Overview

overview

6

Static

static

3

JJSploit.exe

windows11-21h2-x64

6

Analysis

  • max time kernel
    482s
  • max time network
    487s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19-08-2024 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JJSploit.exe

  • Size

    9.8MB

  • MD5

    5aa8497659e32136c48465a91e092d1a

  • SHA1

    f03bd00ad306305630d647805648822b542beb60

  • SHA256

    e02832385c39f13876f7416350a9d76a93b4e97648c77e073e226217802832a6

  • SHA512

    abf442476c2d2646e62695bd4c3b9b56c445e0bf58b0add81a9f933227835a7ee959646ddb426a152b507b503c3df670b20e8ebb2c3a6f8fd69d023b6c128751

  • SSDEEP

    196608:X0CW7PVmsuHfDpHHZ0ry9bUhLnCHpw4aGIE9XBp:X0CW794HfDpHHz1iWw4a/oXBp

Score
6/10
discovery

Malware Config

Signatures

  • Network Share Discovery 1 TTPs

    Attempt to gather information on host network.

    discovery
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JJSploit.exe
    "C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Windows\SysWOW64\cmd.exe
      "cmd" /C start https://www.youtube.com/@Omnidev_
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1264
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3240
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff75db3cb8,0x7fff75db3cc8,0x7fff75db3cd8
          4⤵
            PID:1600
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,13891694718404340666,942987749371566077,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
            4⤵
              PID:1016
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,13891694718404340666,942987749371566077,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:2732
        • C:\Windows\SysWOW64\cmd.exe
          "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
          2⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:580
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
            3⤵
            • Enumerates system info in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:232
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff75db3cb8,0x7fff75db3cc8,0x7fff75db3cd8
              4⤵
                PID:1168
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
                4⤵
                  PID:4424
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
                  4⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1504
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
                  4⤵
                    PID:3952
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                    4⤵
                      PID:3560
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                      4⤵
                        PID:4332
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                        4⤵
                          PID:4820
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                          4⤵
                            PID:5024
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                            4⤵
                              PID:3824
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
                              4⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5788
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
                              4⤵
                                PID:5544
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                                4⤵
                                  PID:5536
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                                  4⤵
                                    PID:5780
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                                    4⤵
                                      PID:5784
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
                                      4⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3488
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,642608707945907423,17222207204368697123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
                                      4⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:824
                                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=7.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4572.5112.13729050871286172686
                                  2⤵
                                  • Enumerates system info in registry
                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of WriteProcessMemory
                                  PID:3068
                                  • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x118,0x7fff75db3cb8,0x7fff75db3cc8,0x7fff75db3cd8
                                    3⤵
                                      PID:4028
                                    • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1784,6093500285280632782,15127068385467889409,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
                                      3⤵
                                        PID:4036
                                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,6093500285280632782,15127068385467889409,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2168 /prefetch:3
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1856
                                      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,6093500285280632782,15127068385467889409,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2376 /prefetch:8
                                        3⤵
                                          PID:3360
                                        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                                          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1784,6093500285280632782,15127068385467889409,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=7.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
                                          3⤵
                                            PID:5192
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:3824
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:3236
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:2336
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:5140

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                9828ffacf3deee7f4c1300366ec22fab

                                                SHA1

                                                9aff54b57502b0fc2be1b0b4b3380256fb785602

                                                SHA256

                                                a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

                                                SHA512

                                                2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                6fdbe80e9fe20761b59e8f32398f4b14

                                                SHA1

                                                049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

                                                SHA256

                                                b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

                                                SHA512

                                                cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                Filesize

                                                312B

                                                MD5

                                                7fada5bf13381a0f84e0ad94b20be7e6

                                                SHA1

                                                07d4c99515432ede83728a03e55b5d7fce3bd072

                                                SHA256

                                                32f7c7c37a8a2834cd481f8c16027dc96b22c71d413114c0d1e707b1ca7c0e9c

                                                SHA512

                                                a99d58066c666df0a97c24b43c251678f6623fed04c302b815a42149deeeaa183d43640c240fb04a83ff01860ba27c25feb9ac53225254dc94a84531028d2023

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                1KB

                                                MD5

                                                fb063945c9ec0e41e9f43146c3dbd35f

                                                SHA1

                                                66db80f8fc99a9c40e9e8548311120ba17ca84a8

                                                SHA256

                                                357aaa740069d76d26ca5677ebe3f428240b93d640ce22ef0e16cec523c6eb3f

                                                SHA512

                                                65aecbe5c1e5e4e5cac2948cc01e9becaa68c0a06034a3cbbe0daddf43a43c9723a23c04dccafff8eb2b5220cf85af5053c666018580d9c06c386a565bf7c289

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                1KB

                                                MD5

                                                5bf951320e19495b3afa0b249f9bdb2e

                                                SHA1

                                                f8409d73af6e1f079f2f105e4727ab178077109b

                                                SHA256

                                                9888ac2432de8d205d53b1bff9b98aba531d2af032f769cd3c0fb5655b315463

                                                SHA512

                                                a9e653e915f2400a2ac38a592818719be05810315ec364c51eccf8eb488906414cabd7298d5f3496dde319d3c06586b3feb82aabb8cd2976645037761bd951aa

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                1KB

                                                MD5

                                                9db30fb6033ef03c19cbf962229f42da

                                                SHA1

                                                5cdf2750117634b4d0ad341ce47fd9b8939e0557

                                                SHA256

                                                b76916e9194862b07d8d1fd10356cff7afdb8c12709203a4cedaf364adfb8bcc

                                                SHA512

                                                83d164722d03c2af0b789fe659b8f2b7439fc08608d2c96a50d3a2aaf551e274fe9de8e9a0f2d1a11422cefbecddd7638f6c585865fc44084c0103597110911b

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                1KB

                                                MD5

                                                6213cab422a8985f7490d2fbb04adde5

                                                SHA1

                                                32fc1f4107f2cfd876d74ff763ea45e7a552d678

                                                SHA256

                                                ee7c9e774f2c8a60a9d68de146f735ad8ae3acc9cbdbd080a6189f3d6e6a805e

                                                SHA512

                                                691eb3e99839243542b05656b2a2ed9615255ed8c6f885d217eb95f58bbdd78ee56ddf08aaac8b4a574341659bbc79154a1a8ac06141826a4a67286abe6972e6

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                5KB

                                                MD5

                                                2950dd95fc194de7256f78ba9f139246

                                                SHA1

                                                2e60b58394726c55318ac26a9bc5423c5ea724f4

                                                SHA256

                                                3da19d5ce197b43c1164cc7604ea31d7f4e25dc548d27e1d89717b3b00a00e34

                                                SHA512

                                                f1ab147e10f6fb103b9d9a64e087860b91fa70589e9a6b3b1b3f227bc08ddc6e41619ee5428512cf97533deaf9f72844b8b2aea01b88cbcd8d09ed2035e9d5d7

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                d04579d9c72883e3b1a28d6c0f483735

                                                SHA1

                                                dae2d3652cdf0be66a18b227d056818044c22e1f

                                                SHA256

                                                0ae07eb090e73cbc731aaf4eb5056767323dd5037ccd45cb8198a035f8d12e96

                                                SHA512

                                                c18584c27bc4511d4be1ad76b41af06b52dfe5e6ca8d28db4a108efa906529a2f1de1129c6c7ae53d712bce454f3fb5de41c305eb92b8421190ebc3c57865718

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                Filesize

                                                16B

                                                MD5

                                                206702161f94c5cd39fadd03f4014d98

                                                SHA1

                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                SHA256

                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                SHA512

                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                8KB

                                                MD5

                                                05f872f0d3510755fbe5aa26c6c30f1a

                                                SHA1

                                                e6a465e8130a6977bffe83135ffdacd730bcf4b1

                                                SHA256

                                                610b7bff9ad62749216aae630b199dc0a9cd1f7e560a50dcf6561cea08f5ead1

                                                SHA512

                                                e1ee591c401f6dc75550b3fa21991d40939d1effd9c27988592b3826f86026b4b47aa8f02b33722642214db9746de9794bf80147f81114a73a9fc642caf027f3

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                11KB

                                                MD5

                                                fb78027264ebfe7705d3f796ef46afa6

                                                SHA1

                                                3c556f513523d78bcb17fa7129b99fbba6939491

                                                SHA256

                                                f9d68e8503d61360bdb3afef73cc950713a201bb8b67dbfe60ccc24b1d83499f

                                                SHA512

                                                0a48f0bc750b1eeb15496f82a4ca6c55f87457b49113794f7200ebe9fad092aa9cf29f08308f25b70bc29daa383342f508a18c532dfefc052b87f65b57c1cfa9

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                10KB

                                                MD5

                                                3850682934891d5094f01d9be5c811b5

                                                SHA1

                                                7339b3e267aa07ad445b2a8bb29da09928296a85

                                                SHA256

                                                3ea59930d22f2fd73323efc28674962bf0e9ff0c26c560331412193d8e570808

                                                SHA512

                                                8526d87dbdf5cd5b5d1b8b2e95ec0579fada39a1d99688a7c1f6db5e7ee63dadda654480797664d55ac7e33b3daf2ade3df34450f3e46676b68344b89f992898

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\32ca36ac-ad38-4cb8-ada3-b2ff82b9b43f.tmp
                                                Filesize

                                                2KB

                                                MD5

                                                7059d0a1f218e0b30d8b78531dd3ead5

                                                SHA1

                                                913b69fbd7f8698689822f6427cd15631948ca01

                                                SHA256

                                                15bcc9501d7845996514f895038cd5580175599ee1bcd067a02be99dfcdce6d6

                                                SHA512

                                                a365c289cffae397b4528d591f82b4c104965fd3808b25c4c74497ede49181950034877962793f7724eb6684b679940147bf01bd86ab951241b1caa5e35f9edc

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                f6615e9d6019aa48ce044cf113e471db

                                                SHA1

                                                2541d1741e0feeb9d9506831d9a5e0803de191b5

                                                SHA256

                                                5d3110ab7ecdbe9b2780b66f06d86e89f4417e569d6814dc8b05cf3d22ecc33e

                                                SHA512

                                                bade283106c7735bf35e3d8d2a5a5c821fddab0a6eb25b4261a81469e9814a8787b1a9aa4fff23dd19f1d291a71cee575667f08464a75fa96947f84770138b4c

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                69307d904f0531977737d3d0488244a7

                                                SHA1

                                                35cc7a32359f88cf51a62a28c409367bceadf0b3

                                                SHA256

                                                927242884c0d0ddb5762cc06a1f41093abd758e677084b678dc197dccf308ae1

                                                SHA512

                                                0e1985f1c4e1101711f7dbb4d08f4f8fd5f144b4485eafa5aeb0e69d8c19fad8d2448139f8bf0d686143a8f22702c0310102de6d6d1415cf07a58e23d6c2e267

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat
                                                Filesize

                                                20B

                                                MD5

                                                9e4e94633b73f4a7680240a0ffd6cd2c

                                                SHA1

                                                e68e02453ce22736169a56fdb59043d33668368f

                                                SHA256

                                                41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

                                                SHA512

                                                193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0
                                                Filesize

                                                8KB

                                                MD5

                                                cf89d16bb9107c631daabf0c0ee58efb

                                                SHA1

                                                3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                SHA256

                                                d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                SHA512

                                                8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_1
                                                Filesize

                                                264KB

                                                MD5

                                                f50f89a0a91564d0b8a211f8921aa7de

                                                SHA1

                                                112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                SHA256

                                                b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                SHA512

                                                bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_2
                                                Filesize

                                                8KB

                                                MD5

                                                0962291d6d367570bee5454721c17e11

                                                SHA1

                                                59d10a893ef321a706a9255176761366115bedcb

                                                SHA256

                                                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                SHA512

                                                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_3
                                                Filesize

                                                8KB

                                                MD5

                                                41876349cb12d6db992f1309f22df3f0

                                                SHA1

                                                5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                SHA256

                                                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                SHA512

                                                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Local Storage\leveldb\CURRENT
                                                Filesize

                                                16B

                                                MD5

                                                46295cac801e5d4857d09837238a6394

                                                SHA1

                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                SHA256

                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                SHA512

                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
                                                Filesize

                                                41B

                                                MD5

                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                SHA1

                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                SHA256

                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                SHA512

                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                Download Submit

                                              • memory/4036-46-0x00007FFF8A550000-0x00007FFF8A551000-memory.dmp

                                                Filesize

                                                4KB

                                                Download