URL:

https://wearedevs.net/d/JJSploit%20v4

Full analysis: https://app.any.run/tasks/3c008cca-63c0-45f3-99ed-211b3d6b8cff
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: January 05, 2019, 06:02:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MD5:

1F04D60207588BDA45731DE0496F6BFE

SHA1:

69C24F5E8F246536F66388BFC708E1D8733E4F1A

SHA256:

A2987D5AD44B5F7CC87CF2FAAC72BE96B00B5827F509F8B575FD509D93897D1D

SSDEEP:

3:N8R/BApK83B9VTRn:25BuBZd

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes settings of System certificates

      • JJSploit%20v4-Installer[1].exe (PID: 2648)

    • Application was dropped or rewritten from another process

      • JJSploit%20v4-Installer[1].exe (PID: 3820)
      • JJSploit%20v4-Installer[1].exe (PID: 2648)
      • JJSploit v4.exe (PID: 2820)

    • Loads dropped or rewritten executable

      • JJSploit.exe (PID: 2856)
      • JJSploit v4.exe (PID: 2820)
      • JJSploit.exe (PID: 3016)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2836)
      • JJSploit%20v4-Installer[1].exe (PID: 2648)
      • iexplore.exe (PID: 2440)
      • JJSploit.exe (PID: 2856)
      • JJSploit v4.exe (PID: 2820)

    • Creates files in the user directory

      • JJSploit%20v4-Installer[1].exe (PID: 2648)
      • JJSploit v4.exe (PID: 2820)
      • JJSploit.exe (PID: 2856)

    • Adds / modifies Windows certificates

      • JJSploit%20v4-Installer[1].exe (PID: 2648)

    • Creates a software uninstall entry

      • JJSploit v4.exe (PID: 2820)

    • Application launched itself

      • JJSploit.exe (PID: 2856)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2836)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3164)
      • iexplore.exe (PID: 2440)

    • Creates files in the user directory

      • iexplore.exe (PID: 3164)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2128)
      • iexplore.exe (PID: 2836)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2836)

    • Application launched itself

      • iexplore.exe (PID: 2836)
      • chrome.exe (PID: 2456)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3164)
      • iexplore.exe (PID: 2440)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2836)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
24
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs iexplore.exe jjsploit%20v4-installer[1].exe no specs jjsploit%20v4-installer[1].exe jjsploit v4.exe jjsploit.exe jjsploit.exe no specs winrar.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1016"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=868,9580028546090657112,8043876860438460582,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=5EB706329B6F1FEB8E8CB95FEA620EBA --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5EB706329B6F1FEB8E8CB95FEA620EBA --renderer-client-id=6 --mojo-platform-channel-handle=3524 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1960"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=868,9580028546090657112,8043876860438460582,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=0DECF69C9E7F805E60551FF839E63CF2 --mojo-platform-channel-handle=524 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2128C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2440"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:203009C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2456"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2648"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\JJSploit%20v4-Installer[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\JJSploit%20v4-Installer[1].exe
iexplore.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\jjsploit%20v4-installer[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2820"C:\Users\admin\Desktop\JJSploit v4.exe" C:\Users\admin\Desktop\JJSploit v4.exe
JJSploit%20v4-Installer[1].exe
User:
admin
Company:
WeAreDevs
Integrity Level:
HIGH
Description:
User interface to control external interface
Exit code:
0
Version:
4.0.303
Modules
Images
c:\users\admin\desktop\jjsploit v4.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
2824"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=868,9580028546090657112,8043876860438460582,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=9638D37FACAA07553B17BD0B67241377 --mojo-platform-channel-handle=888 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2836"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2844"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=868,9580028546090657112,8043876860438460582,131072 --enable-features=PasswordImport --service-pipe-token=A90D4F859620259F755833638A0EF8E9 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=A90D4F859620259F755833638A0EF8E9 --renderer-client-id=3 --mojo-platform-channel-handle=1908 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
2 137
Read events
1 930
Write events
199
Delete events
8

Modification events

(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{97C78A91-10AF-11E9-BAD8-5254004A04AF}
Value:
0
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
3
(PID) Process:(2836) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307010006000500060003001100B703
Executable files
67
Suspicious files
141
Text files
161
Unknown types
19

Dropped files

PID
Process
Filename
Type
2836iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2836iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\JJSploit%20v4[1].txt
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\download[1].csstext
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@wearedevs[1].txttext
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\JJSploit%20v4[1].htmhtml
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bright[1].csstext
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\f[1].txttext
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\navheader[1].csstext
MD5:
SHA256:
3164iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\main[1].csstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
92
DNS requests
45
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2648
JJSploit%20v4-Installer[1].exe
POST
200
35.190.60.70:80
http://dlsft.com/callback/?channel=Wrd&action=started
US
malicious
2648
JJSploit%20v4-Installer[1].exe
POST
200
35.190.60.70:80
http://dlsft.com/callback/?channel=Wrd&action=webcompanion-0
US
malicious
2648
JJSploit%20v4-Installer[1].exe
POST
200
35.190.60.70:80
http://dlsft.com/callback/?channel=Wrd&action=completed
US
malicious
2648
JJSploit%20v4-Installer[1].exe
GET
200
35.190.60.70:80
http://dlsft.com/callback/offers.php
US
text
16 b
malicious
2648
JJSploit%20v4-Installer[1].exe
POST
200
35.190.60.70:80
http://dlsft.com/callback/geo/geo.php
US
text
16 b
malicious
2648
JJSploit%20v4-Installer[1].exe
POST
200
35.190.60.70:80
http://dlsft.com/callback/?channel=Wrd&action=po-0
US
text
16 b
malicious
2648
JJSploit%20v4-Installer[1].exe
POST
200
165.193.78.234:80
http://post.securestudies.com/TapAction.aspx?campaign_id=1526&tpi=InstallUnion&action_id=0
US
text
25 b
malicious
2456
chrome.exe
GET
301
144.76.226.41:80
http://filedropper.com/jailbreakmoneyhack
DE
html
250 b
suspicious
2456
chrome.exe
GET
301
144.76.226.41:80
http://www.filedropper.com/images/filedropper_banner.png
DE
html
265 b
suspicious
2836
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3164
iexplore.exe
172.217.18.2:443
googleads.g.doubleclick.net
Google Inc.
US
whitelisted
3164
iexplore.exe
104.24.14.43:443
wearedevs.net
Cloudflare Inc
US
shared
3164
iexplore.exe
216.58.210.1:443
tpc.googlesyndication.com
Google Inc.
US
whitelisted
2836
iexplore.exe
104.24.15.43:443
wearedevs.net
Cloudflare Inc
US
shared
2836
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3164
iexplore.exe
104.24.15.43:443
wearedevs.net
Cloudflare Inc
US
shared
3164
iexplore.exe
104.19.197.151:443
cdnjs.cloudflare.com
Cloudflare Inc
US
shared
3164
iexplore.exe
216.58.208.34:443
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
3164
iexplore.exe
216.58.207.72:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2648
JJSploit%20v4-Installer[1].exe
104.16.249.144:443
media.discordapp.net
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
wearedevs.net
  • 104.24.15.43
  • 104.24.14.43
whitelisted
pagead2.googlesyndication.com
  • 216.58.208.34
  • 172.217.22.98
whitelisted
cdnjs.cloudflare.com
  • 104.19.197.151
  • 104.19.198.151
  • 104.19.196.151
  • 104.19.195.151
  • 104.19.199.151
whitelisted
www.googletagmanager.com
  • 216.58.207.72
whitelisted
static.hotjar.com
  • 147.75.205.43
  • 147.75.83.1
  • 147.75.33.239
  • 147.75.80.178
  • 147.75.83.82
  • 147.75.205.49
  • 147.75.83.23
  • 147.75.204.215
whitelisted
adservice.google.com
  • 172.217.21.194
  • 172.217.21.226
whitelisted
adservice.google.co.uk
  • 172.217.22.2
  • 216.58.210.2
whitelisted
googleads.g.doubleclick.net
  • 172.217.18.2
  • 172.217.18.98
whitelisted
cdn.wearedevs.net
  • 104.24.14.43
  • 104.24.15.43
whitelisted

Threats

PID
Process
Class
Message
2648
JJSploit%20v4-Installer[1].exe
Misc activity
ADWARE [PTsecurity] Gen:Variant.Midie.55716
1 ETPRO signatures available at the full report
Process
Message
JJSploit%20v4-Installer[1].exe
scanning node questions /questions scanning node question /questions/question scanning node question /questions/question scanning node question /questions/question scanning node question /questions/question scanning node question /questions/question scanning node question /questions/question scanning node question /questions/question
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://wearedevs.net/d/JJSploit%20v4