f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_8.10.15_x64_en-US.msi
Size

5.1MB
MD5

cc9626b9eb05fcc4f0a12616e2c23504
SHA1

70ef30a35c8cd3cf2dbaff4dcdf47c33fedbec85
SHA256

f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f
SHA512

5ad2999acec2f2161582c973366592b035dd52d167d8d7e3d1358ad75ec4bf7a74b5c4f06cf51110227498a1881f67970b5a1d1e0adeb7b1c901bcd259fbac3d
SSDEEP

98304:GbGNUrEtdzbkOQYaDaAtmtcljz7hZW79bQPUxpoxssPMSBvDl0CxLzKWa8v8m:21mdbkruAt38bQPKo+sPBvB0eLzKWa

Score

6^/10

defense_evasion discovery persistence privilege_escalation trojan

Malware Config

Signatures

Downloads MZ/PE file 5 IoCs

flow	pid	Process
503	4348	JJSploit.exe
486	4348	JJSploit.exe
491	4348	JJSploit.exe
497	4348	JJSploit.exe
500	4348	JJSploit.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
503	raw.githubusercontent.com
447	discord.com
448	discord.com
485	raw.githubusercontent.com
486	raw.githubusercontent.com
491	raw.githubusercontent.com
497	raw.githubusercontent.com
500	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-bg.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-de-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-eu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-nb.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-ta.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-cs.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-fr.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-lt.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-mr.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-af.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-de-1996.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-en-us.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-et.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-sk.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\JJSploit.exe	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-ga.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-it.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-nn.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\tptool.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-or.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\beesim\autodig.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-bn.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-gl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-gu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-mn-cyrl.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-sl.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\infinitejump.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-de-ch-1901.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-hy.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4428_1908272806\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-as.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-be.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-da.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-ml.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-nl.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-ka.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-lv.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4428_1908272806\manifest.json	msedge.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-hi.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-hu.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-ru.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-tk.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-und-ethi.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files\JJSploit\Uninstall JJSploit.lnk	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-la.hyb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-te.hyb	msedgewebview2.exe
File created	C:\Program Files\JJSploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\aimbot.lua	msiexec.exe
File created	C:\Program Files\JJSploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-cu.hyb	msedgewebview2.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{9BBB8396-B3B2-4AF1-95F6-C55EAA7CD850}	msiexec.exe
File opened for modification	C:\Windows\Installer\{9BBB8396-B3B2-4AF1-95F6-C55EAA7CD850}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e57f54f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57f54d.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF637.tmp	msiexec.exe
File created	C:\Windows\Installer\{9BBB8396-B3B2-4AF1-95F6-C55EAA7CD850}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e57f54d.msi	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
4348	JJSploit.exe

Loads dropped DLL 2 IoCs

pid	Process
4516	MsiExec.exe
4516	MsiExec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	JJSploit.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
4780	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004b43892b2f3264420000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004b43892b0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004b43892b000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4b43892b000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004b43892b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876771560149878"	msedgewebview2.exe

Modifies registry class 29 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{6D700213-4C4A-4162-AC6E-7C9DF1547ABC}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6938BBB92B3B1FA4596F5CE5AAC78D05\External	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\ProductName = "JJSploit"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\PackageCode = "51C91611D7D61594C99F1163AD79EAF6"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\Language = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6938BBB92B3B1FA4596F5CE5AAC78D05\Environment = "MainProgram"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\6938BBB92B3B1FA4596F5CE5AAC78D05	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{37624CE4-46EB-4A29-86BB-9C77DA534DBD}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\ProductIcon = "C:\\Windows\\Installer\\{9BBB8396-B3B2-4AF1-95F6-C55EAA7CD850}\\ProductIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6938BBB92B3B1FA4596F5CE5AAC78D05\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\SourceList\PackageName = "JJSploit_8.10.15_x64_en-US.msi"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\Version = "134873103"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6938BBB92B3B1FA4596F5CE5AAC78D05	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6938BBB92B3B1FA4596F5CE5AAC78D05\MainProgram	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\DeploymentFlags = "3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6938BBB92B3B1FA4596F5CE5AAC78D05\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4212	msiexec.exe
4212	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4704	msedgewebview2.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4780	msiexec.exe
Token: SeSecurityPrivilege	4212	msiexec.exe
Token: SeCreateTokenPrivilege	4780	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4780	msiexec.exe
Token: SeLockMemoryPrivilege	4780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4780	msiexec.exe
Token: SeMachineAccountPrivilege	4780	msiexec.exe
Token: SeTcbPrivilege	4780	msiexec.exe
Token: SeSecurityPrivilege	4780	msiexec.exe
Token: SeTakeOwnershipPrivilege	4780	msiexec.exe
Token: SeLoadDriverPrivilege	4780	msiexec.exe
Token: SeSystemProfilePrivilege	4780	msiexec.exe
Token: SeSystemtimePrivilege	4780	msiexec.exe
Token: SeProfSingleProcessPrivilege	4780	msiexec.exe
Token: SeIncBasePriorityPrivilege	4780	msiexec.exe
Token: SeCreatePagefilePrivilege	4780	msiexec.exe
Token: SeCreatePermanentPrivilege	4780	msiexec.exe
Token: SeBackupPrivilege	4780	msiexec.exe
Token: SeRestorePrivilege	4780	msiexec.exe
Token: SeShutdownPrivilege	4780	msiexec.exe
Token: SeDebugPrivilege	4780	msiexec.exe
Token: SeAuditPrivilege	4780	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4780	msiexec.exe
Token: SeChangeNotifyPrivilege	4780	msiexec.exe
Token: SeRemoteShutdownPrivilege	4780	msiexec.exe
Token: SeUndockPrivilege	4780	msiexec.exe
Token: SeSyncAgentPrivilege	4780	msiexec.exe
Token: SeEnableDelegationPrivilege	4780	msiexec.exe
Token: SeManageVolumePrivilege	4780	msiexec.exe
Token: SeImpersonatePrivilege	4780	msiexec.exe
Token: SeCreateGlobalPrivilege	4780	msiexec.exe
Token: SeCreateTokenPrivilege	4780	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4780	msiexec.exe
Token: SeLockMemoryPrivilege	4780	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4780	msiexec.exe
Token: SeMachineAccountPrivilege	4780	msiexec.exe
Token: SeTcbPrivilege	4780	msiexec.exe
Token: SeSecurityPrivilege	4780	msiexec.exe
Token: SeTakeOwnershipPrivilege	4780	msiexec.exe
Token: SeLoadDriverPrivilege	4780	msiexec.exe
Token: SeSystemProfilePrivilege	4780	msiexec.exe
Token: SeSystemtimePrivilege	4780	msiexec.exe
Token: SeProfSingleProcessPrivilege	4780	msiexec.exe
Token: SeIncBasePriorityPrivilege	4780	msiexec.exe
Token: SeCreatePagefilePrivilege	4780	msiexec.exe
Token: SeCreatePermanentPrivilege	4780	msiexec.exe
Token: SeBackupPrivilege	4780	msiexec.exe
Token: SeRestorePrivilege	4780	msiexec.exe
Token: SeShutdownPrivilege	4780	msiexec.exe
Token: SeDebugPrivilege	4780	msiexec.exe
Token: SeAuditPrivilege	4780	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4780	msiexec.exe
Token: SeChangeNotifyPrivilege	4780	msiexec.exe
Token: SeRemoteShutdownPrivilege	4780	msiexec.exe
Token: SeUndockPrivilege	4780	msiexec.exe
Token: SeSyncAgentPrivilege	4780	msiexec.exe
Token: SeEnableDelegationPrivilege	4780	msiexec.exe
Token: SeManageVolumePrivilege	4780	msiexec.exe
Token: SeImpersonatePrivilege	4780	msiexec.exe
Token: SeCreateGlobalPrivilege	4780	msiexec.exe
Token: SeCreateTokenPrivilege	4780	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4780	msiexec.exe
Token: SeLockMemoryPrivilege	4780	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4780	msiexec.exe
4348	JJSploit.exe
4780	msiexec.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 4516	4212	msiexec.exe	98
PID 4212 wrote to memory of 4516	4212	msiexec.exe	98
PID 4212 wrote to memory of 4516	4212	msiexec.exe	98
PID 4212 wrote to memory of 4332	4212	msiexec.exe	104
PID 4212 wrote to memory of 4332	4212	msiexec.exe	104
PID 4516 wrote to memory of 4348	4516	MsiExec.exe	117
PID 4516 wrote to memory of 4348	4516	MsiExec.exe	117
PID 4348 wrote to memory of 4704	4348	JJSploit.exe	118
PID 4348 wrote to memory of 4704	4348	JJSploit.exe	118
PID 4704 wrote to memory of 3708	4704	msedgewebview2.exe	119
PID 4704 wrote to memory of 3708	4704	msedgewebview2.exe	119
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 2040	4704	msedgewebview2.exe	120
PID 4704 wrote to memory of 4844	4704	msedgewebview2.exe	121
PID 4704 wrote to memory of 4844	4704	msedgewebview2.exe	121

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.15_x64_en-US.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4780

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5BAA16E56BC57001FC6A1000D91430CF C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4516
- - C:\Program Files\JJSploit\JJSploit.exe
    "C:\Program Files\JJSploit\JJSploit.exe"
    3⤵
    - Downloads MZ/PE file
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4348
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.15 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4348.3064.9298550029018657173
      4⤵
      Drops file in Program Files directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of WriteProcessMemory
      PID:4704
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff9eb59b078,0x7ff9eb59b084,0x7ff9eb59b090
        5⤵
        
        PID:3708
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.15 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1720,i,44088007339233571,10950832040656574917,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1716 /prefetch:2
        5⤵
        
        PID:2040
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.15 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2052,i,44088007339233571,10950832040656574917,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
        5⤵
        
        PID:4844
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.15 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2384,i,44088007339233571,10950832040656574917,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:8
        5⤵
        
        PID:3536
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.15 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3664,i,44088007339233571,10950832040656574917,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:1
        5⤵
        
        PID:4340
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.15 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2240,i,44088007339233571,10950832040656574917,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
        5⤵
        
        PID:6008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mboost.me/a/P?altId=rE6AeeiJaEGlKpZN
      4⤵
      Drops file in Program Files directory
      Checks processor information in registry
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:4428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2dc,0x7ff9ee2bf208,0x7ff9ee2bf214,0x7ff9ee2bf220
        5⤵
        
        PID:4420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1960,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
        5⤵
        
        PID:5056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
        5⤵
        
        PID:220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:8
        5⤵
        
        PID:2560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3556,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
        5⤵
        
        PID:5164
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3564,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
        5⤵
        
        PID:5172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4304,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:1
        5⤵
        
        PID:5244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4320,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:2
        5⤵
        
        PID:5252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3728,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
        5⤵
        
        PID:5880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3724,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
        5⤵
        
        PID:5888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:8
        5⤵
        
        PID:6088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:8
        5⤵
        
        PID:6140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
        5⤵
        
        PID:5828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6324,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:1
        5⤵
        
        PID:6044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:8
        5⤵
        
        PID:6088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
        5⤵
        
        PID:5472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:8
        5⤵
        
        PID:5476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6868,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6860 /prefetch:8
        5⤵
        
        PID:5504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6604,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:8
        5⤵
        
        PID:5184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3620,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:8
        5⤵
        
        PID:6584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6540,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
        5⤵
        
        PID:6652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6344,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:8
        5⤵
        
        PID:6744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7076,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:1
        5⤵
        
        PID:6828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:8
        5⤵
        
        PID:6852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7368,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=7404 /prefetch:1
        5⤵
        
        PID:6872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6624,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6968 /prefetch:1
        5⤵
        
        PID:7124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7092,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:1
        5⤵
        
        PID:6420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6464,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=7084 /prefetch:1
        5⤵
        
        PID:6528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7316,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:1
        5⤵
        
        PID:6536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6352,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:1
        5⤵
        
        PID:6908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6240,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:1
        5⤵
        
        PID:7052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:8
        5⤵
        
        PID:4648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7408,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:6052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7428,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:1
        5⤵
        
        PID:5676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6520,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:1
        5⤵
        
        PID:7144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8000,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=8040 /prefetch:8
        5⤵
        
        PID:6404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8020,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=8060 /prefetch:8
        5⤵
        
        PID:6820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8028,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=8124 /prefetch:8
        5⤵
        
        PID:6780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=3008,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=8084 /prefetch:1
        5⤵
        
        PID:6452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=7960,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:1
        5⤵
        
        PID:6384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7452,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=2976 /prefetch:8
        5⤵
        
        PID:5140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,4964814045346474306,18111135930147149239,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
        5⤵
        
        PID:5684
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4332

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x2cc
1⤵
PID:6316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57f54e.rbs

Filesize
21KB

MD5
b708a638744d947b8223ed422e05a2f4

SHA1
196e7fc37af08aea47a23a81de2320f0372f26e8

SHA256
4b273150b8c711279d69d3c02f656dc0e0e37de41fb1c90d9539b72d423f6c02

SHA512
54a72323ad7d44bce0d9bbc6ae366084a5b7f341409463af39291dd09202f867a691019fa0f57f7133ab40b978b15fc38ad78cd1b494db1ade0e97f5b2452616

Download Submit
C:\Program Files\JJSploit\JJSploit.exe

Filesize
10.2MB

MD5
f9765d4273a57fbb90cab8b829e571b2

SHA1
8a425d81b9d9991f8e11b6fbce0cf5eeb0db8469

SHA256
8d0ba9f46379e110b137dddc8a6f9f97a07288435521babfb22fb8fe170f2e23

SHA512
e0bb36d54fca40423f0aa42437e8bd1e85b9c73acb2e2ac57592785cf86f8ed2bb920ca6665399c361ffdd0934dc25b01afd666ed81e7a3c378ce836164a47ca

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4428_1908272806\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-af.hyb

Filesize
70KB

MD5
ffa9db945f0f0c15b8bba75a6e064880

SHA1
49217a9d5bb7a868464403b4e3c82e80df53456c

SHA256
5487ee44a4cd706d0086522e90c59c76cdf2ac68ce506fd3eae6054b9220c0cf

SHA512
cc67b2dfbbb009dd3fdb999fe86410425455613c12dac755a3cded435cd25ca4363782d70f3b7bb7c0fdd63e2eb649ae6a4053d929f463b646b43d7dbfda79c0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4704_277629665\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

Filesize
1KB

MD5
51087909ab44c9e92a79c7d9a60f5d60

SHA1
da0a6866f18c1d3d92d7f7e1bc3f6cab0e1ac8eb

SHA256
eb83f79440156f5442c18d5b61770ca110158f445ae86919626b4efe46a6ef78

SHA512
b436253bc43325816ad120c15ae5bc1db75b9a098c011441dfc072de5e49f26bb74bcca271525431427f909d3c0a7538b703e2f9c20153cae13cedfd31e74f2f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk~RFe57f7be.TMP

Filesize
1KB

MD5
514f8139ba07c007555b5c49220b0e11

SHA1
e6aa4b19359516224b9306d532a2923a10549038

SHA256
ba0e94e6aef1b45cd94af09ab1c8a48ba427d94653ea14364fb36991b8a2dad4

SHA512
8c4a503fbef7f812557ee5e55a57f5b4ac3aa07aa91b2355f4b34227aa0b169a05cec95632da791b7427148a19e1bdd219f4d3e5be8050cf23824be5b348de6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e515ca06f674448f05ae3955af7d93d4

SHA1
6069b5ebe66140d39a84056eb5407edad24d9645

SHA256
2853da5574abddefe09f9eb568c860740966587e5c94b72116f11ad36a1da3f5

SHA512
47f26a433707d8414d6fc2cbf7ecf638152f60151debc5cf4157b775ad1821f37e4e4dcf35aff0f727b9b33dfc3bd170d1960bce2c71356cd4a077b74ba878a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59c23d.TMP

Filesize
3KB

MD5
3694931883ff0e04163aae277852f793

SHA1
849bff222cf91d43728d4a64e6972933dd9fc9a2

SHA256
2c063894000879e28bc7a388a3fc2aa63e447df6158d7de596a985e6c0be8221

SHA512
4aa9c62b3530f567595a8fb4c083314a2012e07dddd89ea5d2e005030d63aa77899127bdabb824a45ddcd194309be5d76a42ea7454b3ed710eb33cd3ff1e99a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
113KB

MD5
6653158bd2c4067001ba82a13eed25d4

SHA1
d21e6c9eebfba16c28ec9a48822f4e0c8e53a297

SHA256
50e8a3f1e9f9754967cbee157f40d2cb56e71d5d6e4a0652fa55f265bf0219d0

SHA512
3e23cb43342edc71fd18d80c7181f059f04bfb329dedf10ef5cfefbc73bb0b8a71b346f48d1bfc83ef4540450bbfcdf0f82cc76da1c2ada7c4bbc091084338f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
349B

MD5
cf7af0f8c73f865ab5b1ce1b2c451901

SHA1
46f6b1caae718a9ad6e15007c6ddc62448262d82

SHA256
e3fa1d4bb0c4267138e4cbedf4565a662ca972da3ab84511ced1fc02a50a01c1

SHA512
3cdd4ee47812c226a9647c42a16ae670608eedcab47dad7a34b0fddeb9bbd3da916ec4efd173390cbce9d4d79d5689306b7a357f0545a415b962cc3f1b134496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\82f49c5f-fd5d-4920-a864-aa192fcb7557.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
cba2bf306cd8df04e3cb5450d3cb3ad7

SHA1
ad60654e947e828370eac4783e8186f2982da264

SHA256
cb57b19af8c91d5f5abadcd983710f363e0ba97c0a58918e842d704028e59bff

SHA512
b54068a5ec212e5756d706490598d37962359ee51e92b3b362c6ae8747dd9588dc309d58fb6b32731e62acee06b4af63052b7b0b3927e0350fbeaff3e1ffd942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
78ee2c72c6f8895a9589b4c9631a8727

SHA1
28f3c0567a717fb52507a0da6fa95d6a0cc873ec

SHA256
386f32667f90cea909da27ae848c1940052d31e17c993db5f7212b130f77748a

SHA512
7faeaacd2204af1bee3d1b9f7f5743a2b2f5a013d36a18b59a9d3761edae66e372cd1a70106cee6f695f2119439494d2b48caae32dadc92b2ff4a786cd0a76a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
78c774f4ba2a8c3b24f0b3a30d64b920

SHA1
9a3cc1f40623320a067f2be755b04c58da96c425

SHA256
71e97963aef9f2ee2f48a3015941b77621037be075642fc829e1434a9a37b54d

SHA512
004eba4748a352c87a184fe3ebea1d128ee0d51a4c3fbeb33ba39556942de4c7d7113cb8302a0a8d5fad4d71a028326aa02f6a9e84685f3dd549ea07821601fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5c9226ee-86db-4719-a6f4-cfe443d10326\index-dir\the-real-index

Filesize
576B

MD5
4705fb0e62477f7a794b7b5860139e7a

SHA1
0c788f28be45e8f768b9f94cc15e249d85ef6644

SHA256
b8aecdc49b05238eaa78f1f6b54a3d09bd940b9831b5bbdbaa61af747727c10a

SHA512
1141fd9fc6f4c591ea6a991aa1cf5f7b32057d5c858ecffc0df00c900c01ab5438500fd2cfa5b82ea08b7fbbaa44b944b960011b9951e656ba3e240334212fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5c9226ee-86db-4719-a6f4-cfe443d10326\index-dir\the-real-index~RFe59714e.TMP

Filesize
48B

MD5
97fed7c10d281d15c45dfb0526ab9ca0

SHA1
ed105c279ed577a5e62062454ba5c145f654b0cb

SHA256
450e2a21c549704bc9430cc1b88ff64bbacb34d6e236d2f2edba2f08a7149044

SHA512
63e9e5a79ad81546d8e0b77e6529b2ef4bbe84ca5c88173d7d41c053d2ae994bf6c1d8d018a21b217f0328a94dbe1584d83eb2dc567c3409a2eb034cdb8adccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\793433e0-4948-4263-8456-3a0328a3f029\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4387a35-3421-4923-9424-e3a391bff794\index-dir\the-real-index

Filesize
2KB

MD5
8fee1a344fc8eaea21e6cf62c67d3c6a

SHA1
5851d39eaf556214b3d44c3ed85e8ddd6ae32b93

SHA256
76b14d05b527651b8242b0b1d5742a1f1cea8dd66efacdf8c0b828acb671d24c

SHA512
4cf83c9fb37be5c6183b811a67ef15dd97e22bd5d4156338570c437a4f0ec710cb92e2872b1311e9f5856f7f95631e3b3a0a32089991b0a6e3584b1d0bf3d832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4387a35-3421-4923-9424-e3a391bff794\index-dir\the-real-index~RFe598cb6.TMP

Filesize
48B

MD5
848c2c8b0c2d4f02e84b9c8ccad4c4fb

SHA1
85dfc3ac0eed67fb221ed585ac8a4d8b20c8d239

SHA256
2176bbb98c33e65c36a923e5eaf98d008ab27da0bff09eb1f6b58cb7f7202d3c

SHA512
6fc1d39da817e348d6486043a68f1ae0c9b7b88dee4c5d1371d37e521ae66d5a35ddcb23ac8b70ba0936fc49418d2b933e1c8edd58f3bc3430c13bde4fa33d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
06ed7faefd99107b356a3115dc3fab38

SHA1
fc94a3c3296385f5d44fdb2b936649f5ce840162

SHA256
2f1046f1307225c973f77cdae3b1715ce3f376e179f795d4816bd30e332dc655

SHA512
f10ab6dfbae49418963707e6e5b81bdc5a848f922c0712d7044d38629497398824b61fa20f569dab061ce349d5238c641dc664ab26970695ab2154f86d3f9b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
cd05754a2ab56a2f6da145016e207ad3

SHA1
054bf6e18542fbbc5dad459a4de58b4f41975889

SHA256
dd758181d1af33167c5844c3abe3e025db74014f21861f15324ded6a2f6752eb

SHA512
989325be5d101174dfd4e8d2a4c64bf9c6832e835d3e150955e4d178e18578eeac7bd2c3d4979bd2bc5a3a6e2142c701db42318ecc6e5f987ac721e8f9da1985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
198B

MD5
83cef7d779051bcf5a480faf40f1c72f

SHA1
cc909c16bbb43caa9a05b52c9174f90f174a68ba

SHA256
b980e4f03f2b2be86959ae73eb7a4071d96b2f041e62c2d929f19e57621f601b

SHA512
2a52268006e747272dd204a956f3beafb075839e586d080ccb56cf3ef711adf3af006ef7883e77fba5d610e1877aa51f92464c3618b3f0167a6c990681612c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
264B

MD5
fc64fb0074f239cdd74f1984f50b8e74

SHA1
f6b82f8759082cc28ace2f7f3c241569d78029a8

SHA256
37975d57c557407195c18602304709bd27a13b2e973066f464605552695a7a1f

SHA512
c5715b26fa31ce7981f02b230b5c4076b2435c90b3196986bcca41175896038e8c0a9c89f5f8f12269936867bd9f62e722750234312f63b6e2e73abf0a0db675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
326B

MD5
9e191ea12a0b398e28b739914f3f65b3

SHA1
addd441ab49224ba0d91a5f9951f318981ecd5d7

SHA256
b24e94a453591109209c7ee628c8efc87b514675a9b3cee8181c04eba7a0dd99

SHA512
71cdeda66c2af87cb06a1b52f54109ad98ce4b49f8b8a78ea16c3ebef9935564a7319e84274980f5e9c045f0c7ff3db86ba28bdc270bda8e8461346a9c730cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
22e24566b29071e624f2ce9ff721fc68

SHA1
8abc97c7bececb9ce66b19919bb87b31a36407c4

SHA256
2cb73b5d80ff9c9ac43249e2cb0580586f197ad12ed704562a4500057c9839c0

SHA512
cf7d053296401bad6897ccfeb4130c4f2a4221e6e794542b4b5927b58fb10c9b37117fc71aff424ce0d9727d060ff97bdb233b6db397285656d2c6e35dd3f9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
262B

MD5
0b720887672576acb1a9c4bf88385ce2

SHA1
2249e3548c5c174ec525ad19304195f26a3b777e

SHA256
22205a35a6c6cf6ea34dea42b34314e2a42917f2991709d4539793871a15c2f1

SHA512
6cd15db6cc04d6c7505e63dad340b0a5189f3c6ce0ec3c83de8f489f8ee64a121af98b41039e853a5121db835e893b5fd6e9402e07f6da4e21ed11a890a560c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe591728.TMP

Filesize
119B

MD5
501fa7309efb3b6ae8c4147845b9746f

SHA1
6ba1566d3bc6e9af4b1f284643a25bf485c23378

SHA256
caf66d700c1516458d00c0de8693ca8017ecde1859e504f4cd0102b6faf0c37d

SHA512
ce18ae365947ed5d0aa1ba2e9582a5289ac9591e3f006d7792d977329478e1647dd1ac6990e25941f1135f0a6fc4c7f40af0f563d934f5e4548d02bf2f13a7e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d2a499d815fb668e7cb5af6ffd6310b2

SHA1
41a6a2bcc5c87b046e48d850aa58883dfa6c7bda

SHA256
a7c1668fe453756c0ee3201597729beba8565424922909ed93df71c136262f83

SHA512
6d90bd2765e868b206f812f5b69f71db1340779dc9aa4029841c8b7d5c4a6f16e50c3a33e00bbf6e1807fc61f944cf18fe19b96f5a2ec9d1aa60e208b1301221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5966a0.TMP

Filesize
48B

MD5
19b4792a51222a0f1fd1b232d3c031d2

SHA1
18d41a07a55640c529fb934301b1f61f0b2a01ee

SHA256
cbeec6908dc71dff1866a4f453564f2ea3799033c52889e8c38cce6cf19156bd

SHA512
095db8de6328958fe68feda766d9c86b5e546658ced6b9b9cabf0d4ca81aecbc7bbf2aa332b3ae3f215d5ef96022d3049eb988637b88f7d29c2344acf0b7460d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
121c25944716f6f43d426c43af9a4c19

SHA1
fb5a80c0db57861707b50c55178ba9c012b17ab4

SHA256
fc58313b0cac36d099452277774c60b72430efca2f621f9ca9ccb22ad30f24bb

SHA512
2adeb37f5bfc70ba695e1fd3c3af2c761cad658341a0b9be202f20cc2997ac4d34b5603f2effdb492c33b65f45fd3e830216ba85ca8c5071cb4d0689aeadbd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
4289d8371b38bda255342f4d56b981ff

SHA1
ec1ada6299fdc7cd8b1a0d9dc0c56bcf844f8bca

SHA256
f5348cdf31bf713d6d598d9f5a4f310558b14ba3605f42f5a303efaf65509f75

SHA512
a37fbf693593a18740602cb98af30bebf0b18301125f7b47d649ca948bdd25c92087f1335785743e5442c2e05557c90e0cd241f4e62267876ade30b023f7027a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
ba3318c27e231f54a4faac7530355602

SHA1
c5d55a65ba86b1d73df13fecb7e2340df23bf177

SHA256
6eed4767c559ab64043df561acef740c5a11e245020c39283772df5a22271218

SHA512
18719e9fbeb2ae8963777451e240fbdf9b4e19c9b515ee38a2efb7a24de4011678affb10204d6c097f78222b1a26ced5b5535a5bfb91baa2d3fa75f05669e617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe59b79e.TMP

Filesize
469B

MD5
53084dccd86964997feadf9da3a4f16e

SHA1
ff05443ed4846b71ae56eae1075354517c69e74c

SHA256
e385355baa106d3c671499a235637f11f0679bf7c3f36213737aaad8fc5f3a49

SHA512
b5816bde932768d0b81f41ddd8dde844d82fd547751f21e3311d481501ca256b692be380e97476043781bfad31a7cd69a18c36b1e3c69f387343ff751b6ac933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe59b879.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
22f88678b2c476c2267c70b6cbcedcaf

SHA1
4dd3ff1e5a4c25cfd6b353fbfad841c6ae940d58

SHA256
8ab093d55058fcfa712d1d2af80079185f22269c290d19095dec2e3ac0b432c3

SHA512
49593e6c41bd41c33d6f0fc725344f33edeb28661a013793bcd98aabacca573944280c58a6abb95b9c797279e6c3bc140ed0ad2bbfba8bee3a63bef24ad3bc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
6322dc26c9770e2573c93a98c2990295

SHA1
98ed14a7a39b7fd10e2bff32f315f7679c91a77c

SHA256
41bbb7d4b7f5f1a51f838449a226aa1abe0b68c735b26918f13f5be5ec1dff12

SHA512
c23b443628d6d523d21428cd0cb901c116ee7ac477b9d377156b50439f34fee308b8736d72195b633ce5af51c41ad896c006481e9904ed88d0b3d924587e49c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
e0a548ea42777a3048ee2f863418bf04

SHA1
8e19bb1b17c9f9b67ead63d3b1eef6db87abc386

SHA256
4d64be931a531c64f31d2b6142b3d1a1e6d73e8cb46c787fe2fcf673c7991edb

SHA512
8d6e15606aa9ccffc7b1685bb66c6b021cee077322a5ce477b3f2b17c88c400be2ed584c69ff36f2548f5ba6dc046419bbd199123fb8893b33837d60932a74a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
fe4a1789cc32d93d4d2f584accc17195

SHA1
0e0f1f13d9fc730d9782473b57a3612ee8386be5

SHA256
c50317111ae96212a0ad4b479abf8ea842a53eee57008173a0363a44d6bdfd66

SHA512
4553764f30b0769a24d5b48a7280fe819fa475087dd7a7fa78d19abb34e7af337516a5522ec7f4bfadf4182113162a5989b710197787c8ecdbcf65ab8f2b2fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
de29b619e03d1596fb7707dd0d6873b7

SHA1
de79983d18a44b13b238c220106971e613f96bf5

SHA256
4c0e4907611c3f9cb1b1da00d788302a98b596e67b156f226df801d332e24d81

SHA512
e7ccbfe17b23d9bbc8961cacac2a6950ed4fae9370e5839f5b9168a91dfe34b5c1ead025fd6f02e773e6dae6ff1cc7b6af3dd0d196608ec5717d6d6c9af7a0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
19caec4303606162abd7596a73009b30

SHA1
fd098c7b2ac53dcd10046d519c98dd0631c4f0d3

SHA256
ab1ed97392a01f2c136f8f1c06018aa2a33236e4dc29b0660171b969657631fa

SHA512
38ad65d543dade05798ea65c93502ce0c39aa8b7e8581ae51cee689bd3013837e36463b8f779fa04ae8f5309708db6c6328e0ae0e1334c0f7895ff65bde9edcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe592a52.TMP

Filesize
392B

MD5
4ef1403cf7b37a5eea01294128af13d2

SHA1
db8b1c8566a4268fc30b0eda7a79b47dbada2dae

SHA256
6aa3f939b45debacae3ff969c1532a76f30a3c1ea051212a95c599de9416d028

SHA512
ce677123c74e857316ec864dd5a5cd1087131cdd40bb8e96a9bd0a7d3c9a68f7da67f75d7f376a7928abceb300d38cd5086964e41836e1029fb3e45790e80a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ba3c697bc0453fe8156715475a07a53e

SHA1
42e24feda66f9583d8095a622cbd561e4d1650a0

SHA256
445ff5e16fca6672e6461ed5ed9969df4f1fa115604489e146f9379f21bc9237

SHA512
b4573581d8d9ab292cc6b896b54aaa642d51e6daa45c4c966a030af77a73bb8d1ea37b29b12537334871c89b9132179aa52dee7d7a15a5d93f40230eb1a9a2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7861098d-7b4a-4ebe-addd-2848fb2691dd.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI5D10.tmp

Filesize
234KB

MD5
8edc1557e9fc7f25f89ad384d01bcec4

SHA1
98e64d7f92b8254fe3f258e3238b9e0f033b5a9c

SHA256
78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5

SHA512
d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIAEBE.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\fa5de1ff-f978-4b39-8073-e99cc49951b2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4428_739082375\1aee7f39-f5d5-486a-8474-499e6a2da067.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
a5a60dd82c990b23e6311ea0a7a4b93a

SHA1
1c74426ff28992d19b34756f21f5e954343e3dc1

SHA256
139e3bb818f01b648d6e5f1b40532627719c631141e9ec30c1dadad8abec563c

SHA512
7c5f7b1f02eabc14c7b4126c470c9c2ef36894e23177f6b00e7d6f6f28aaa2806a8ddb3e5db262962e7aaaa8426a3837f8b646ae25b89b1c37b46ba78b51195b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
1c0c7478614f008cc20f233015170436

SHA1
86045ad977e798326a652fa260ad4466e5d90e7a

SHA256
9938e79a05d5c89906aeacc314c632e44ef0c4206c6d17f2c5b237d045147458

SHA512
ed70b39c08af89156b09a740abb1088075206172c6ce73128bb51d0d786c64993b84ed5c88542a09941ac92d446536c5b23a0a4b6608dffe4e17913143e4c129

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9ee5a15fc434790021d9c9020b8adec1

SHA1
36a3ce5b98e6b448a1822a1cd3cd7f1dafb000ec

SHA256
13d5c50eab515616d7cf06dae2d0963f671ed8487c2d6dc975cfde9c22c8e111

SHA512
92a24e032106a49718452ef146e219a6c3e9a1e518ab998bd93b112880df57467e0858e6b01a566fd2455dc2c1174dc4a9b6eced5cb01a8ab42607822bb8a098

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
af173fe2d8c92f0aa5c07903a65db1df

SHA1
61678a37e3cde1696cde8d9dafa961002c9d9164

SHA256
b558c99f79d73b23d0ceea109c142c188db16e22ced33b3e54a94de14e55c1c0

SHA512
a819ad0d27035b01a2af877842d735131c4fe76c0f1a10d4e6b3929e14e713a99bd00f1ce09e87f03338fe621f4ac54602caa82ecefb37075dd12b955e1edee8

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
60434c40187a47ea941c407b1b8abfd5

SHA1
f33aac245fd7cf3b594c9ce139e7df8bc691141c

SHA256
773d75938c2a0e91ede262c654dbc6a15c991d8919eed8b44395c048b5aecd02

SHA512
6baa3eb3d1372a2628b5d19e466548d2263e95ca30fdf38031eab177e62882b6e467789aad8f4e39d7b953cb06427b13c8c7f89396387394d87f47d30b85857d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State~RFe597f58.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
f99e267e968ea9f6a77f67a8b6efb913

SHA1
bd3f64f0c3406d60806672b2939abaec84e1959c

SHA256
f2dd0a61f3d1909382340c9f1f4ded758aaad9600cde6dd7baaf026da995ff75

SHA512
8138e3276cdb8236499694c3343022627fb03910c6027944fddce040ee92b3cc5d92c8c79fb9592ee0b3227d02b803f046cc4a2d79e58373190c13edd3a6dc5c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
ed3d242bc014290c226d3214633a830f

SHA1
ffd2980c03bb077af028933330fff6bd408b6085

SHA256
e970ef9aca700fc61d101f190bad641f010459a3e27283123da40c1abd133488

SHA512
bedb388f88ffefa628c24935fc382661862b5877e36a16efbe610654885c731cfb5a5a40d31f62ec0df79e5af52047387173bf16e2da28541fd3306141c7b561

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
b650e84d303e0730af1de34340c94dfd

SHA1
9ac3a418be2ae722bf96e4034df17222aaec97cd

SHA256
eb2a064718ac0d44384cf1f31e5c190c337bd2b10a43a4bee6060b8585204608

SHA512
53fd68391607e1f6d9d5f17b36dd3eae22cf27edb774b44e00b717c8b4d6ed33a870bd03c486b83113003daa2be1bc6b4fb4b8c3e068141522fafc7b192e1336

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
f7c4a9f11989483a191ca90b07750e08

SHA1
0c8d4e2c86f75ff1f6fa0bc3972aeeea5a47989f

SHA256
40e87bae8b91be3575f765d9edde767c7972b7783b726548581553cd0a1fe5e1

SHA512
20920bd502738aff2333e4680dcef7ef48687c23db0bbc493ce156c0a8adf99fbae39c2cea3567d99d493e9135b94315e9b8cf6e01259ee10de78ac67d7a6a35

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
d0d5d790a8b27d8f65ef256221d495df

SHA1
c6df1e822f77cee807ddc8fabe5d00e5f8619b0e

SHA256
c72a43f41153a0d04d7dc6249c19dd81e20212e3392bf5e5e27db11ecc45a0a1

SHA512
a4d7f4469a403a12937d6245a4f1e2bd4715a454bf20c71ef8bc34987f859519cac382b5eaf6f1eec83f75e7c167437b5f9c4c919f8f3445730f7027225a98d8

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
451bf46abe4de7258871979efe595306

SHA1
b29efd9a4cc102651c77666f86e47e069724c962

SHA256
c192b564c64b10089d0d148d19ef07f24466d6e51cb2cea7c48d4bd2a3709651

SHA512
c5732fdcfe61a2854c6b73dfd8c9a4d03bbd9435f3b84a05e74109381ef63c9fdb6201a5df3c4f1f55a649cbb31d0bb76e6abe2ab5df2e1e323325981ba75783

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe58e932.TMP

Filesize
857B

MD5
12d7a84eb640e26a0ab30e8b55d64684

SHA1
00018af712f64b97696f90fb399d67d188558ebf

SHA256
f9c920e5664f217a22b0bba5f8185ecf028b845e6ae99b6425f7bfd7a2b25265

SHA512
08354754144889e5ac162e53aa668b1cd066a0db23d4fec360a75e78a9a0b7921ae87b01081fdda94d86eae6d932f4e48072adac0e75f29b957e13b866ef46cb

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
4025e96fb2e18a36460258a13b2b3c85

SHA1
da936bf691fcd16266af36ce396ff9965446583b

SHA256
5dff01f4bc6b073526ef6bd0493e899affe41e69979a00ff6ed0df9f185107ff

SHA512
b25c370c6cf3f811a22a35f58142f43a0e27c0a52fdad365bc12a41004aa26fbc3a5d56975f163519f9a4028a26d16f32324fddb2cdc275727c7f8f94b4e8053

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
6KB

MD5
d9fd6b0c14888aa9b214fec3f4ec53ec

SHA1
1207dc49910c107c022c3378a486dc72d0c136bd

SHA256
4a5610d34b0c80868b935de827a0cfcbdb77dd7ee43be03e14e4e9b9bd8986cf

SHA512
167ab1c34742d8a97d5992854897efb2284194e8b8f84a54e7b4a125f2cfa7d6f3500537a54a18d41cc4ad2f411b24b0dd6b83c68a919072711cf572db748ed6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences~RFe58b5de.TMP

Filesize
6KB

MD5
f8950d2652b4d72c23bc0ae8f3589b94

SHA1
c53595e6a8f9aab15cfdda40ff458c0c7ec2f4ab

SHA256
2a8474e583657ead1186ba3ef253d38162c348ac4e33f30a2217dc172662dbb1

SHA512
648dd2e83462728ceca42e47d21978191753b8f711bdbe2507f8df5cea08619e768a032e00bb9454d2097f5722ff91832c6381b97dfbbff35519c6e92bbebae0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
1853c7cb27489b278086a50bbbba696d

SHA1
a5dd94ea3b70fffc22f2094a3bdf32512ae6d912

SHA256
7a9153cb53eee2e63730390508d417a6d1b0acd6752a4ed3a13abf1369252896

SHA512
3baa76c4ef8b190ca5c1b013825e63c83f8e9376807cd9df4eeab3e86107506f373ec61f678aa2caf4f79ed985b9f82ee7acc36537d31c5435f2f36f75b8d554

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
3KB

MD5
b4129ee18dec1bef772662378aa92c6a

SHA1
cf77bdccb8dce6d826adbd666358f6d15ed8f88f

SHA256
6fdf98c97c643e81fd8c0d6ee1d6c0fe80f94b7731faf456b96bc00e491ccd96

SHA512
31a3a30a496160b454deb00e51d7866a89e3dfcf94dc75938bb55d8b59b037b5e5f1a7bc376e75f811bd37cfc2736d7e68609769ca0157017d7cfa9c8ea01340

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
4KB

MD5
e53e288b8cb6df75c5d4c7aadcc07594

SHA1
6ecfa95c99506df3ef0036499739d8da0f10c462

SHA256
1bbb69cbe3c0f3d6b98e71758f95bb7aae9b80547ed47ba5dbdf41772720adc4

SHA512
ae203711401f51278bd29ab37701614eb442dc3dbf7f06f9a71ccac6f0308367bf101fdd1fb98877a75601543fd887cf09690863ca0017c46dc351bd1a0de47c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
64005a768c2b729a7402bfff8437ecf9

SHA1
8414861878f17aa86f3909283046dfe9ae6bd7cb

SHA256
5d450f8eb5fe2cb9b80b97c7b9c46bdbb32e2a3cbfc909fe09ede14772f7b5f6

SHA512
c552ff0b270ecf1b8fd1470a8b5523f7b4393567e4e7acc19c22876959622beab5e1b1da344efcdc04f6459d513c7d547bd6e623e0a37577a2d2755abf374da3

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
1KB

MD5
0770b4bf6c0eee3bb3e17b8cce874695

SHA1
f1dd02e11a9cf597878689572d6fb8691ac9a78e

SHA256
9031295dcc6d669482c8985d57b142b6ddf5bc8c7d05d04c8477f5d5132b01f1

SHA512
8431aea821dbac4670730f5af8c8383f628edd4d985b2fb1e8562d7d5d336a2d47656b4b81a9c14fdf277508fa0cf02025aa5805cc2bdc0e4992c4fcf6d62e9a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
acd4fbedb272030ea4fde10b65d64c03

SHA1
02fb5c12b4fefed89b7379ce52352772365380ea

SHA256
b65dee9ff25738e999fa6eba1eb1c7e45bbf6011eac1a5d7adaa54c117ef0dd8

SHA512
42362a1d8e9e5dc56d7d2fec9b1a7dc3a9fd974cb76c6758b3342147e712a1d8569778a7cbb2281d0f06ea0b5fe1ddf168d02411e80d301ac12abf1d75a41a4a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
18KB

MD5
46273436b51cb0083960db3b574ba6c9

SHA1
215652776783bf9aa05141c44f85012c0713e4e8

SHA256
3a029df30d317b502953262b66f9c803eb9bce018d890b47e6901e7d4bc99fb4

SHA512
ff44a4d01b77b86e959ab98a2949a77bcf803abd22370ffbf114dee9c27244574e161f16efb06b3b53829d4327ceb2ecec2f023dc6c4c3d3ff602965feb58edd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe5861f1.TMP

Filesize
1KB

MD5
4010107d1aae5f42f9adc8be2e09a8f0

SHA1
46a5941e8d2e5119a747b869d30a744b69149155

SHA256
2391570b292bacb0b17b646ffefbb33487df231bd2f2a2c7f8115135057c5948

SHA512
26d708d58b09b9d5094110825f2fd47fff8164d8a696054e3204773584a615b73ddacd55bf278e91a0fa65ac531be2aab1ad4de44ba1dfe36cafadbc57ebfd87

Download Submit
C:\Users\Public\Desktop\JJSploit.lnk

Filesize
999B

MD5
d15049bdedd4bb0b3835c232eb24a9a6

SHA1
b8b31f6245a93ed3a4ffd6a0a4fe266e67fdba6c

SHA256
8d9d943b3c6936e222da472fe2647ba05353aba392993443695aa609e5180c7f

SHA512
2a1e2cbcc5a90f0decc6d468a11b76080793ed5129c786a35b317ab76a421b99d7db25aff895024bdfe53b6da70da7dc25567ba8e8ee690a61699d26a968f9cc

Download Submit
C:\Windows\Installer\e57f54d.msi

Filesize
5.1MB

MD5
cc9626b9eb05fcc4f0a12616e2c23504

SHA1
70ef30a35c8cd3cf2dbaff4dcdf47c33fedbec85

SHA256
f468617180d78e999eaed9139fef635874f0cb791d1ceb6642a364d7d366a32f

SHA512
5ad2999acec2f2161582c973366592b035dd52d167d8d7e3d1358ad75ec4bf7a74b5c4f06cf51110227498a1881f67970b5a1d1e0adeb7b1c901bcd259fbac3d

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
2b11d0904a8e3dd2477f230f8b8fbe83

SHA1
fbdc00bfb2a90c3d4fb56a93f6f732f730d10c62

SHA256
2a9ddb60d0ebdfd4f1b7667c7ece8354aa30e70e99f1060f9ca6d3eb0f986a0c

SHA512
1a167e824513388d91e80c8a5daf3e0a7845aa8294dcf802f3ad54bd3e8563c867e9c16c8260606fe64473ccb1a2c97cd7cef9c17512b4147d7f6a715ebc7f6b

Download Submit
\??\Volume{2b89434b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b73605c3-25ce-4e3d-8e45-ebcff810bc0c}_OnDiskSnapshotProp

Filesize
6KB

MD5
231bedb228caa0578939130ecb6bced8

SHA1
d8c099a12122274de67457bc14ac577b1ee6b05a

SHA256
16c50a78b40439cb58f2bb5471418235382bc3f2228ab8ecdc7cdcdd5c6aae31

SHA512
832b3c9b8608b8e953efacf11ff4e18f84543e53cb7023f41ece0cdc6a801ea93be533d9b9bcaf1e14a5194cb07e266431b2220a56388e054a346e1cb4f51467

Download Submit
memory/2040-100-0x00007FFA0C250000-0x00007FFA0C251000-memory.dmp

Filesize
4KB

Download
memory/3536-140-0x00007FFA0AAE0000-0x00007FFA0AAE1000-memory.dmp

Filesize
4KB

Download
memory/3536-139-0x00007FFA0C8F0000-0x00007FFA0C8F1000-memory.dmp

Filesize
4KB

Download
memory/4340-214-0x00007FFA0C250000-0x00007FFA0C251000-memory.dmp

Filesize
4KB

Download