06c2dff99c92ad35dc3b83ac8608002a5b0fe080fcd9d321c223ed1a31267d61

Analysis

max time kernel
27s
max time network
30s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20-09-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_8.5.0_x64-setup.exe
Size

6.1MB
MD5

90f2ab2f9236fccb1708a771eeeb9547
SHA1

527912f5f23ba9912431bbbb63894196e2848471
SHA256

06c2dff99c92ad35dc3b83ac8608002a5b0fe080fcd9d321c223ed1a31267d61
SHA512

ead3fe5a980285eaef617d0e037505acf6073c2a72a2d44d534f572224ea47c8ba219dae138fa9360f7edc7038d340ac7e1f253052eac56e82ea6013955349d8
SSDEEP

98304:he/3hibpt9qKcF/SuQSscKfYTPQQSWfOaDaWMSqXaWnpmnPqKSnX0wnk721FY0VL:hefopjq19SuzK+QQz5aXXDIgEGUwFYAL

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4084 created 3280	4084	JJSploit_8.5.0_x64-setup.exe	52

Executes dropped EXE 2 IoCs

pid	Process
3140	JJSploit.exe
4024	JJSploit.exe

Loads dropped DLL 5 IoCs

pid	Process
4084	JJSploit_8.5.0_x64-setup.exe
4084	JJSploit_8.5.0_x64-setup.exe
4084	JJSploit_8.5.0_x64-setup.exe
4084	JJSploit_8.5.0_x64-setup.exe
4084	JJSploit_8.5.0_x64-setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x000100000002aa29-95.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit_8.5.0_x64-setup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4084	JJSploit_8.5.0_x64-setup.exe
4084	JJSploit_8.5.0_x64-setup.exe
3768	msedge.exe
3768	msedge.exe
2544	msedge.exe
2544	msedge.exe
436	msedge.exe
436	msedge.exe
2764	msedgewebview2.exe
2764	msedgewebview2.exe
4788	identity_helper.exe
4788	identity_helper.exe
1980	msedgewebview2.exe
1980	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
4732	msedgewebview2.exe
1528	msedgewebview2.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3140	JJSploit.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
4732	msedgewebview2.exe
4732	msedgewebview2.exe
2544	msedge.exe
4024	JJSploit.exe
1528	msedgewebview2.exe
1528	msedgewebview2.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 3140	4084	JJSploit_8.5.0_x64-setup.exe	78
PID 4084 wrote to memory of 3140	4084	JJSploit_8.5.0_x64-setup.exe	78
PID 3140 wrote to memory of 2236	3140	JJSploit.exe	79
PID 3140 wrote to memory of 2236	3140	JJSploit.exe	79
PID 3140 wrote to memory of 1772	3140	JJSploit.exe	80
PID 3140 wrote to memory of 1772	3140	JJSploit.exe	80
PID 3140 wrote to memory of 4732	3140	JJSploit.exe	81
PID 3140 wrote to memory of 4732	3140	JJSploit.exe	81
PID 4732 wrote to memory of 2240	4732	msedgewebview2.exe	82
PID 4732 wrote to memory of 2240	4732	msedgewebview2.exe	82
PID 2236 wrote to memory of 2544	2236	cmd.exe	83
PID 2236 wrote to memory of 2544	2236	cmd.exe	83
PID 1772 wrote to memory of 2260	1772	cmd.exe	85
PID 1772 wrote to memory of 2260	1772	cmd.exe	85
PID 2260 wrote to memory of 2656	2260	msedge.exe	87
PID 2260 wrote to memory of 2656	2260	msedge.exe	87
PID 2544 wrote to memory of 2368	2544	msedge.exe	88
PID 2544 wrote to memory of 2368	2544	msedge.exe	88
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 4984	2544	msedge.exe	90
PID 2544 wrote to memory of 3768	2544	msedge.exe	91
PID 2544 wrote to memory of 3768	2544	msedge.exe	91
PID 2544 wrote to memory of 3732	2544	msedge.exe	92
PID 2544 wrote to memory of 3732	2544	msedge.exe	92
PID 2544 wrote to memory of 3732	2544	msedge.exe	92
PID 2544 wrote to memory of 3732	2544	msedge.exe	92

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3280
- C:\Users\Admin\AppData\Local\Temp\JJSploit_8.5.0_x64-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\JJSploit_8.5.0_x64-setup.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4084
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3140
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@Omnidev_
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88bd93cb8,0x7ff88bd93cc8,0x7ff88bd93cd8
        5⤵
        
        PID:2368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2
        5⤵
        
        PID:4984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
        5⤵
        
        PID:3732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        5⤵
        
        PID:3040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        5⤵
        
        PID:4696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
        5⤵
        
        PID:3688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
        5⤵
        
        PID:1844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
        5⤵
        
        PID:4152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,16722626156663409017,10032308193445332154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4788
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88bd93cb8,0x7ff88bd93cc8,0x7ff88bd93cd8
        5⤵
        
        PID:2656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,1459029566948002172,9884343720759879636,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
        5⤵
        
        PID:4540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,1459029566948002172,9884343720759879636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:436
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3140.4828.14265200183805589102
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4732
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ff88bd93cb8,0x7ff88bd93cc8,0x7ff88bd93cd8
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1788,1868227538659567812,6380035142225261556,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
      4⤵
      PID:4420
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,1868227538659567812,6380035142225261556,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1892 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2764
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,1868227538659567812,6380035142225261556,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2320 /prefetch:8
      4⤵
      PID:2272
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1788,1868227538659567812,6380035142225261556,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
      4⤵
      PID:1320
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:4024
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4024.4260.13835772997808359181
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1528
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1d4,0x7ff88bd93cb8,0x7ff88bd93cc8,0x7ff88bd93cd8
      4⤵
      PID:2956
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1760,12724104917220934094,17055512304277916067,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1768 /prefetch:2
      4⤵
      PID:2500
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1760,12724104917220934094,17055512304277916067,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1964 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1980
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1760,12724104917220934094,17055512304277916067,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2404 /prefetch:8
      4⤵
      PID:2308
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1760,12724104917220934094,17055512304277916067,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.5.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
      4⤵
      PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\JJSploit\JJSploit.dll

Filesize
1.2MB

MD5
6ee5f6f36c4cfc783050d6bea5c02c9c

SHA1
71a86686e19275f9efcf12b6995a7b9c8f64decd

SHA256
a13050ca0bb7936a305789338ec86d141cf74a0482fc0b2d29bc2d2e6a4d7bdc

SHA512
e686ebd6390003e0d4e8e84b561713b4e05faa4309d375aeeb18452cff85cf0de89e70202b2c4b91425cfccd6f5585a0d0bcc6c0f2e9a05c24f71bb06a09a9f3

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe

Filesize
10.4MB

MD5
bcbe97957824bc7ff26b65a98d930677

SHA1
2ccee678ff718dd61ba6e4afe7f95527fc6b9dd0

SHA256
277183d7af817b1a3e276031823a93206868c9a5994705d49124a5d2929c1e87

SHA512
d064d024f0eec0265b8b4627c6d859a694b6a99710562fd0542f4f104bb4225f5f0105a029c00f44c2e43a3febb62e3cbbd8247b6b86ee7ca3c599b4fc5a5112

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\db.json

Filesize
383B

MD5
a922121131490161db6efb0087a6c702

SHA1
15e6efdfe30824f0dddc15fc2a5bf7378161f1a9

SHA256
f47157c3299b1dc0d5fcc8006654b8f00c4dab6beedd3ae3cfecbd8f09e66a9d

SHA512
526c8f6a21ed4b33887857b126c33a068916be786671fc88126381fada29c1efffb90ea44ed803c85c3a726cbd8e2363167172b150f50798bfc705fd97762e57

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libcrypto-3-x64.dll

Filesize
4.5MB

MD5
a9c1f7ca15c65c139bc9d4bf57df2e1e

SHA1
1b1377139a6b289d43a6b1161cd1089ffc817cf9

SHA256
03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116

SHA512
97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libssl-3-x64.dll

Filesize
802KB

MD5
51b0d5f42a82f6fa8739b403e9b8b81c

SHA1
75968c157628bb7aca9b5f2331f7a0c9a1d28865

SHA256
0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b

SHA512
94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\uninstall.exe

Filesize
74KB

MD5
2a1378d591f9835141df97955e87eece

SHA1
7d310b5aa3a0f505752a70d9e194a9f0fc9627f8

SHA256
be673d61bddf3ea627e583646b8ac9db11baca821a921e35955eaf6f9d1e8e53

SHA512
0f82d8c2c96b5b1ec0f65099bc7f880b30d2adc27955a29bb563ae6e117473a108440da8f43a6351523154d27fc42fc6a8f402bfcebfa94674153bde6dea6ff2

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\xxhash.dll

Filesize
46KB

MD5
249a5f6ca047df2a2f802782696c7f80

SHA1
6a1d96be0f497d689fb55de70284af83cac61f52

SHA256
2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671

SHA512
d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\zstd.dll

Filesize
638KB

MD5
21dfe873f6ed38f2f713ecd43ad1ba41

SHA1
7648cb043587da0e85743f9da8dca8be621ccdf0

SHA256
2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997

SHA512
67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
04b4153d513529202116fd18c735af10

SHA1
2b26664cbb9046bf03c74af852dad88c0d43137b

SHA256
823cb112cdf948f559416cbd0aabc324e6d90357003d95b919003c2805efa955

SHA512
748484957c8b453ff8ef6da481a85eff1957448537029a9c9ebdd032d0e0a4efe9efe7ea9844994420097eadcc5260ac7d21b807b28c257091b6eeccd91a5cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
85ff582302da203079974624e1f730cc

SHA1
4c90a9b4984ce003a8f826a85f7c175c7ae39265

SHA256
f1fafe06403d53d5591a5e7837691857dbdc12ac33734577238842c9dc810a0d

SHA512
6f67046bcb1d53fb61255f861200c73bff852f660a6c6cbc51e9daee3bb807511bebd222c7d2083ea5968ef91fad2a89d023ff1e3b1f1516e02a019ae2cc3ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3df668cef7d9d24c273cfbef6ce21133

SHA1
8136f47fcde0be1e74ad4d6dddf069eba86bc136

SHA256
1efedeee9b6c9971ef16ab1dec196c9bbfd7cc18b153526ac6a148512e1959ec

SHA512
a6e265f2261c016fe41327f1595727e2f38be854a844767714f6ffb3a98b813246edbf3888d93e7d39dd48c581ab34379bf21ef64794f5d4059d2e90e6d10cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0af4714c50f86aa9f44afcab8fee76cd

SHA1
99cab5189c4bf8e183e8fb5177b566992dc0fb35

SHA256
8118ca2c12d7f58f0a97ab8ff9db0d4d244b1ca53ea375dd8d8d62e05355d5ab

SHA512
cd67f17aaac8dbb6c0c02013bed6264db3bf44d35dd0fe76db7a1b4a05961872ee6b1442ccaf8753942394a2eac46e8af64ab305cf5e275853d450a059b9cbee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b10a9d3decd19ac44403dc3c356c2eb1

SHA1
571eb96fafdf68feebe3d2f4dc75e5f5b9fc0373

SHA256
24ef79806fed244992e01fa19e3ac5d970ea51584b9b7e9f0028ecc8b7d99a08

SHA512
284dfb826220b99c2f05c8cf0f127b5ce868f044339b30480662d487532b8dbcf907087758f6b70c04ad48d4b14e8f5e598ab743ac9c096f04033796b6cda271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d8ee10d6759109f2ba7b9b20ecb7375e

SHA1
0dd055e5136e8f01a7b1089b44f229271580279b

SHA256
1ac7c76cd1b07e709422e3b662264f5e996e48596a63d4ca4cec37c5822884f8

SHA512
03d34fe152303f059e963b17d259333e289171ced3c69807403bb5ef1fc20b6c2ac82dd721d2dd96ad779eebf219a974439a9105b164b42360279a9f6326914d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx98D7.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx98D7.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx98D7.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx98D7.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx98D7.tmp\nsis_tauri_utils.dll

Filesize
29KB

MD5
8def0196223484f8aed4106148dd3f08

SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa

SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333

SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
2a76323f4e7dc0f69a49203f4e37d7e0

SHA1
6976d1dbd9d93ec3c022bd7c7d071ddbad9eb8ae

SHA256
138b4a522e1e092b292e773d94d00783bf05bd1813621fcec2891cf2e5f96510

SHA512
833d5f8d15ef04d42e3d86518fbd9c83dd31882342552e7bafdcf1b6992b526e34573a1293e4ffcf972bd2bf7090c3e237e16030750b4260867f2ec0da43aced

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
1e719c185423bde3e15f6ec585638aff

SHA1
4bf179756fc385f9af861ddc9e03e3785042cc53

SHA256
795d52272c79292cc4c405e6acbf196de588edd1304f1e723f4d17e49e7bacf4

SHA512
7bc6d90729cb1473fa1860e8d43b39860815be9e2dc4c727081f0a9eafaa828a84a12bc4e7e1dc995bab5056defbd4a639f834ff4cbd0431a26cad4a0411eb63

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\8adc86fc-7cbc-44a4-aa93-6d2b573d954a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
85de96815715a96b03ba90f3c06a7477

SHA1
a69fedcebb196c153328e144b13ead521b147e65

SHA256
8081daad82241b76676950ea96259ebcc5643dc645edd5e601f53ccadc18c0c0

SHA512
9745273b94334cec49e562d4740bbbd2211d748d833a4a164be7daa0cd369a6d6786228f703a816b1c1f83c33a8c9800bc6e81f0498fee7de1a34a0a7a7f2e64

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Media History

Filesize
76KB

MD5
cf7ac318453f6b64b6dc186489ff4593

SHA1
b405c8e0737be8e16a08556757dc817bd02af025

SHA256
634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a

SHA512
b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
18035ad9c55050c849d5aba43b33de68

SHA1
369900b4f1471f662b4932cbb49b9b7ff47bc5f1

SHA256
8ea4a23a981e661886f427d8e38097ca245a2723a76e7552b9cd2ebb069d2795

SHA512
cb560519e3ba128fdf7007599df8dc56b1add2a85fd189a5c25dee0d57a087e3e8a4371d8c83f9220eab8256045746e324ae36821ad6951aad65deba198c2974

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
87806062303482836dad70121f2fb51d

SHA1
51e0a0b9180ef0744b706818432c421e1a19613c

SHA256
c906c4f2792696c1d83485c9bc445c0e901ed643b4b1e02fee74b18588b33a52

SHA512
bdbd390e1fa36594deb5bbb58abae667b4605b306a8844cbe32a1405b08bfc882163d43c9953f9a7aab23b00513057ea89fe42ea8e8de3eaebd14acf0dae76b6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
992e074e225ef161bd97b3e56ddf0ccc

SHA1
20208f60176c59aa9f4f6753ce8c8bc59dc17ffa

SHA256
9b17f8d51598cc8d9a96e58fcc87ab3bf7aaec3cdf9b43a438b1651d45c8f00b

SHA512
6ff20ed71b30586268d075d20f8f301219ea9b89efd0aa08299ede8ca63753cf6377e15dff10057e4dec5edd2160266571030b296e37d78369043812e79f6e03

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\LOG

Filesize
305B

MD5
1a59388f0450e0b486467361e64d6eb9

SHA1
a4b9f9baea3f0562668ef7cc5efdca5746844272

SHA256
6959b8efef093942269152514f1d688f169afa27b8105f921f23c252fee7522f

SHA512
6fa8d222f33a1010e3dd35682f590d2119fb84d8ac1ad164c3b513474e08b65490348c04b4cb3a061f63c46448bf1ddb2f84331b9e1086b38f4133a207d87bc0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Sync Data\LevelDB\LOG

Filesize
283B

MD5
f5f4e4631ae15a03ad8525fd857748f2

SHA1
f4be3078811eb90a63f2fee59f2a4519b73d58a2

SHA256
c47ab85d88e26e59029c01c94045afdbafbd8bb598db7a7a746c31ee5a7a18fd

SHA512
d7d391c30aa0240f0aedc8c1d289033fecfc75da3d701144b7363fb565ed41a2e122fca0d9a05b3ca040865aeda4ae0adc23e5d9b881b8e2f38a7e5a6cba9b63

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Visited Links

Filesize
128KB

MD5
c88a7d1b20c998e57d8040e1da8b2cde

SHA1
1daca6e11ac170df2b8bae6737b7aa2f14858343

SHA256
e23a8b02bc8c1b629acff6c5375e65cc3bbf548f23779e7a9a8b3c249b06e86e

SHA512
cc0a341482f0190f1b5b4e3f893a8d2ba7afafd8c57e9282c3ee47e27c8f49932c9d584b72988b7e88953ae298a4d7737027b78ce1c41f9c810f1606739f1a39

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
3c46e12ee3e5512cfcaa820ee27395df

SHA1
f6108a360c10fd98c85394dfc2b2adc48f1ae3fe

SHA256
9cc6b00e70571a85bfa331d0e50c447311944478a3c88dcc85e5e08776d800af

SHA512
f808d903b9ce4d09b8ec283d022d7340485109dee82fe140f6c40ca5954d49131fe18671a38f62ac9d47d8d2d0053543294de4285053c7d152885b8c07411f2f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\index

Filesize
256KB

MD5
99f7a727de2d2207ab6d35e9d1abf391

SHA1
7f7915d8b04176ae93edae78b1d180b760f3affc

SHA256
0b2638d4779bb6c05974158fdf51093545a29797b05593f84788c395a07dacfa

SHA512
cfc1bf5ba13b1dc2defbd512dbfcedea07c9b0806c7b8831b69b975d75c2d7a806321e18a25f21c55094ac9ffcc1f495a248a2b8a366fac8281e4f93c17a89b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\fec0f58c-92bd-4d4a-a2f0-d94b2fabd46c.tmp

Filesize
2KB

MD5
a932bb2a48175112589c4e941a461779

SHA1
a78e86a2334257dbb5b957cc5b11f6e086883eca

SHA256
313868ae238408d4693d245df678dae181695496dc924e5d2152e8f9f557b8df

SHA512
87a0a6eecbed9ad4d39087732ad8950d3f21c7940a5cd15682470436d3b68d2d132c9e03f7e8e09c7d31c7de9aa70d45ad76fb2e02ad87da62b4039850e42b54

Download Submit
C:\Users\Admin\Desktop\JJSploit.lnk

Filesize
1KB

MD5
4a7497969ef306c9ae2e1338c387d00e

SHA1
39b1f035d6769029f33f8c31b1e4a0c981b35f7f

SHA256
fa200fa7bdacedf8561b73f6b8649b654285757b9036c3139cf4d7b6d0e7b2ab

SHA512
26cccb700713c9d6f4c52a6764544a936533ba442cbd681d133c0812dcf322b4cc41cc0763a40eb9bbac2e6bbfd89c31db67add00d8f8eea3196bb099ad5b05b

Download Submit
C:\Users\Admin\Documents\jjsploit\db.json

Filesize
54B

MD5
41dea3a16884a8a050f599c1b3d3dbf5

SHA1
0d1893892dd3a5211b8dc4b66efae5d3f2c82689

SHA256
e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466

SHA512
2c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2

Download Submit
memory/1104-557-0x000001D2C3E60000-0x000001D2C3F0E000-memory.dmp

Filesize
696KB

Download
memory/1320-360-0x00000244F7100000-0x00000244F71AE000-memory.dmp

Filesize
696KB

Download
memory/2272-359-0x00000282F9A00000-0x00000282F9AAE000-memory.dmp

Filesize
696KB

Download
memory/2308-599-0x00000164FB520000-0x00000164FB5CE000-memory.dmp

Filesize
696KB

Download
memory/2500-598-0x00000111F3830000-0x00000111F38DE000-memory.dmp

Filesize
696KB

Download
memory/4420-172-0x00007FF899C30000-0x00007FF899C31000-memory.dmp

Filesize
4KB

Download
memory/4420-365-0x000001496C010000-0x000001496C0BE000-memory.dmp

Filesize
696KB

Download