404adda531eef62cce

SHA1
135dd355a8451c3aa6f65d6e082fadb4557428ef

SHA256
33643150a20cd2fd9b8fe9d9c87b24d67e280ee5a26bed085d2e50f67265da7c

SHA512
c45aa51ad022821690a3673e51b7dabcd7b4c5da4f9f8313c4a02153ab5751f61b553e1ee0f249524512d0c953882f09ce436efc105734a340c78b0831dd45ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59190c.TMP

Filesize
48B

MD5
4320bb3d2edd4173a0cdf0061053c1ea

SHA1
223d89cad0e87002a2fc4125145fb08a3e711c6d

SHA256
225ef95b80c4637d06e315b47038de2bd6e31fe4bf9b76fe2dea27fc74671d40

SHA512
19194f9b869419994badd1dedb541402abb96f10ce0eb4f50b9a39e530a2a0de91aff48acdd5cadc13ab24e803803a80904d8b0b55b63b9078a3b45274c9a214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
fe77cfa627020fe569273c3ebcf31326

SHA1
1948d1331ada9149fb15a30471aa02a6d314e412

SHA256
463661fa749978a06f5120369e9a7996c68b0fb05a6b809d9bcad5c1b134810f

SHA512
af5b03ac6e489b6e52b297d16c93d7ae3e87ab9f6503690450b3679257dd4478e3354baec628b7a14c930e7f038b488f4a077cebc93d3b2aeb032d8be33a9e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
a4a28275e6bc6d11cfce5879be16262f

SHA1
3a811eb71d029be068a4257657cf751055db087e

SHA256
290a4e5744e13760b7dc1310ca92789a6428fdf553a7cadd0052a1dc7e35d70a

SHA512
2db5275abd9541fd3763fcef8175675a4c70a479f154853c2acc8b5a5bae3ee8e9748576e1b645f383826583f501bb46991b73902ada3eac260c60aa7af48091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
37466e10e46242a263aec4fedd00ff47

SHA1
d7256826b361648480af8bead37222f38a5670e0

SHA256
95c71299f5c8a4da64ad2c72244dfe7e44b636cc02b4dd98a425ec313fc7649b

SHA512
bcda7f2488346247661abadcfd28075712195d7448f7346033c7ab621ce085925680d8c46adae814d32f5db4dad7cf537ed66922be5ed3b3c4a28772de55d2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
31a21e09e0df588cd1e9894ca749f351

SHA1
e22a7fcb1de465c8d58cb2548ddaeed097362e4d

SHA256
9597f871a43504b1c6ec7ebed5771ef09c7f2d7701f522d0100864aa78772887

SHA512
2934a187967e32fea81c01917dc73f655cfab47f5814d0e7c19d1f11eb2886e174704e45ed66a3e7d2a0883442afb79a90fa854629cc8e6ae7827889550165ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
105a2a17b497ff8903a3e80d95486fb3

SHA1
f581a8920f4a3b4574ada24711d04df1d5bb67d9

SHA256
b5a46304ac5889985d8aa64b993c0fd15044c4e02c573fb11f0575a2206d8826

SHA512
16084d8abf67c9b980a44064a0c995297fd3750db492f148be107b7acc0e2ee83573e8006a4aadc52adffc94dadf4516c39b445d24d4669d518cf2687fc27a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
b5c9351814b500f245017c1f257a4dc2

SHA1
eb0bc2e4dba9bea7c6c21cd774f1619644ef9772

SHA256
2a3cfbea8a83f7fd6c33ae54b36e7dbe60a670dc8e2667313fe04cd7159079a0

SHA512
538f91e0f4d64841321987493ede09a7c33dee7b11d0c5031c4f37a53dc5c5bb5c8e8b26e373c3e0583a4c4e36e6c74f43e843667d1be475377a0a495c57d71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
fb3610d7254a48024fb5511fb4d1d374

SHA1
2b0a2f28fbf79e211f10b83761afbd2db09bf13e

SHA256
0d2b053152537af100787c4a1082873423ffd1ef5e417f1b981a50adb74a81e6

SHA512
de070feed5854db5ec27aa95d8bf0354c6df3cca08d3fcbe7055f518c29c5a703009eee1038945738d34bab2f93cec1baa4db18dc38d9309a66488715fe7b95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
d9c0bda7d79a3ea18bb58b7ea3fdf919

SHA1
9eb83a1dcfec92f80d9f8f218535705678292874

SHA256
2e903702c0520f63c3764c31105c2d96b5e0915d77ae1c0336832fd3719bddcf

SHA512
438ef1341740632ab4ef04d9c363b8526793d41fd40523ada1cfa738f173898761b1bd8c7b366d1c8b646dffd1f87348be2794a3e1a7300e6e930617c19e1495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
b7e29179d98756c19ce95511358a8da2

SHA1
debd08dcfffef50e0a2be2927370936d5124e38d

SHA256
a39f56a36c83564e84bb25bc6ef554f9616a0c7dd37ac0c598d38dfaef53db5c

SHA512
ebcf873a13923dcba6702afb47e71d67c521fa4a525207bc3081cbfdd3a8f8fd268812c55ce91ba206e0db1ad9b8fce59a3a78cbebd26efb5354210cde8194fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a2b6cb066c7bc89843f9d51c4ff7b6d3

SHA1
9bf108a1b17e6c64d8efb033a1397565ec160975

SHA256
e0869b0ffcda4c8b5a25e05aed90fe981cd351aadaefa683d93279f4f218168f

SHA512
ab1a86aca2a486c8ca633162a5325444c19bf4c4611c89647c3fcf21e0b0d41fe3e793ee8fbdc2ee7c9bf3053f5bfe99d056af0b52bebd8b03d42de0bceb138f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a633939e6beac364b5a06b90115c3b8e

SHA1
82da42a4e6bb07d929b2a7cb8505acdd55277334

SHA256
678c704defef7a7e873802e11fe745780ce2f6be60b73e7ab8099f1fb1aab62d

SHA512
1d334f66e5680960e658a68e8fc22affe92fb8b85a5845075f9b64fa348999b690fc8335ff43e90ce38fdfc58238e7b66df93b6ebca241f0bf35cb871cc16743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
42e5fcbb60874978e5fb4ebc39b3b8d8

SHA1
71a2a38e06905920837baf8fd25c2d6e14af0273

SHA256
3b53caff459a59fe206f02b36251c765a8ba3baaba10f5ffd6751741d4dd0d41

SHA512
45628ff471127202761c9c6992bb44c5d653fb2a44ebe78e87b9c9ec8f5baab7be05133cfc0d5fc03576879bad5f9e38ee1bba69f4489f1c014769dd5d4f9e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58f7b9.TMP

Filesize
392B

MD5
e0063edef4f72663a03b9d4113d1aa70

SHA1
fd8e3bf2ce42f84a8106ac9efa03bb73e97f1725

SHA256
dc4f69216ad6afe69d94e94199a5df957ac379ef2902132aa31440ca07fcebf4

SHA512
64ef90efb04d9177865ce9e2d571dbe4f961b4c0ac76a3e02eea7dfbe52ff011b15eacb3a36036f05c3bc3e08594275c6d69d04a4622bd687eddeafe0aaa177f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
41d638284edc85cba1ae5f3bcbf2c9fb

SHA1
4a5102614d7d201b5b6db0cd3f3163d390d5653c

SHA256
09e021480bb0dc9af67dbb67d93169ef23f2170b29578e676149b523c922c176

SHA512
e4b4f2a5629f6d88092b7221e59543927472e3b3d06b81418fd98b739af945acf6acf58b20e4462460c191c79950a763a50bb5708bc3ac432ae0230e71cce594

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\50jftte4.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

Filesize
13KB

MD5
e4e4b1352d0b62bd596a084c4e88a622

SHA1
a3a538bedb24fd7acabadafb488d421e35a45d21

SHA256
3edc575eeffc86cf12297886fcbbb3384468b0180db7bfe08c5360d33dc52c3e

SHA512
f4e135cfd5331e5a25ac26b3eccad83879e9b68c2445fe485d0c0c42d2aff0cdbbe4c99eaddcf2cdf08d73b7f194f9de26cbf1dbca25df689f49520d1313b10b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI216E.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\XENO_CACHE.bin

Filesize
28B

MD5
78d58a032761f1b9767ce9a961560a55

SHA1
16e75b82eb992b85361cfa782e2eac73f627717e

SHA256
895c607361d12436b3c82f8e233278f594d1de2ac032fd9534670a26f9bd5ce5

SHA512
4395ec8d0e057016daa654d94aeac4aea172814193ee9c3d5717093636db0972fea522a5e0596427b7c89cc2ab7f10c9be7c103b12b0c4151fc7b221d13e0f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
666cba9e2695bf6a00e66ea651337335

SHA1
d19d1ef36dffa49b361a92840c42e824b211619c

SHA256
58c2fad2c676a3f73ba98d37394ff3874f385c8bb982a0d02e3de0f5b71ee8bf

SHA512
0b7de74e578f6d70b790283f050964823a1a7a8984d46682c78d72818f5f7e3dfa05074719c681de5e9a9d71e15eac84f62f9abb460b479735614aea43ca42c4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
bd11f0543b8fe6847bbc2608a4279e97

SHA1
219c67c67207f58a00b8764fa9006884fa093f99

SHA256
5839973cab6e5c788754ae210ce6194daf563f5aff76763685c6b9230e035a7a

SHA512
6d70be0fac8f36f56cfb5b893d89b85b5f4295feaf630f372e63822cad9e49c7e418ce9eb69c63cd659c8a6d230806c981c9d48251b631c1b8c70cae3b6a9f8a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\10215341-2a4d-4347-97da-29714dad77ad.tmp

Filesize
6KB

MD5
1d040cf366d9250b4eab68d249c812e9

SHA1
1a4d52e7faac5dad8aa9e4385bad42b10b07125e

SHA256
5d39a6b1a5dc2a450788c4d5dc128a6058f9076c5ba916f2ef876de3a4cc10ea

SHA512
9affbd6f785da7990def885c15d9c3321f753c36404cff3af78da18f7f837db4998f3762604b95d460a3efe7512ca42e06991d0cb79f5a01efa8c3f1826f3d14

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5a40fea3f5aa3a5a1be6d12965f6538e

SHA1
657c1393caafe41c0172c03abe9e40ba38106649

SHA256
db714f5e1cd60d07c5d74a0fb230f98cff5640e915a49ddaeef126d25a57b34a

SHA512
91feca055e78efa15703d1008a642543cbe56210d6b807a99dc5ca3662e571e758e129d2a7be41f8b9ab3dbe401e0b3a32772d8992b9d29f0b288e4605203794

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe58d7dd.TMP

Filesize
48B

MD5
3a97d730e32cc89ce2624c595652d653

SHA1
d32e9747ee225997e43a17d42e19987047d9ea53

SHA256
60487810360f89485ffaab7cb5c99d077ad285ffb0b131c79415a74c221da906

SHA512
382d16ddf97a98bf2dd8ed705900e7e571a54f26a4350456f59c541e8ff03e941496dc7693f0f458eca04c474f5664f35498a7fd42a9e25a80dd7fa34cdf509f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
3c7b17475ae4057b6a18c9109b4fcc9e

SHA1
b5fea39d2153fe45bc169bbb0178d56619422570

SHA256
a763e3924cd6ad5889c0e7589c0597056a2dd322ab722f6d9afeb4cc0f0ccde6

SHA512
a9f2f82a30175a682247a3426e3c21af5cd8412f532a2522693b5d259324fa61a6b542b4f49e738776612371d20d8ae296f57f0b7262743ac3a5a45a98313666

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State~RFe597872.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1012B

MD5
12bd92d67aaa5dda0b16bedbd200d128

SHA1
6ad74ae3a75169f25b11e84e796f47bcdac9c3ce

SHA256
bbd83b7b71e9965b43088f8c94c0d045c3f5dc1a71844907b7d09731f973bccd

SHA512
700b02be5fd31decb8c2bd19ac76cbb9284e3c43c3228b3f7dffca28a76b209a258f08bfcabcf3c3c0ce876c21cce1233dfda865fa07b802947204b339ab7aec

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1012B

MD5
f9bbca30e6fcc36732afd81c0e57d1fd

SHA1
fccdf98bb521ee4de463fc5e80a0eae106bcbb2d

SHA256
03de8f4d9c53b411fd85fa0f7039ced2deffc9af7efab8f8f7e3b211ebf6c8c1

SHA512
1839c87f1d3cf67a8730b8ccb4dfe996372fa4f84f42bd3cf8ad4f9b78620356b9c89dc548afb5caff072decb0fbdfeda1d0fdd22b638cd44a37167067fbf7dc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1012B

MD5
c32c4d34bbfdc5c41f78f402eeb603f3

SHA1
61c6312d4f6334b4e842dc746a92ed99e973639a

SHA256
763ef63e1c86031abf4e1934e9380f049c8ac4c0afaa306fa1edd72fa40cfece

SHA512
7516db950eea5302271cb4118fff7572a12542ec36b585f6a972bb880e51978e4628054d95307a1cec0dc9df3dcda9aa989ef6fa2cd72bfeb9b74ba5a57dce3b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1014B

MD5
db2f66cbdcef9892d88279d4f962b76f

SHA1
b0dd7f6151e749db4c1c9e4d684786324c394aa1

SHA256
4501b6b2e175aa8170d40102c03e4e69b09548a8c3d91191db857cb44fb03277

SHA512
353e09dde935af658ede80a7dce0bdf6e8d92b54cb96f1c35fd6c2f90a67b1eb71438b53b4414816e138e6130279bc5f20eebe9c56c6b12a8709305a6ae859cd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1012B

MD5
94be702bea13fad451216e80b54e4b53

SHA1
2acdf5df6edb1e9f6afb3586d1bf6f9437619b37

SHA256
6daef8d5dd3f8272853013c2cee6d270e6f7bf5d95bd25477c916999733c7786

SHA512
dcc205d942973870af72c2c40b8f7c40b1f04b5e5e52a747476fb3ac24f69e4399492139b27448f7f02ca91dbd7c64cb1c075cd0a9641e5de829645a4a94e4ce

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe58b91a.TMP

Filesize
1012B

MD5
7e6e023e295d5d96c931870456a2549c

SHA1
786d46c62550b5b08029e57ec3d2f62594aa7859

SHA256
c01b20376b664b47ddbe2af83f524be8324df2d68c5a6b8a58e32ec984e30ceb

SHA512
bddc3101fcc4f376f036edc78689b42dfdd3d1e5c144128a0136134323fc78def02be7175afefa4269b5ef2d0ce38aa947ed864c19fb6cea1d11e39beb13c780

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
6KB

MD5
6da63f6743245e1742be07e0d84582da

SHA1
910a7464dff23cc7709c40f9a145fbc974c10763

SHA256
2dfa5f5d02a1de65483b6ff4b495bd4bc2eceaa40e8ba96cda0b1ca0e3e9bd70

SHA512
5446246b4f4252a7ff6671cc7414ac76cc342d33c6a109223666cbf3a4c6194327992c56643402dea283fd829235bbfbe0a151f3c84eb360078d96bce5d00d80

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
1KB

MD5
a2fa663c30f0d25ed771c9d1823a1a92

SHA1
acdeb0b0846ea4c300401282f00865943180a25b

SHA256
a182e0b99dfb027073a4c8c0c95156248dd436d7d42d6a5fc440004982c6c209

SHA512
5b3cd7b09eb5e63ad13fa56c7dab24eae6519db9e265951db1dd848c6ea840d71091bafc1a6f411715349f0c3bf400510b42cf15bfaa8590ac4379f8b549f677

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
fbc6a23a6515c11e374ea21010543306

SHA1
630a946adadeab8771ed40c61d50a63b9f5817b5

SHA256
8a1448c0dfd6c687c4304479fc6daadd0c55d01ec9bd866c7f9ef5deb38bb2d6

SHA512
7519839232755f4a4c4c79b4c6a3768ce60a5d1b5b6f8ac39a25a53dcceb7afc635badf5ccc204d6c35a45c3036dfbbb47675c3b088ff4ecc0868138eb53a9f5

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
3KB

MD5
e16b2cf80561677e77ba8aa18469bb18

SHA1
213e074ac1af63fb91a5ca811f5cabaf2ed4c312

SHA256
431d6182bf5e5fa16e2a934c83b0f2089392e62edccf23b74ac8ca7df99ebf1b

SHA512
19e21b76fa0252814d49b719cf66bc75768c144d1252ecaae6f073ba23117375bb12afca91245fd85c0e767ffa3da4dd96759928d09b6905289e6f731f13569b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
802004314927491a72d337dd5e63cebd

SHA1
4415fe4ac7714025d10fa781642690b3767bac8c

SHA256
5446ca5560c93a59cf9e3eb0a5df513cdb74b6c9bcaa80cb900b208031d048c5

SHA512
f29c10e9281471e0fe382f449ffb785a4597f4c7e8a125e391ec6c3471a8bb5c561e0cc5aa24107f0e006958debbace5a0971b2a836186fe6390c681535705ac

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
18KB

MD5
7de1e0f7b4055a8defa1a47d7635d460

SHA1
d09769c8961f9941775d858123f7ae7b4e244470

SHA256
f1f31c9af7b877eeaefae70701337352950db7b5dfb43acd5f005b8b78516c13

SHA512
cd3466cd453ba3235376c27c14dc3f2aa48246f1c4e9e4510a51c77fdec09ca527a421b4f19b27f208abb9981140f15a69000e935804582549a763181ade220f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
9009b59f35189ae88190e2a911444078

SHA1
42b306d794b1d75c956a48db6237d84bbcf92dd6

SHA256
d1fda4a7e41d1ac828d5b8cb8a4ae311b958856e9bafaecf79b5609d0933ee6c

SHA512
68309280d47bea81b3976ddde2e0ebe9637bafbfff0487865ed39ff96801dd6214e15f061de61a0102cf3535326406d65a63119d4c375478c0434cbad87dec5c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe586339.TMP

Filesize
1KB

MD5
0637b2f878bf67f6770a14229222fcab

SHA1
adaa788d0f422469b4505e4f34f4ae02e16115b9

SHA256
60186ef544631ac007c952a3e5113c6f51987d2601e984a8fdbeb25d2cb28e8d

SHA512
cea292b2cf497c4a2b0db0895052a9be5c705ac740b74fb8e434263bda1dfeec8ba9b9edd9e17598102c05f2cafe2c16cb1b81d682a1848cde931462e576cace

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
539c04800687ed7b5eb9b07dda10bbea

SHA1
a65b7db85e80780140e47a29d1eaf46bc7e4f0da

SHA256
c9cba61f14d1bd9e9a058e75db9fc85ac3bfb33afc91a75ef9a78a09e553de13

SHA512
1d2d04f7188f1c487e4475b3860d6ef3848cb378fbb8898a7def3560912652b5755682ed02a0cc3be758e828f2d71fee449b7ee45132d0f54a949c20ead61a76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
be7fcfcdbb6f3a37da1c225ded8364fa

SHA1
2bcd4e2362175096fb7d1398ff26069e3eb44e57

SHA256
5a54d9b405a516e8d61932b56ad6833837dc07009094eaa99734e1178aafe098

SHA512
c15a0426f12b8e63e6081b2f1837811d01479e8707562aa60fb3f4599bf4f2ba9ddf36998693dcb7669585cd40292bd5bcbfa04e5aa1a7a4a125aa0d25345bdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\AlternateServices.bin

Filesize
10KB

MD5
58808ee34f02ece9327316628c2e662a

SHA1
0006b8c4a74b10455e22582d4ea6176576f36264

SHA256
7a5c795ea59e78c796b85ed1eac9b479730e1093f3cb0e228fdb2aa19ccb4797

SHA512
a8b92b3906663bf2f794eb9960e909942839b5514f86148fda070b1f1d009c4bd3b54486071db83cba175e3b2cae445d102114ed53188b9ece64c54d2c591a6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\AlternateServices.bin

Filesize
25KB

MD5
dd4efe0f31ff4ac8ff6b14cc8840a98d

SHA1
9cc77a1ed358c0f82aac92f2d74d7b9daa126382

SHA256
6cac9036175fa5a58fa8a1f36a6f4623364be2e3d84bc99ed21aa0080f2b0941

SHA512
81b8843187ab64c80a8bed9c9ff48927e2f77bf14b27699b9907d1fd23f94e64f0dd14d852f0e0bb3fa80ebfdde19bea1604ba410ca002ea16f2b21e91b73e49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\compatibility.ini

Filesize
198B

MD5
ce9ef13caa8a74c25157b184aa038475

SHA1
db03a9935d8bb3ce6b120aca98feade536805160

SHA256
252b7fff962848c61092e82a3d87adca163849767713a93ab533bb397f1f53bb

SHA512
0f6f5053e78167ef5cc5fa70ed3a87dd116df0671a590299277a197341bed983e3d77e37ad2c33cd4afe880fab9ed1c7f7502210040617a01f97a81c1e1d4f29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
41KB

MD5
477a4402a67aa10fcd720803ffbc1da4

SHA1
9e0c4bba5f5d2c0afcc0f785bd08f3b9577a41ee

SHA256
02993648844cc99c508c5fabd9be1e2e9dd83d88085aa3d5b83278c5c54abd44

SHA512
b5e6993650e1c6a4c61aec0a69d149441884b3e9f9eddadc629e94910060d9867480b1036ce7b11715953e189a77e313eaafbe771d417b7328cfbf643f79c6a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
2c18b59e6691280a116652f4f66960d5

SHA1
457ac47699d9726561525b6c8b73abb8e2ab6a60

SHA256
db4ff4c7242e0f4b38837ac15d8d9c12b7cdc724774246f097bd12c6660203a0

SHA512
44e63b722cabe68d1ffb8c31349e43ed5defeb3bb79b574fd3ff2469409b17f32e39413f2ee1882c3aa191fcececde2fe24d0f44743d941ed4276ee4dd3c9f1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
b1f132ff8da211ba0483a6dd6dd3eb10

SHA1
d23656a4475b07826e6b1cbc5c0a5aef3d8db78c

SHA256
913af9e61fecad56972abaf83c27c21b460f0bf040d99efe35b9760cff88f8cb

SHA512
467f63273defb91514dfbd943b758d40c81bb1a7c2bee942893d259fb689c04b592577360f59f5c74f2e01604bf7097b02f91f255ba784b3d385b0b081be5d2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
959933fdc37aadfcbfcfcb1763466540

SHA1
41d2665ec32607fe23e24fec733a8cd04fdcad34

SHA256
98547e11a85d6850a5412a6ba0dfc3f8600c97d67cc8562dc2c8e5d78df86307

SHA512
0e7abfd9671e6180ccad9518643d1d56844298a000b3fba5cd1cc65bdf082c17fda8f684c28901e6d3a494ab61ca983ce843326914da1b02c78dfe6d58631067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
0cc611bc296243d8fe3c2c59e9c30377

SHA1
ba98c253964e9bc44b97b422708a8d618d1dbec1

SHA256
a1a3e639af05c4c6f32892a15baf133db493fa9d0addd345d86ac89a308c40e5

SHA512
8b3a1d5fe6746243a69bbd7a5b8a469f96c525319164037dda20631eaa7c42daa4762f92f2e21ac01c3484c86ddba1756c9a50a939ffde480a5032da7f15d469

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
8de77b91d0e6a20ec24dcc30a6352585

SHA1
785e0931e9c6e8989ee7099a0e530d163d255dcd

SHA256
d6841b5a989cee53adecd0f14ac91dbfe2d31bd886747c4badb120c982285d4a

SHA512
0bb8a50578b001aeb977c0c47572a46f1dce88a97107757357b09a9ca761a52314724e900a3f25b79a3e21433cea5bc5b5c051d0f5d23dcb57d375b4d9a7a745

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\pending_pings\22ab98f3-253e-4420-8af0-76b827c513fe

Filesize
886B

MD5
43fe6e01e896b835198221815bac905c

SHA1
195b586a8ba670561a93b182a58a94bc92693b56

SHA256
9478c679923b0fbeb824622d87bab534c5a7147caa00205c5296356b61f0dec4

SHA512
cd9543dbb06912646a7b0847cc3a8f067f0b600665f64c08f2bbd6ce0ddc3a475cae63104529c4338dfe02c825f2d65be0f902174580df96b908088d312d9af9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\pending_pings\803aa86d-08ea-4f91-a1a8-cb0c77ce0786

Filesize
235B

MD5
44e5bd42bf299eace49412f957aba799

SHA1
94fb13106088bed665ede4f24a66161896632946

SHA256
034723e2ec31eada1d7a3e6a7ec912de5bbcee34c325185149d41d9aa230ab0d

SHA512
1813c30356c7723a9ba73d8ebb3225e7dc482c4c5b3b09e0076c86ea26a6b60b2427da81d715ce7ef6df39d029c4c8a05a77b072c331e79422d296319e9299b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\pending_pings\c08fbb24-f164-4ad0-9653-5bce263dd5d7

Filesize
235B

MD5
4640ca48fa42e3b7848e434e8d4ffdcb

SHA1
9faddf7c0ccef01429c32b98841e100a310a7709

SHA256
b854e1d147bde72f6cbd730ff85b9ac18fb9999b321647b482e226a8a86fcf81

SHA512
34b2296d6300ea500cde6150c8e1df09f6bfe7a5b666ac6985959486e57ee88b4001ed7401a5f22c08f7044173879b6969218243ea3181dcdcdd144ebfeaf0e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\pending_pings\c521162f-815c-444c-9f6e-1c324201012d

Filesize
2KB

MD5
2e2936abbc1272181ac7e1c1195eeae3

SHA1
2e8e3e175bc76c241b6b995adf41af6540e271de

SHA256
d5f5a20240688003f3381c45377867cbbaad1e5609956d5153c664af6d1fb15b

SHA512
0673307427177441ee11ce7139522455b2f63f0a7dc2e01b4a97dd9f92aeb5595dbab1bc1ae0ba36a1f0f7622d6c442223e0a5a4e216730069155130d7b0563a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\datareporting\glean\pending_pings\daf71568-30ab-4a12-b47c-34dd9afce2fe

Filesize
871B

MD5
e2fec8113c3b725de77ac5d779fe44b8

SHA1
427e2d1971a881f29d67a4df83e6c74994bbe112

SHA256
b1dfc2d87255a78a4b7606fe80b4c0ce1cf08832c6fb657d07ef222e2ca64c58

SHA512
925c9920423a1ca22b1557fa9cdf0862367a81d12755a1783b37b68629959148166cde33730d427f7a8fb7b0922fe46ca87d4f8da05f561d0038ff3b4354296c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\prefs-1.js

Filesize
7KB

MD5
fef45941dd515ed0b749529bc5b2ff23

SHA1
df263580e42e3dfee6eb8aa9dc1efd136658d5bc

SHA256
72b2b0dea6d8cc3c27bb8a2dd0ed1206d339caf1f204f6b4e2400d49531e3a5e

SHA512
a8ee3a691537d5ffc922fe50f351874633eb74f26e08aa316b62f1101c17f9476bfb01888ae9197f0361316e143c0506ee0f37b439240e5b2c1e59d8732c31b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\prefs.js

Filesize
6KB

MD5
e2031ca2f556c1b710c7611e382c85a7

SHA1
86e149fbf2bb3a9101171ac2bb3c978dd7592b52

SHA256
39860815bcf39a1b356b83a442823908de356b0d2600e6baa14b90e512880033

SHA512
7eac273d0c105f7695dfe6224a509550e9bec90ce7bd6945d9cefc12bf7187055f467fe9167e737ccbe6f864aec5e500e5e85f3e2b0fa748558150c8258990e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\prefs.js

Filesize
6KB

MD5
006ce31fc23649c827e337c7b987a478

SHA1
c7178f6f8fa85aaaef9be29d2893e4371d7aca5b

SHA256
84d7aa0efce0915a8a245531b8cd8177f6d56bb88e6265852ad2da82ce5a5948

SHA512
2ba94f747637c894e329aff0f0a7f19198880570d7a8a621d5ac28fcb7fc2bebedd44c6b84efd9e13a452e76f388bc465c9390ce44b47533154bd4dc2039f1c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\prefs.js

Filesize
6KB

MD5
82fcdc50834f0048d208504468f7bd5b

SHA1
3e21ce0a94bac37daabaf630c7c17ace01e9f049

SHA256
5bd7bea0b578c6ac0982ec07e968a1af14ca5f0131a30b5ec1cc267953ace34a

SHA512
a86d5491b49f0e0a0c4f4161cff6a69e2b49f9a108bf9a2121c42b7185ad25c4e115c76ed10f08a4022f186d540ff9a3ed3230f187b03e1435e65c5b2a3af05b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\prefs.js

Filesize
7KB

MD5
c45ef2e28ee2a52990f813b0ccf6ac9e

SHA1
dca3dce15cfb0f5e2c6b891ff438f37a36935738

SHA256
8cea97df462b0d25d159fcf549987247ba173e59a92c7923b44be4ffb15b309a

SHA512
393cc5c61036dd741e676b17eae72f999a5d4c04e777e9cfa8d99b786fbccec5e55569c3f01fb3e506d4035e97162073b8a5acecd7a6215ff866478f20d33272

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
a4256a715efe6bd86120ca8cc85e38e7

SHA1
cd0647488e5980156dfd8ad60be21872c50337e7

SHA256
9fe693801013173d216c143cd9cabf472317148476758ed30744358c8ed90da3

SHA512
e7f447542355f4da39bd62dbaf3fe3aa25f56f8adbe9593ed27b0b5ca08b3e53fd981d2daa0aee93aba1e60c0c52b0b6a999d3deb708432a7edeef44e070c021

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\50jftte4.default-release\storage\default\https+++wearedevs.net\cache\morgue\60\{e65fbdc3-bf7b-4f6d-9f4d-eeceb648643c}.final

Filesize
968B

MD5
bd07dd1d97d3a8e18478a14ff0a09269

SHA1
ce963a59fda5efba5efd4c986e7a35e8dd98e847

SHA256
83663b1d09aab45d85a48984f1164a0d282a656c86282bfaf720af0cff3f8cfd

SHA512
3eb8a04a616e8406c7e2b4e061a79a8fdcc54c4dc9f2cdd6b1e416cba5bc1009971cbdcb720fa50f248a8eec3326940565a4074f092eca05c1f5eb153c2f456b

Download Submit
C:\Users\Admin\Documents\jjsploit\WRD.dll

Filesize
2.0MB

MD5
a1a95467fca35e431e4d7cab51f936e6

SHA1
5a27e969445f7569bd1c8994ec889add03c5f4ad

SHA256
78b196fb9a1a9857e4644729ecfa21551ecb71d5bce146c15cf1845e217111dc

SHA512
3b7f893c28c6c770ad6b4c5ca99a2c6431b394966d5972e31bc61396428d034c6f2136a4c49fd7ca076ed0c9df1a9a0338100d91479ef0ec56425076ba5056f3

Download Submit
C:\Users\Admin\Documents\jjsploit\libcrypto-3-x64.dll

Filesize
4.5MB

MD5
a9c1f7ca15c65c139bc9d4bf57df2e1e

SHA1
1b1377139a6b289d43a6b1161cd1089ffc817cf9

SHA256
03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116

SHA512
97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073

Download Submit
C:\Users\Admin\Documents\jjsploit\libssl-3-x64.dll

Filesize
802KB

MD5
51b0d5f42a82f6fa8739b403e9b8b81c

SHA1
75968c157628bb7aca9b5f2331f7a0c9a1d28865

SHA256
0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b

SHA512
94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814

Download Submit
C:\Users\Admin\Downloads\jjsploit_8.14.1_x64_en-US.msi

Filesize
6.3MB

MD5
90fe4ea1323d1b17c90efdc69fa13cf5

SHA1
b92333fd238d9bcf80cfd170251c0ed05ae5edc6

SHA256
0d411f1b891ca8240ee7fb73adcf4c0dff02869b043be19b57a4f5b0257bac32

SHA512
5437c5bbaef5b9b0a785fa6de5489ea5a9e778973840e899544ead2db1c75f876895b63ce2634dd39c4085b959136811ecd7c954b60beee28251c156cd9b45e5

Download Submit
C:\Users\Public\Desktop\jjsploit.lnk

Filesize
999B

MD5
363b618441f691d78c06ee9afbe49231

SHA1
5328d2f7a67c9532380e49fd10bb7852094a6859

SHA256
c12907f10fc5a6b1cdfb031fc33885c1adf755c37d9670162865346eb9162d81

SHA512
8da48d747eeabf9f4a58c86332c92c48e930791af55e4cccc31ff88f186496dfa9aa02d735c069f09040a13965099383cf46bc7b6e330324d8037c23fd4ef5fe

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-bn.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-mr.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4836_357618419\hyph-nn.hyb

Filesize
141KB

MD5
f2d8fe158d5361fc1d4b794a7255835a

SHA1
6c8744fa70651f629ed887cb76b6bc1bed304af9

SHA256
5bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809

SHA512
946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.0MB

MD5
a260f92c30df5035cdb1c08392b84e51

SHA1
bc85f57db83dd9700d3804e03e2c2f45bf036920

SHA256
7abd1ffdf138508779a8a3eaa39d6a891a3a016220dd317470de18f86e2249b1

SHA512
ef80dde716244166a49e746ca5f7d812e7422757245d3879d00a1c43ced85f87c59e9d5188d654bdd9763c4e4f1b5a27775dac0f5aaf47ab405c430a4847b39c

Download Submit
\??\Volume{443fcfb7-0000-0000-0000-d08302000000}\System Volume Information\SPP\OnlineMetadataCache\{7dc08094-3e70-4c05-bc3c-c2692c592a97}_OnDiskSnapshotProp

Filesize
6KB

MD5
b8f23f833fb8725374243323d3c75b1e

SHA1
4f81f48778f58f89c1b7a0e2ac245720eb9c822a

SHA256
8eee407efedb9cba93f5f2a771336b3ba39bca84015d99b9847511bb3226ccbe

SHA512
c4c69a86f85f9ecb4fdf908121f99fe267b4014ddd11e62f31c2225c00148d7aa6666067217c50cd7e673bd8160c555b87ea3abf61364b8d855fadb482210973

Download Submit
memory/1292-1255-0x000001BD86270000-0x000001BD8630E000-memory.dmp

Filesize
632KB

Download
memory/1292-1021-0x00007FFF356C0000-0x00007FFF356C1000-memory.dmp

Filesize
4KB

Download
memory/1292-2607-0x000001BD86270000-0x000001BD8630E000-memory.dmp

Filesize
632KB

Download
memory/2560-1019-0x00007FFF362A0000-0x00007FFF362A1000-memory.dmp

Filesize
4KB

Download
memory/2560-1020-0x00007FFF365F0000-0x00007FFF365F1000-memory.dmp

Filesize
4KB

Download
memory/5112-2683-0x0000017F32630000-0x0000017F326CE000-memory.dmp

Filesize
632KB

Download
memory/5112-2089-0x0000017F32630000-0x0000017F326CE000-memory.dmp

Filesize
632KB

Download
memory/5112-1002-0x00007FFF356C0000-0x00007FFF356C1000-memory.dmp

Filesize
4KB

Download
memory/5112-1254-0x0000017F32630000-0x0000017F326CE000-memory.dmp

Filesize
632KB

Download