Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JJSploit_8.13.9.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/12/2024, 10:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JJSploit_8.13.9.exe

  • Size

    98KB

  • MD5

    fe9d7b49dab665c66f2462ac58913202

  • SHA1

    3fa3a12f014e2ca04972c6ea2cfb439662eef06f

  • SHA256

    b5860aa704760ecaa8cb40c378c35dbd0c1d8b29d4d6b5eb9b97fad1dfff27b5

  • SHA512

    bf6fe93ffdfcae97b480c975c0477f58157ac0551dd0c2db53f5452fbb5be23316bf0498350359447c13d9bcedfbaf44722af6edb6f8c4bad06780b2da956d9a

  • SSDEEP

    3072:wVtPS5z1wveHYI9zcRgPS5z1wveHYI9SG6mz:wVA6ZICR36ZIx

Score
10/10
meduzacollectiondiscoveryphishingspywarestealer

Malware Config

Extracted

Family

meduza

C2

147.45.44.228

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    424

  • extensions

    none

  • grabber_max_size

    1.048576e+06

  • links

    none

  • port

    15666

  • self_destruct

    true

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Meduza Stealer payload 5 IoCs
  • Meduza family
    meduza
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • A potential corporate email address has been identified in the URL: httpswww.youtube.com@Omnidevcbrd1
    phishing
  • A potential corporate email address has been identified in the URL: httpswww.youtube.com@WeAreDevsExploitscbrd1
    phishing
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs
    collection
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Embeds OpenSSL 1 IoCs

    Embeds OpenSSL, may be used to circumvent TLS interception.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 14 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 41 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3316
      • C:\Users\Admin\AppData\Local\Temp\JJSploit_8.13.9.exe
        "C:\Users\Admin\AppData\Local\Temp\JJSploit_8.13.9.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4484
        • C:\Users\Admin\AppData\Local\Temp\cfg.exe
          "C:\Users\Admin\AppData\Local\Temp\cfg.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:2112
          • C:\Users\Admin\AppData\Local\Temp\cfg.exe
            "C:\Users\Admin\AppData\Local\Temp\cfg.exe"
            4⤵
            • Executes dropped EXE
            • Accesses Microsoft Outlook profiles
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            • outlook_office_path
            • outlook_win_path
            PID:5080
            • C:\Windows\System32\cmd.exe
              "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\cfg.exe"
              5⤵
              • System Network Configuration Discovery: Internet Connection Discovery
              • Suspicious use of WriteProcessMemory
              PID:2520
              • C:\Windows\system32\PING.EXE
                ping 1.1.1.1 -n 1 -w 3000
                6⤵
                • System Network Configuration Discovery: Internet Connection Discovery
                • Runs ping.exe
                PID:2008
        • C:\Users\Admin\AppData\Local\Temp\jjsploit.exe
          "C:\Users\Admin\AppData\Local\Temp\jjsploit.exe"
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1048
      • C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
        C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3668
        • C:\Windows\system32\cmd.exe
          "cmd" /C start https://www.youtube.com/@Omnidev_
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3360
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1200
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc9143cb8,0x7ffdc9143cc8,0x7ffdc9143cd8
              5⤵
                PID:3756
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6908606357885577171,12873378074512035389,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
                5⤵
                  PID:2008
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,6908606357885577171,12873378074512035389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
                  5⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2340
            • C:\Windows\system32\cmd.exe
              "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:4844
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
                4⤵
                • Enumerates system info in registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of WriteProcessMemory
                PID:2428
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc9143cb8,0x7ffdc9143cc8,0x7ffdc9143cd8
                  5⤵
                    PID:4640
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2
                    5⤵
                      PID:4596
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
                      5⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1068
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
                      5⤵
                        PID:2852
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                        5⤵
                          PID:4856
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                          5⤵
                            PID:3180
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
                            5⤵
                              PID:564
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
                              5⤵
                                PID:5292
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
                                5⤵
                                  PID:5328
                                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
                                  5⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:244
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                                  5⤵
                                    PID:5752
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                                    5⤵
                                      PID:5932
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
                                      5⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:6084
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5848 /prefetch:8
                                      5⤵
                                        PID:5156
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                        5⤵
                                          PID:5996
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                          5⤵
                                            PID:6012
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
                                            5⤵
                                              PID:724
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,1471033158751014404,7155831661310222350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
                                              5⤵
                                                PID:576
                                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3668.2612.2715568032536774523
                                            3⤵
                                            • Enumerates system info in registry
                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                            • Suspicious use of FindShellTrayWindow
                                            • Suspicious use of WriteProcessMemory
                                            PID:572
                                            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffdc9143cb8,0x7ffdc9143cc8,0x7ffdc9143cd8
                                              4⤵
                                                PID:228
                                              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1692,9078170086828757108,14829813954679393978,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
                                                4⤵
                                                  PID:4604
                                                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1692,9078170086828757108,14829813954679393978,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2160 /prefetch:3
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2280
                                                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1692,9078170086828757108,14829813954679393978,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1796 /prefetch:8
                                                  4⤵
                                                    PID:4080
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1692,9078170086828757108,14829813954679393978,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
                                                    4⤵
                                                      PID:5528
                                                • C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
                                                  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of FindShellTrayWindow
                                                  PID:1176
                                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1176.5596.8646674118927282213
                                                    3⤵
                                                    • Enumerates system info in registry
                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                    • Suspicious use of FindShellTrayWindow
                                                    PID:5848
                                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1c8,0x7ffdc9143cb8,0x7ffdc9143cc8,0x7ffdc9143cd8
                                                      4⤵
                                                        PID:5628
                                                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1776,16887473428012943946,3448836878748740754,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2
                                                        4⤵
                                                          PID:5992
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,16887473428012943946,3448836878748740754,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2032 /prefetch:3
                                                          4⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:6032
                                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,16887473428012943946,3448836878748740754,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2604 /prefetch:8
                                                          4⤵
                                                            PID:3520
                                                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1776,16887473428012943946,3448836878748740754,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
                                                            4⤵
                                                              PID:3436
                                                        • C:\Windows\system32\control.exe
                                                          "C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
                                                          2⤵
                                                          • Modifies registry class
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:1180
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                        1⤵
                                                          PID:3000
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:1580
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:5020
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:5180
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:2976
                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                  C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x000000000000046C
                                                                  1⤵
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:3180
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:2760
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:1664
                                                                    • C:\Windows\system32\BackgroundTransferHost.exe
                                                                      "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                                      1⤵
                                                                      • Modifies registry class
                                                                      PID:5344
                                                                    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                      1⤵
                                                                      • Modifies registry class
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:4068
                                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                      1⤵
                                                                      • System Location Discovery: System Language Discovery
                                                                      PID:5688
                                                                    • C:\Windows\explorer.exe
                                                                      C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                                                      1⤵
                                                                      • Modifies Internet Explorer settings
                                                                      • Modifies registry class
                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                      • Suspicious use of FindShellTrayWindow
                                                                      PID:3948
                                                                      • C:\Windows\system32\taskmgr.exe
                                                                        "C:\Windows\system32\taskmgr.exe" /7
                                                                        2⤵
                                                                        • Checks SCSI registry key(s)
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        • Suspicious use of FindShellTrayWindow
                                                                        • Suspicious use of SendNotifyMessage
                                                                        PID:4524

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v15

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
                                                                      Filesize

                                                                      10.5MB

                                                                      MD5

                                                                      e59012474c711e0db071950d859bac42

                                                                      SHA1

                                                                      2a1839c61829b70874aaecd41d76a03b8c6cb5dc

                                                                      SHA256

                                                                      5bd65131cad50c58ae916818d54abe44c014854db770aa71a9933293939ad576

                                                                      SHA512

                                                                      61e94c2949d9f08d2ce37dbe5687cc8ff68b274e2ee56d530870a977773a1e04ac58bca4f550887790f0d31534d862cdc869a90621c03ebf030cf73b41fd5774

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\JJSploit\db.json
                                                                      Filesize

                                                                      311B

                                                                      MD5

                                                                      84095feb496d351b9c80e926938f9ca8

                                                                      SHA1

                                                                      d8ac99f45d8420698809521a4c1a30e954f118da

                                                                      SHA256

                                                                      1ee333036765e94b9f6975a2cfb6a799c42b3357078b424753f6aa61b225e54b

                                                                      SHA512

                                                                      347ef12c4f1849a5455014413097ea6d7a6406b36027da4734afad736a5581c6068dd4878aeab02843abbc1e1cfdb37f34c167b4886c8644ad8778e592393e10

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\JJSploit\libcrypto-3-x64.dll
                                                                      Filesize

                                                                      4.5MB

                                                                      MD5

                                                                      a9c1f7ca15c65c139bc9d4bf57df2e1e

                                                                      SHA1

                                                                      1b1377139a6b289d43a6b1161cd1089ffc817cf9

                                                                      SHA256

                                                                      03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116

                                                                      SHA512

                                                                      97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\JJSploit\libssl-3-x64.dll
                                                                      Filesize

                                                                      802KB

                                                                      MD5

                                                                      51b0d5f42a82f6fa8739b403e9b8b81c

                                                                      SHA1

                                                                      75968c157628bb7aca9b5f2331f7a0c9a1d28865

                                                                      SHA256

                                                                      0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b

                                                                      SHA512

                                                                      94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\JJSploit\uninstall.exe
                                                                      Filesize

                                                                      74KB

                                                                      MD5

                                                                      fcbc4b016ca7164b57d332d4012f3b85

                                                                      SHA1

                                                                      b1f8ca1824216100edba1bf52c4a953335e277fd

                                                                      SHA256

                                                                      11a861694c2a3cce1e14020ffd46aef7dbcee861763203c5aebe8f4fa1cfba3b

                                                                      SHA512

                                                                      5b5569ab94108f535345d6b71c105222daebbe34d2132ff1f03df84151c3b7488f0f6cda7bb054694bbc58234e709a6069bfdd9239076395b4a823f2d8848b3a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\JJSploit\xxhash.dll
                                                                      Filesize

                                                                      46KB

                                                                      MD5

                                                                      249a5f6ca047df2a2f802782696c7f80

                                                                      SHA1

                                                                      6a1d96be0f497d689fb55de70284af83cac61f52

                                                                      SHA256

                                                                      2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671

                                                                      SHA512

                                                                      d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\JJSploit\zstd.dll
                                                                      Filesize

                                                                      638KB

                                                                      MD5

                                                                      21dfe873f6ed38f2f713ecd43ad1ba41

                                                                      SHA1

                                                                      7648cb043587da0e85743f9da8dca8be621ccdf0

                                                                      SHA256

                                                                      2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997

                                                                      SHA512

                                                                      67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      1fc959921446fa3ab5813f75ca4d0235

                                                                      SHA1

                                                                      0aeef3ba7ba2aa1f725fca09432d384b06995e2a

                                                                      SHA256

                                                                      1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

                                                                      SHA512

                                                                      899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      e9a2c784e6d797d91d4b8612e14d51bd

                                                                      SHA1

                                                                      25e2b07c396ee82e4404af09424f747fc05f04c2

                                                                      SHA256

                                                                      18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

                                                                      SHA512

                                                                      fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                      Filesize

                                                                      696B

                                                                      MD5

                                                                      4ca1a1c53760ee186ee24aeec5b428a1

                                                                      SHA1

                                                                      d269d1f39238f948b7ab2f045bbabd530d30f2cb

                                                                      SHA256

                                                                      698321d309b74b5022aa1f5b748eb5339c2ae3f4339d04f30b59b0480280bd4f

                                                                      SHA512

                                                                      f7787f20ea89ce7819e454b25d64f8aad66d6c042197776f4969e28adf69a8ea75af299f8e9e2235ee489e76f162fa972c31f1e4c5542268b731c05471a166a9

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                      Filesize

                                                                      3KB

                                                                      MD5

                                                                      98cd7dc3b08e4d0fae62f197a13a6645

                                                                      SHA1

                                                                      1a8620247793bdf6a81fcae6de7657aff34c13a3

                                                                      SHA256

                                                                      9b4818216142cadfd46425f42aa337ac95182d0aab67f83f098007ef131a5ede

                                                                      SHA512

                                                                      1cba5e63c7ec9629a683e691f1989fe1ce222b6bcd24d4d8311f9296a82e3f80d2f10264bfc179b1e75e5dd388dd7ed5b1405bdd4f4118978b29824a52640c1f

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      c4435363b5ee72c55bd8d5b09ebf7243

                                                                      SHA1

                                                                      d2d4b4e84887135055f26fd39b3b7576d4f5980e

                                                                      SHA256

                                                                      3821a0b15b8e0a29256eaffc659e45b44d2b9deb7b29a00795c41e07bf845abd

                                                                      SHA512

                                                                      1e6c93a5df1851f8a8d2ba5daa36897728d22ad50e23bd85414c311fa09b938276baf42eadfd6942789c514e141f796a59b442239c18e353c1b87c9c766ff179

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      5KB

                                                                      MD5

                                                                      df8a8b9ebb99ff5a0d35a7a37ad80a57

                                                                      SHA1

                                                                      173de0906baabe7fba0885f3f4da57c9d20cee3c

                                                                      SHA256

                                                                      5b08282ec39145df5ea4dd131f557c0acf68b4e9f3a7635d8d66454f4b1252ab

                                                                      SHA512

                                                                      ec5ab45a2e266493e9c5db5fc1c1bcbb0d0cfe91dc356d80d3a73c4afea6978e5e7b6b508f28134ee179ac504039b4b7a86cbba0c0c5f3660799925ed1185aa8

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      ecaa5275c3f8115f08457a51316503d7

                                                                      SHA1

                                                                      f4df6455db32d7b8ea8c679e71a23659ebb95ca5

                                                                      SHA256

                                                                      811b23db940b7a28a0b6612315550160439c91eae2b7b3689735af28801a8c70

                                                                      SHA512

                                                                      f85c152294f859cac5847424ff339b554790357fbe737f2e37416ae34ceff6e335c896fcfe2cabec4e07ccfe8d6e6b1cd211214bed07ee99a8b98e35a2e529d5

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\57c68ec3-e0b2-4f40-a429-f5f67a9de2bb\index-dir\the-real-index
                                                                      Filesize

                                                                      624B

                                                                      MD5

                                                                      c36d0541d8e8407278f41bdcfb106a9d

                                                                      SHA1

                                                                      6457d2a7a8669859a5d851a6c2de7c543286cdf6

                                                                      SHA256

                                                                      e4fb3fc246324c553d14020b24f7250c8658c3c44b573f0dc2eb6e1bfc63eb08

                                                                      SHA512

                                                                      784b794273789a31c3a63dbadee5d9adf24a850ab9368a7e6fd367231c00f3bf023f32381d3a3954b65cd2f3da98485fc10003dd71baee1332c48598ec9f1c3b

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\57c68ec3-e0b2-4f40-a429-f5f67a9de2bb\index-dir\the-real-index~RFe582a86.TMP
                                                                      Filesize

                                                                      48B

                                                                      MD5

                                                                      ec27773510531bd7acde4615a2e18cc3

                                                                      SHA1

                                                                      8ced88d88e1e4beefb0c5bc77fb15e4926282812

                                                                      SHA256

                                                                      4ae95b729e4e39f2b318ee56581aa495d0ac226b7f79dc03adbcba337cd2671d

                                                                      SHA512

                                                                      006a7d1054513c613bebfed2645620a869a442faed49d32be6dd9634d4d0394c8cad08dbb98d7441439795cbc56eb89623ec8016d0223c4955fe14b61183d95f

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\63cf2a5b-b23e-4b5e-b56e-de595d68aac7\index-dir\the-real-index
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      9d346a2f4131d816592326cd90604ff7

                                                                      SHA1

                                                                      0b2cda22ca455a3c4dcd4fa3ff6880c5c21f6e8c

                                                                      SHA256

                                                                      85837894a03c7d1d03de8fa23093bf5cb7caab97c6ae010a723028bf3d7c729c

                                                                      SHA512

                                                                      e05ef910622d439af81abf5fa11b5568206d3aabd878ba16b2cf8e481237d9e7a3bf411a8e379c5bef8c06cd80203d56faa8fa145a5b5dc08249b68e458b073b

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\63cf2a5b-b23e-4b5e-b56e-de595d68aac7\index-dir\the-real-index~RFe582a86.TMP
                                                                      Filesize

                                                                      48B

                                                                      MD5

                                                                      ea8c6f6027ded0ffa3397207e27164d9

                                                                      SHA1

                                                                      35fad11e75466a62ac3ff9e6db78ad0c5e2fff6c

                                                                      SHA256

                                                                      34ce0a9fe2cc1ea47e63ae7dcc1ecd3b437d17aee3f461d420579df03820b2cd

                                                                      SHA512

                                                                      17fd7f06482c8d3f9b609e489b65efb70a8ceb38f127e928abba04d77a78761909ec4ad5351e471223a5e1797098127de9da930574ec6ec1c99e5eaf29e8fa96

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                      Filesize

                                                                      146B

                                                                      MD5

                                                                      2c0de6b3b854360ba0208ca57d35b4e7

                                                                      SHA1

                                                                      0bf28e46da37e185edc7d51b9e0c5c357339b7b0

                                                                      SHA256

                                                                      166d549227ac166684b4c4c99534acb6206563845049030d307818d94624437c

                                                                      SHA512

                                                                      23977df66df1ac2f5b205044fa596a8cb3b4ee4f46a68f62e3c14b3d129ca57d74b1ecf0042aef873f0fe83e4bba18efbf5061d5a21247626775d8dfd5e40f97

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                      Filesize

                                                                      155B

                                                                      MD5

                                                                      e37760b5531536ad830484221981fc9d

                                                                      SHA1

                                                                      31b134b3b8ddc0c7cad0d8654d3f883ce210aa1f

                                                                      SHA256

                                                                      33b3d6975d7402c2776cf8bfde03733405244d392af92e05647caa0d02c686c0

                                                                      SHA512

                                                                      79811054781dbee0b56276cd0e5fa81bca3cced4df8c5715e89bb68e2f1f5c9e8eb1fe37ee9afc70ab82e3cd6ec51512c48f361440b7e42f82bd730eb10a8dc1

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                      Filesize

                                                                      153B

                                                                      MD5

                                                                      b33b663746af0732eeb94c35350fad7c

                                                                      SHA1

                                                                      c9a151310858f072d0c580c57b65646c865dcc56

                                                                      SHA256

                                                                      aa0607cd2a284b0f2b7648148e3f73997bb893345ba2cbb232e40a4025fbebf7

                                                                      SHA512

                                                                      ad557d50e4f8dc7e26af825372efb3bc020921963a4c3d27f824a1ab6834ca026751bcfe75f292059a1a264fbd5820f08857670469923b268fc6f691c7931a7d

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                      Filesize

                                                                      89B

                                                                      MD5

                                                                      4a60e0f5742ecb2659e89b19f5a6b4f8

                                                                      SHA1

                                                                      498d63e48b587c39e9a079e3e487ed6b95d48554

                                                                      SHA256

                                                                      213223f459f1f21976e3c48b77cf6fded8ab612e4e342feda67f678002aa3c87

                                                                      SHA512

                                                                      7902ab0c68d18c8a695fe0e0024e958994f84ac22bf1baa1ed57c07b252c3093de6d1825c438a40cf6cb9b6388209489d2ddb1a3450fa5ef29f30b4f9b69136a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                      Filesize

                                                                      82B

                                                                      MD5

                                                                      3ee2fc0e3fb15bf69700dd41a4016927

                                                                      SHA1

                                                                      4ad8cceec63b46b13c77d13a81d4aa00f397d30a

                                                                      SHA256

                                                                      62b6f3a36fea6dd6e55ff416088f7b8129582db30eef458528138efb8e56bf3a

                                                                      SHA512

                                                                      999dbdaadb94e0b77a92730c14333a9e4f9d15e14488702d94fd7f5db547663e5670aacb1e18b56cfc7d6631f977d4f57f347484ed700ba38f6cbc99a1b4eb3a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
                                                                      Filesize

                                                                      24B

                                                                      MD5

                                                                      54cb446f628b2ea4a5bce5769910512e

                                                                      SHA1

                                                                      c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                      SHA256

                                                                      fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                      SHA512

                                                                      8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                      Filesize

                                                                      96B

                                                                      MD5

                                                                      7929d496bf4233148484aa579c3afd60

                                                                      SHA1

                                                                      168938290897ce26307b32c9e2b4c1493f7abe8d

                                                                      SHA256

                                                                      6b5c604196d69da407418ad3e29517cdca9f229754cfbf11cc9b507ba2dac214

                                                                      SHA512

                                                                      f214349ef224b3e156fda18e2add8c735032aefd5e44cb6209439cc37fb43119571b3d940ceabf0c086a6a782acae1c6954f7a06bef92fdf6db4cbd2e48f8794

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582a86.TMP
                                                                      Filesize

                                                                      48B

                                                                      MD5

                                                                      78f1734708286d648af7a670951ce368

                                                                      SHA1

                                                                      6e23375cbf0afd45798093020c1745493ce4c4a0

                                                                      SHA256

                                                                      9d3dc1fc4cdf23bc549c97a5508977b33234c75ed257cdca23aa6fe1b6ba0220

                                                                      SHA512

                                                                      cd62cac58fa99c7be0ca0feff3ebf498ead5a36a1118528a6feaf7ce36b8b1251151d3b3aaa2139ae8c2e5cec0fca0bd0ce6fae38dccbf026f909a307e452575

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      706B

                                                                      MD5

                                                                      896a0b8722f15e807c50fdf4cdef53dc

                                                                      SHA1

                                                                      8bf1a77abf0104bdc3d9fb11defaa839171eca1c

                                                                      SHA256

                                                                      789cde0fbb8661de60309b13bde61f732128e0ff55e91140fc13590fb24326ac

                                                                      SHA512

                                                                      20850320f7ed0e62212a5fe59cf4713fc13c47a9f2d4a3725763096487d50dbb20eda056c3b30365ddc64ca7bd887b98abdac7f01ddc1465e69c9bbdec97d543

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e12.TMP
                                                                      Filesize

                                                                      539B

                                                                      MD5

                                                                      06468b44c69200b36667ccb8970a9cde

                                                                      SHA1

                                                                      a319d4da100921153e19c17991a2e6e3fbebaeba

                                                                      SHA256

                                                                      2ffc3bc879f3009a6eb2d541781668064bcabbc9e9188d3fcb4ca7d36ea41301

                                                                      SHA512

                                                                      32ff65484f957e4496204cfcabf3206998bdfcb3829cbacd8b84b9e1a61d16bf61fb942425ea7a0cb5019014bdbd2da875c0d7c647e56daabcdda438813b11c2

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                      Filesize

                                                                      16B

                                                                      MD5

                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                      SHA1

                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                      SHA256

                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                      SHA512

                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      79d2bd27e8f03a0afdea81148163b024

                                                                      SHA1

                                                                      81e5b441846668ec569f3db7c4f831e5192ece2f

                                                                      SHA256

                                                                      00b177ac80617c525e26aad732edb2a71e9e5d13fb74f1c8289540a85f2ac424

                                                                      SHA512

                                                                      07ea882cc1eb5f55e6bf85d610490322330bde7f58ff55d1d9927442c771dbe411c66246bb519881d6cb85cba18c27354bd447815117ac4001ab574447d90b79

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      7c176feabf38c6ddb2bf33c6b38c0b45

                                                                      SHA1

                                                                      498c41ac620b93b4e0441b7e1422885eeabf0058

                                                                      SHA256

                                                                      eee225c1dd69493e727bef2203ce491ea585390f2bfa302b789279f6358eb00a

                                                                      SHA512

                                                                      3a5f87debdddd1196d3883766f36f5d93569e356aa7405bf1f63e2b784f0608eaa78563fef0065e0ae9403cd7c53a6ac29731146ad107a67e7d85a82fec9207f

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      b9564f02187c74d176b4bc217528d49c

                                                                      SHA1

                                                                      c02df80992e94154c76ee117e9acca219ec81c3b

                                                                      SHA256

                                                                      2ad870c1cc85be960cd2290e306106650bb75a520826ed1f7ddac7a1fb08a04f

                                                                      SHA512

                                                                      ad4092d2fd78abefd5846240d275f27889efa05cc1e48718750ab3d6a536dcbefcba340300582e89e8c8a0c979a6fc56635d1d014a78fd83bfb31203db4adcb3

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\fb676f46-09a3-4521-b920-d17ee1af0ad2.down_data
                                                                      Filesize

                                                                      555KB

                                                                      MD5

                                                                      5683c0028832cae4ef93ca39c8ac5029

                                                                      SHA1

                                                                      248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                      SHA256

                                                                      855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                      SHA512

                                                                      aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                      Filesize

                                                                      10KB

                                                                      MD5

                                                                      f24fe7c14f9218ff3d8b52153b2711b5

                                                                      SHA1

                                                                      a7820f3643c6484aee7d2e3a33a53750c4a92647

                                                                      SHA256

                                                                      6ca7e0bf19f39e8a61c1fbbb68632a026f582f225b56d42124ff84db3a3d7598

                                                                      SHA512

                                                                      7fe07b07f8f5f2915a2a352008491fa268530de47b0d90beb3f1a3295ad8bc499813c15d024952612b7466fbe83f569242052cc6d7e13ce920e96b57f21882f5

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Temp\cfg.exe
                                                                      Filesize

                                                                      3.1MB

                                                                      MD5

                                                                      8edff3f58df24723f285aa113ba3da4b

                                                                      SHA1

                                                                      d9ffc44beab78fcf6910e6a55d9b888183967e05

                                                                      SHA256

                                                                      82c1101855adff990a1a5e6dcf6bdc32103088007b1f5f1ea52d8e765fbb3ad3

                                                                      SHA512

                                                                      a4b66616ee05f8eb2bf9bb091d3eb0d960fd3eadab3efde6b5121ff1eac90da888e7582a7f409b00ff0aa2642d490d71a4d0ca12705116691db16130e08dfe9d

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Temp\jjsploit.exe
                                                                      Filesize

                                                                      5.7MB

                                                                      MD5

                                                                      87bece829aec9cd170070742f5cc2db7

                                                                      SHA1

                                                                      0a5d48a24e730dec327f08dfe86f79cc7991563e

                                                                      SHA256

                                                                      88a19d3e027158e8c66d5068303532a0d56a700f718db80aa97e5e44f39bf4a4

                                                                      SHA512

                                                                      198c80d4b430a38ac597ff9023128cdbc9d2891097beef239721c330c75a412c0bdb87a4bfb0609db94f320655f3df1fab7d885843c0af40687e46ddcc88c9d1

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Temp\nse9CA0.tmp\StartMenu.dll
                                                                      Filesize

                                                                      7KB

                                                                      MD5

                                                                      d070f3275df715bf3708beff2c6c307d

                                                                      SHA1

                                                                      93d3725801e07303e9727c4369e19fd139e69023

                                                                      SHA256

                                                                      42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

                                                                      SHA512

                                                                      fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Temp\nse9CA0.tmp\System.dll
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      cff85c549d536f651d4fb8387f1976f2

                                                                      SHA1

                                                                      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

                                                                      SHA256

                                                                      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

                                                                      SHA512

                                                                      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Temp\nse9CA0.tmp\modern-wizard.bmp
                                                                      Filesize

                                                                      25KB

                                                                      MD5

                                                                      cbe40fd2b1ec96daedc65da172d90022

                                                                      SHA1

                                                                      366c216220aa4329dff6c485fd0e9b0f4f0a7944

                                                                      SHA256

                                                                      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

                                                                      SHA512

                                                                      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Temp\nse9CA0.tmp\nsDialogs.dll
                                                                      Filesize

                                                                      9KB

                                                                      MD5

                                                                      6c3f8c94d0727894d706940a8a980543

                                                                      SHA1

                                                                      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

                                                                      SHA256

                                                                      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

                                                                      SHA512

                                                                      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Temp\nse9CA0.tmp\nsis_tauri_utils.dll
                                                                      Filesize

                                                                      29KB

                                                                      MD5

                                                                      8def0196223484f8aed4106148dd3f08

                                                                      SHA1

                                                                      e0fc0951deb0e5e741df10328f95c7d6678ad3aa

                                                                      SHA256

                                                                      c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333

                                                                      SHA512

                                                                      9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\2cf29a90-4875-4bbe-9f33-8274851dd260.tmp
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      3a2ddf8cdcde3dcd2edb235ccc656c10

                                                                      SHA1

                                                                      57e333b57b781b92518b3aa18ac41f9b9824eee4

                                                                      SHA256

                                                                      c7b786cf32ea05d99c211503413470e66808f958b058d740b34ca39ef47a2af2

                                                                      SHA512

                                                                      e83543ad61ec7ebb5428203a649edef88a30e45835f37b1d33a9c69089c088e8859b69c5d6a210c55d3656a5d258f786ca71eb5938627bb1b25bd4f93aba5fa8

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat
                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      45286d28a9a14198ef7e1e3e1a125b02

                                                                      SHA1

                                                                      1250bdc0beb90dfdc39684e326a1373619a6c1de

                                                                      SHA256

                                                                      58a33745e60068e507fd45d6cceb98bd5eb1433c8be0966ff8daf35f0f921a64

                                                                      SHA512

                                                                      60ac23b0089e628bc633dc71219c82c0d43d4180b27963535cd61f1282607a20d1a8f126dc60cc2b943d652d7c0e9cb48073694858e8306919ef78f260725777

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat
                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      0ae92558477818299615c3bb12f00286

                                                                      SHA1

                                                                      026e2ba450bcfc0b3182f0bcde435b9cad3ac1b1

                                                                      SHA256

                                                                      16b1b33c15842da9becf6a2e2d82d4bff9e8b7a9475d5c1e37de6fa935d04ec0

                                                                      SHA512

                                                                      5dee49a4cf707ab47a060fb8a37d504def1b0297cff669a7ea8d2853fdb404f15215cb284ef12f86478494f45870cd689f9efc811065088e7e076069aae1e01a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat
                                                                      Filesize

                                                                      20B

                                                                      MD5

                                                                      9e4e94633b73f4a7680240a0ffd6cd2c

                                                                      SHA1

                                                                      e68e02453ce22736169a56fdb59043d33668368f

                                                                      SHA256

                                                                      41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                                      SHA512

                                                                      193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\6776b808-2591-4a4c-9c78-2f0b2e462992.tmp
                                                                      Filesize

                                                                      1B

                                                                      MD5

                                                                      5058f1af8388633f609cadb75a75dc9d

                                                                      SHA1

                                                                      3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                      SHA256

                                                                      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                      SHA512

                                                                      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\7c92bbd4-f8c9-4ec6-a07e-3a73eff69811.tmp
                                                                      Filesize

                                                                      61B

                                                                      MD5

                                                                      4df4574bfbb7e0b0bc56c2c9b12b6c47

                                                                      SHA1

                                                                      81efcbd3e3da8221444a21f45305af6fa4b71907

                                                                      SHA256

                                                                      e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

                                                                      SHA512

                                                                      78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      cf89d16bb9107c631daabf0c0ee58efb

                                                                      SHA1

                                                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                      SHA256

                                                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                      SHA512

                                                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_1
                                                                      Filesize

                                                                      264KB

                                                                      MD5

                                                                      f50f89a0a91564d0b8a211f8921aa7de

                                                                      SHA1

                                                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                      SHA256

                                                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                      SHA512

                                                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_2
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      0962291d6d367570bee5454721c17e11

                                                                      SHA1

                                                                      59d10a893ef321a706a9255176761366115bedcb

                                                                      SHA256

                                                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                      SHA512

                                                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_3
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      41876349cb12d6db992f1309f22df3f0

                                                                      SHA1

                                                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                      SHA256

                                                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                      SHA512

                                                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences
                                                                      Filesize

                                                                      3KB

                                                                      MD5

                                                                      80866b9a483d195e3d7ccf68ef3837ad

                                                                      SHA1

                                                                      f5ff53c45b580d4521c261598dddd186576cd0a8

                                                                      SHA256

                                                                      2b2b415a3fe190157476e4aa11654cfdde1e85783e68bee0446fceb27e1d8c28

                                                                      SHA512

                                                                      647f5403c7bf0cea730e4a4d450012723da79ca401cc06858ff7114f780d2fad52d9cfeafa68890ac2971a2d25c271b1f62a07f6435a6396b2eed55027f74b8a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences
                                                                      Filesize

                                                                      3KB

                                                                      MD5

                                                                      44ba65cb989d7ef8637a4b9a7454383b

                                                                      SHA1

                                                                      67f6dc9ff05604dcd19ab03cd3b2a021560f4620

                                                                      SHA256

                                                                      01c9b2443d23595bf765bd799cecc3bf6e852faac90d6f53c8e0f37fdbe1cd96

                                                                      SHA512

                                                                      b2b6b70616b5d2f0df0b744b86dc243aba381d33f5d947564f3597b9f56cce4bf807070e5cd2224054bc6f517688715a58123a7310de443cec2beaec9423c568

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Secure Preferences
                                                                      Filesize

                                                                      8KB

                                                                      MD5

                                                                      4d41d51a03fbeebfe7f37f1f943d1314

                                                                      SHA1

                                                                      e631a31a604a30ecc43b9524170afdcdb1ad0db5

                                                                      SHA256

                                                                      87d4e7e592ced746542c46fb714a3d28eca7335785406db450f084d819ed55af

                                                                      SHA512

                                                                      6c68a669a715abc520d77cabb064ddb21c5bb367fecd742d4ae0dfce9e81823f1e2853b2141f93a62529f607726e8bcbb861826cce806512250ef74487a776a4

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\CURRENT
                                                                      Filesize

                                                                      16B

                                                                      MD5

                                                                      46295cac801e5d4857d09837238a6394

                                                                      SHA1

                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                      SHA256

                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                      SHA512

                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\MANIFEST-000001
                                                                      Filesize

                                                                      41B

                                                                      MD5

                                                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                                                      SHA1

                                                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                      SHA256

                                                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                      SHA512

                                                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Last Version
                                                                      Filesize

                                                                      11B

                                                                      MD5

                                                                      b29bcf9cd0e55f93000b4bb265a9810b

                                                                      SHA1

                                                                      e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                      SHA256

                                                                      f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                      SHA512

                                                                      e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      f33a1a521da7c243905ef90246a73802

                                                                      SHA1

                                                                      2900a289ddc189756331e04b3e977453bde62751

                                                                      SHA256

                                                                      9472634766ecb9baa533ee457e648102c037e015371fa3705713f8b1b342c667

                                                                      SHA512

                                                                      8a64ce74397665dbadc0b2bac51c8b3e879d0d48aa94d87b8786de418db4d8793bfe12f5078b53689f55a6e79f7cc66888c4cceb6f8ed0c66ba348d932c51906

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\index
                                                                      Filesize

                                                                      256KB

                                                                      MD5

                                                                      3162784c0e60882c6903cd045bdf30b8

                                                                      SHA1

                                                                      7fd8f2e6342a9162db6427d75ca8788e29b513cc

                                                                      SHA256

                                                                      27857612d757f0e96bcb8319255ff69f51fa897f9de4ebd0c479f797680e1b6e

                                                                      SHA512

                                                                      4ab259ee4a255c8e275e53c2a89421bb7eee89e493af754038689d356706635b8d461bdae648e4ef96e43fa846d2dc0a1eb8087804e96399708455b5dd4e2802

                                                                      Download Submit

                                                                    • C:\Users\Admin\Documents\jjsploit\db.json
                                                                      Filesize

                                                                      54B

                                                                      MD5

                                                                      41dea3a16884a8a050f599c1b3d3dbf5

                                                                      SHA1

                                                                      0d1893892dd3a5211b8dc4b66efae5d3f2c82689

                                                                      SHA256

                                                                      e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466

                                                                      SHA512

                                                                      2c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2

                                                                      Download Submit

                                                                    • memory/4484-1-0x0000000000500000-0x000000000051E000-memory.dmp

                                                                      Filesize

                                                                      120KB

                                                                      Download

                                                                    • memory/4484-39-0x00000000746AE000-0x00000000746AF000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4484-0-0x00000000746AE000-0x00000000746AF000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4484-4-0x0000000009EC0000-0x0000000009EF8000-memory.dmp

                                                                      Filesize

                                                                      224KB

                                                                      Download

                                                                    • memory/4484-3-0x0000000009E40000-0x0000000009E48000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/4484-6-0x00000000746A0000-0x0000000074E51000-memory.dmp

                                                                      Filesize

                                                                      7.7MB

                                                                      Download

                                                                    • memory/4484-2-0x00000000746A0000-0x0000000074E51000-memory.dmp

                                                                      Filesize

                                                                      7.7MB

                                                                      Download

                                                                    • memory/4484-41-0x00000000746A0000-0x0000000074E51000-memory.dmp

                                                                      Filesize

                                                                      7.7MB

                                                                      Download

                                                                    • memory/4484-5-0x0000000009E90000-0x0000000009E9E000-memory.dmp

                                                                      Filesize

                                                                      56KB

                                                                      Download

                                                                    • memory/4524-1051-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1050-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1046-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1047-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1048-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1039-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1041-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1040-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1045-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4524-1049-0x00000241951C0000-0x00000241951C1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4604-212-0x00007FFDE8AA0000-0x00007FFDE8AA1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/5080-18-0x0000000140000000-0x0000000140141000-memory.dmp

                                                                      Filesize

                                                                      1.3MB

                                                                      Download

                                                                    • memory/5080-15-0x0000000140000000-0x0000000140141000-memory.dmp

                                                                      Filesize

                                                                      1.3MB

                                                                      Download

                                                                    • memory/5080-54-0x0000000140000000-0x0000000140141000-memory.dmp

                                                                      Filesize

                                                                      1.3MB

                                                                      Download

                                                                    • memory/5080-17-0x0000000140000000-0x0000000140141000-memory.dmp

                                                                      Filesize

                                                                      1.3MB

                                                                      Download

                                                                    • memory/5080-19-0x0000000140000000-0x0000000140141000-memory.dmp

                                                                      Filesize

                                                                      1.3MB

                                                                      Download