agenttesla | 82552ffff92f9414b3c86d01fe3b33ac14adca0ac567e69712bf63755242f50c

Analysis

max time kernel
300s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40rSbt.html
Size

494B
MD5

0d5e9552cb5767233c9c35f5382944ee
SHA1

e6f947e89e0d839bbb0fdd5e368a386ce4e3a8e6
SHA256

82552ffff92f9414b3c86d01fe3b33ac14adca0ac567e69712bf63755242f50c
SHA512

4f371443a67b54aba32b8d3b7437a8aa3aa325fb8e1711d75ff6665419831bfec517d043bbfe66a67aeceb3c29c4578332cd67373843f0244f2cd655ef453847

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

resource	yara_rule
behavioral1/memory/5296-204-0x00000000057A0000-0x00000000059B2000-memory.dmp	family_agenttesla

Loads dropped DLL 64 IoCs

pid	Process
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Jules.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 7 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4908	msedgewebview2.exe
4176	msedgewebview2.exe
448	msedgewebview2.exe
980	msedgewebview2.exe
1440	msedgewebview2.exe
1132	msedgewebview2.exe
4772	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Jules.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Jules.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Jules.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699305719361076"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-131918955-2378418313-883382443-1000\{BC10E71B-1FF7-4471-8E34-11D7A20053A9}	chrome.exe

NTFS ADS 21 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Subresource Filter\Indexed Rules\28\scoped_dir3440_1924435236\LICENSE\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\4916c781-a246-49f8-8fda-1e81fd5ca1f6.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\5b477dbb-6bf1-4a9f-86a2-65b3117f31ec.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File opened for modification	C:\Users\Admin\Downloads\Jules.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\9dd62182-dc55-4341-8666-79fc32c76b86.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\4513f0fb-03d7-4f7a-b2a6-c015e90c46c9.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\9a74660f-0c81-4298-98ad-e62639d4a9d0.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\f81626c8-7717-429e-b72a-c549bb892c70.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\f62e4bc4-0fc6-4fd6-91ed-7b1f8650bb84.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\60159765-66e5-4469-ab9f-a74fd17b83b1.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\b27c530d-a0e6-4466-b193-670d6a527219.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\c15c073c-e6f6-4d15-824f-17d11fed0816.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\6d8c423e-653d-40f4-a20b-37d7e2fb15f8.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\2a2d9fba-9e53-4a5f-95f5-a598fb2f3536.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\662588ac-c4ca-46f1-87ac-0a4ea8174aa1.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\483fa670-df24-4209-baef-4f873199fffb.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\7bc16d84-9c67-4e87-b6d1-bfc4b869489c.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\9f151b31-d864-4775-bf33-b8be81fa38bd.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\161cf487-7d6f-4163-a3ff-1020de5962eb.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\5b1b42f2-1c02-4716-a517-71df3c95e613.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe
File created	C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\49204da6-183a-4a58-b09d-b1af2ea7da58.tmp\:Zone.Identifier:$DATA	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
1496	msedgewebview2.exe
1496	msedgewebview2.exe
4772	msedgewebview2.exe
4772	msedgewebview2.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
1144	chrome.exe
448	msedgewebview2.exe
448	msedgewebview2.exe
448	msedgewebview2.exe
448	msedgewebview2.exe
1812	main.exe
1812	main.exe
1812	main.exe
1812	main.exe
252	main.exe
252	main.exe
252	main.exe
252	main.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3440	msedgewebview2.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3440	msedgewebview2.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 1220	3016	chrome.exe	80
PID 3016 wrote to memory of 1220	3016	chrome.exe	80
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 5896	3016	chrome.exe	81
PID 3016 wrote to memory of 948	3016	chrome.exe	82
PID 3016 wrote to memory of 948	3016	chrome.exe	82
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83
PID 3016 wrote to memory of 5572	3016	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\40rSbt.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3794cc40,0x7fff3794cc4c,0x7fff3794cc58
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1704,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3576,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3560,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4928,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4364,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5076,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3572,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5080,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5016,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3124 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5388,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5588,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5720,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5616,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5424,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5644,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5700,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3232,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5456,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5780,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5572,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5988,i,10201215616116026846,11961170551237383206,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2028

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5628

C:\Users\Admin\Downloads\Jules\Jules\Jules.exe
"C:\Users\Admin\Downloads\Jules\Jules\Jules.exe"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:5296
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=5296.1428.15722427302169478726
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:3440
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x1d0,0x7fff26723cb8,0x7fff26723cc8,0x7fff26723cd8
    3⤵
    PID:5832
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:980
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2068 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1496
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2480 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1440
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1132
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=3980 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4772
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4732 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4908
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2324 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4176
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1896,15944804641391350606,283606178112670957,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView" --webview-exe-name=Jules.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5036 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:448
- C:\Users\Admin\Downloads\Jules\Jules\main.exe
  "C:\Users\Admin\Downloads\Jules\Jules\main.exe"
  2⤵
  PID:1084
- - C:\Users\Admin\Downloads\Jules\Jules\main.exe
    "C:\Users\Admin\Downloads\Jules\Jules\main.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1812
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:3448
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:4480
- C:\Users\Admin\Downloads\Jules\Jules\main.exe
  "C:\Users\Admin\Downloads\Jules\Jules\main.exe"
  2⤵
  PID:6368
- - C:\Users\Admin\Downloads\Jules\Jules\main.exe
    "C:\Users\Admin\Downloads\Jules\Jules\main.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:252
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:2764
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:5356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\330696b6-8773-4315-9812-931456326329.tmp

Filesize
9KB

MD5
de68287c10228e26a981053f3a4d2e28

SHA1
e087b47a6dc7ffccf3c9b90884244195c33577d4

SHA256
dc3f151ec9cbaf796eeffc38cbaa896d816be4cb35b3ca0506ab9a2e67d4519a

SHA512
8380b0b7703abeb3c3344842ed2c2d363c0faa6cf54c4521f1d3677874fa1272d5e0290efb83b70fc81127e4db5094912f4c29651e493265eac6eeca8766a010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fd5410411ce49a1432990b18ec2d606f

SHA1
6febcd0097c4ffcf3c4fc3ccbd570db736c4a04b

SHA256
66f1c12a98c875cac77c71f8cdcb3a4873f87dcca9667d090b07bb0248c83a18

SHA512
810eb091a4c0978b2c524bcce0597385e027233070f7b74793b3a56a5b70ccc0e917970a00889c1068d340c737f350816d617563bca5695989c1d4b0b5b7f811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cfd5935135a92181c7681c4767ed886d

SHA1
b8fb68cf527954e3fe7cb93237e4eb48b4d6927c

SHA256
f02a2664f302c208ac9b0d1f6ee9ab198e63a45a1bfbe081577df641928f3460

SHA512
1f2ad25838176a7affe0e839e238976d17fcc8bbf9243cf1245f307cb23bc89e73f94c3208a24caaca50eef700e85a6764a1fd78f96571de30e52e676fdd9d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
21b3c56a2ee8c7760367fea9ec59eb06

SHA1
11b5c707248912f55cd87961dbccf4edb1dafe17

SHA256
1b324aca7e10be8a31db8ac7c23bd0e44c0848c37ecf011f04e75a0cdb8f7a29

SHA512
15bb9989873b078f34a117956c1995c5dabded7ac86f742aaae7ca6514f26496f8b056a64aa4485b683c63b42df7754421e9252fff0606957529cfc01e1736e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
32b580d9e8f1cf1ee57d44aa8fb92e30

SHA1
d18a927d4b7198d866918ce008bfa5ab08cc47b9

SHA256
4d385c8b91049c0b09943fa70c164e2f79b5b56ea1176474e1a5b8008966fdbc

SHA512
3a99a774d188b051a38765aec05bd7138d5c98bbc83098b71db1d5610006324fe18cb6c802d2637a11dfe0b8c5fa1d1e25fb2c6910f28315a27cb6e98d161dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
c4595fc752e2ca0d6528acf3bd2ea8ef

SHA1
d888904c8148e1d1b9495d4f90d153493ba35f7c

SHA256
70ac31c215e23a248098ed96c53c73b61be4310e1cab0af634554fc3d1a9af09

SHA512
aaaceb17fca747fabfa84e28b0838993397cbcc27418a7f442a360f2e26a80bcd9b98ec30b1c2199f9528e857ae9eb4de845243362b4484092f7950d0bdb49a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
485339c16ac662767f26827403a8cf14

SHA1
546f145f7da18edd46555cde329406c3b4c6631d

SHA256
37a21143eef0aae05304093642c1cee5b6928072ac143066a56cecde54f4f73d

SHA512
0c034f54f9c07d2e0ecb241e92d70bb1d4ff905c07179eb0c13e25a2d9bf4b461562ef15d463c4a4a3cf33b0ffc6faae1e1a6a1d37e89ee070b7fb8a601c7251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
559f4c308f06cbbb4652025e7c2bc1d7

SHA1
16044d514a0df56cd7ea3d9f314f05f319ec0467

SHA256
e919709b2cc656c25e6fc270319d34c6b0b65a2c4cbd32d7ea7ffd027f325774

SHA512
48f96d50c5dc77f996e7aa12c013556a1bbcf4efe1134e07874a78185faebf1a73b0b8cda855ded5a1c268b067d0a0ec465b707c71cf5ddeee025164f1325dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ab6a615b06340063aa071a279963dd85

SHA1
ade3496cef5414e35076c0a2f9a44fa3ef17734f

SHA256
612a667e8ec8ce7afb59696dc245641d53ccb0bafd7feadf45c028ce009e2984

SHA512
4cc53861b38da379b0dd6d8bfd1a04f527a863d5a37dbb5095d3b75234785ecdb9bbe1aa3b2543415f1d46f4f3f7c2d951ace3ada9027b65c9b3f8acf3438656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
89fa73119533a7baa99efa7bdeda8654

SHA1
7f35e447155564f550ffc8258b0ede797eb66572

SHA256
771eac6471410d2f2bb0168553be37f3400520265b925ae638ba2ddea59af8a2

SHA512
5562a5a2c2e0fd6b176bc8e3bda8c238975589ab71f38c953c54ff6091168fe71dba7ff8c4cf7b85b7f0fdf403800c7ec98b5e2b23f348d6ce7c95df8d20bb49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e0190c3b52c83ffb973fca08fe7e7f61

SHA1
80e79909f778ed393cd783718d70aa2c40204486

SHA256
a64e38c708368662ee6e944f7855075f038a964e49f0e9d638a94cd76f1f8025

SHA512
8ae33697bebf55792ed7bcd008bab224c8abd5ce9c7b56118bf4a95572611d2bf1a6512393653ca9166d035555d38703d1b5dc0cec2095699efceddf992873b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
d8d2ab2c8c1b69b39a638763e6ee8325

SHA1
26bf487dba93dcf4e579f237caa839b16f568284

SHA256
6e4b2d799a2a2ce912dd76851534ca8f674918dd46ef278da89218171607d99d

SHA512
08f18792c502a57a1ce40d7aaa8754b2fea9d868f6347c945dbae2b424625994ea2a576004882e7cb703464b449a15694326fec636ba26820d6e6ad87f170554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8be0b22b0a5d43d167450fc80a899f1a

SHA1
d8d337cf39ccbc5a9c54590b40f948e1239b3677

SHA256
7eaa483b44e99cd3d39dee68545b044c079fb8f7d0d863664b543af06aa8b6b3

SHA512
bd643294fe6ae501c78e9a249f2909ea63261a427cf427f9253ef69e1c2d24ce700b9ca22fa2c3b1527efa520cc08869a9af10f5c83cbbad7a1a90e8a6fa2e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
eec17654e2a6aeb23228be44012f3e30

SHA1
a9efb3a1e8c585357b415a6f76d81a0f987dcf50

SHA256
14c9943199c66e7aa05a7e52040afd044ec857567c2e122c78fdf0d002ff643d

SHA512
7d7648f272657cb23b195cd10d6ec0c0a227a11fba08753f084ff38e52b3cc3a7822f9bc9d7ffd17f4ec2d588a4cbd019207c70519ac2759743cffc30c9a1b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
31b13fc201931bbd949201d85f7117d0

SHA1
50bfb03429e0f930aae8fb09f6ef46f06c30e2ff

SHA256
a337b2c83be18a652b4bf68f79f3d3458932e590f01d1852013cbe91c34c5ce7

SHA512
a62db96aea6f6b0b5269644f109cf6ac74af0958d3374965966e6ac6a709f79cfa13828155a93ae61eaf8f4918551ff8d11ca3786abd874ff5fab51fad15ecab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
99ba366a3bf97ecfe471d95170462049

SHA1
0120d634ff2cb6493584a61024a23bf69ad72c09

SHA256
228425ef59ef9dad70cc5538f7568a740f9ce8f4ec398fa36bfea0db6c8de46c

SHA512
383fbf65ba2d74cfa2e27e4a99c41df5a5c013befc7d04c6a10be487ef60bc0d4824dfb0b85b345d179ce3682ee662ce48e714138e49c387d7c0c5af0768e1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bba7e395222a9afcbf456c2b4ccc6560

SHA1
54841b9798ddbc55cc44cdec3b28e2189ce06f2a

SHA256
d2cd2ffd245c0c0535e1b402322e15c0ada731b430b46d5539feeb76769dc224

SHA512
27ee799d429536acc6808c67ea8c26058ff1f25d805b58a816030599f6eeb83f5586170e5249fc97df688a4b34dcbeda88057b018f8e50b94ba339b8360ac5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e72a8faefbdc20f639eb4016615b8b60

SHA1
977e6ddf15572c561d13b7e96d7c94675b14f13b

SHA256
4b143037a5180776b89649e40414208ef7d5bd28cd85b02cfb6e1819975292c7

SHA512
d9b67cbf7b112c7d0987b777fe8ff7469f859cbd46d3e80870bbff5ab6acddcb2e2907040b0d8acb610503f0a6f1ee3cf60858826ab3b04d0966f286a1640dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25b0643040089778fc1805a0e8ee99ba

SHA1
cb234e15bc65a555ac07651c8aa1cb589effd12f

SHA256
e2c33cee5d67a6a338b3233a7b36d68b343669c4566de07aac3d7ea5e8346abd

SHA512
0cfbd74d9c3c75553588a48b3e742cdc282612fda8e37bb75e484d9a4fa518530feb9c6b82cdf721aac0de26d72a33ca6f687b92ad6275b5f970b0cd6d5cee08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
019ab97c87e713b122e51d3ac4c7ac9d

SHA1
6cb5d28fb10ef5f7b544e4cbc5a1141179828740

SHA256
8983fc600eb77cf9437e9f962e3ca43ba1fea6f0bcb417c8a0705a810797bed9

SHA512
3fcbd65ff96c8d30eef7411eae3eb04aecde74ea60f4b8d11d726a207fb43c5101fad2b722a76d37fa9b1fb66f6db6154741cc9724cbeea1e9b6da408cf84687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a20c8e0f8bc0f60bbc16ce108dfed019

SHA1
ca1621be806cf4ca50f13a7a1f41130e5e92b8f4

SHA256
ef8df90b70af3c10cdf9871ba3b219da13f52c72912e9dc5d4f875e3f68ac326

SHA512
31fe1227d18dd062fb29b2f7854f27f709e7778dccb2cc87bf379d811a10764d3e377c4b057faab7ba1ede6076dfebe2f9cbe795061fb0ad0ebaef47d116300a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5ad74dd10a1eb2474ca6d4731751a9b2

SHA1
dd42a5a72bcf97976d994ca87361b3f96f09e2f0

SHA256
d63a35990dfea800d7c8da2e20c14bfb2250723d3496c0ef4fc02164d0eb8b8e

SHA512
2c4dee38585be0716992be15438f142a51b71d714e32f0c5bdde3aaa84d75a8657d3aa37084cffb8c828edf10c42af37491d9e74b343390f12f278c3627bcb5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
33a9929d2134821da88b4156a5b11d16

SHA1
b2f1b0671c2f9ac3bdb829e59c1a3faae28dce16

SHA256
24241938d2ea32e9828f02eec2471c0b2f794868a1108ebf4b4eed73d7cc1112

SHA512
4849f467c4295aa4343bdeba3d858949d8b3539344d3a9b49cb095939949a0cc201439f2645157793e000f60107553710105d044dd2505b0431a0cb237ec9cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fcc5aee866b5f67fb5ce6aaa8b2414e0

SHA1
9e2bcfe150bd8bec89460f23a0fd45287a980307

SHA256
41cbcee00f913c06499e9626d986a2b414c893bdd264c930d512e66f179ef509

SHA512
c21b053936b1988537a37152f63fa7d6548ff5c8b4777b4b7a6a1f39d3ecd803a1f3d42ef4404063992814564e7dcacc460b4a70602af22f2202ab29044e84b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1cd88064a15740dde2c3894edefebc61

SHA1
fab4f89023fc7a5b4810714ea5f3a4ebd0f46ba1

SHA256
36cb87d3e680d2c0e15827c00b6e1c2ced99812168ec5699ee397c8c5900b19f

SHA512
ba91decb485e8cb69eb9547c0a233cce5fa3ebb285efeb886cd2799ea1a6e7e0c8fc0f1ce4b51d8bbbf505529e9cc953266ad0ee86e18943736501ec88b8465a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d0b3e9fe688e16e38ef7a4f2aedbc4ff

SHA1
cdb7bf6803a49b7f78fc1cc686577f171bb238ad

SHA256
a6cd41eddc8f780ab5ea2ee5d12f2b5498426786e9d073c11a2cb277faf0e82b

SHA512
246ab3726bf725d3535144390000c2efc90874c84ee653ec87f1bd7975490c66bb7affaeea0165027650eab42bdf4f9fb34239f8f524362ce50709a3aee5ba44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
edb993db60b08774d2b426a5b954f495

SHA1
7e4011d401b79092f72cc5ae25147fa2243f24c1

SHA256
4732d8cdae8d2a6fbd4c35b273982f98a6af73ef94ab38e39e38edc0de618d8d

SHA512
0cb39a7add2920098912f1784b288a880b9f5077bd1a37386a924f9a5aee7125a9de52d5d22c3c27a0d8a30ff318f84c99b3c45a05a7067ad6e8247641a0546b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4aa7a5b571c2a4ffd917f349da24a5f6

SHA1
777db5bb31e54c7466ddeca80fbc458c4d10cff6

SHA256
de2acd52b1febbef3be1d94da519b539cb3151cbcfb854823a053c18b086827a

SHA512
4e57bf15ea301a27e6962603e86f88b913ddfbcf5243d6da695259cb9eb0a90f04506fe9bb3c5b3c882bfcca0c24c9bd977514c8c1cfa8165475a9ffe67a70da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
97aa8bcea104d674d1ae53039ec54d6b

SHA1
ff38521a09312abf99bf6e4fce69d691ab6f2346

SHA256
032d75f4d4b1971c68a397309e05c9f8e66b57ef5bdc3de5c49fd104d7662ed9

SHA512
26d929a828130324b4480bd2b4b7f4f3f770da6a5d75a9506a11124edbfbe90051c94594089f0426bc870858649f8d7fb83a76815a9f3e85cf5348203739b4d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5db494192370c665461fc3d03423655

SHA1
d9ddafd3f04a32286c5bd1fa009318b8cf318abb

SHA256
04fcc6f694c157c1cb31f70eff318e1a0d5e780bdef23c3f3859fd31aa87e357

SHA512
340b3c0a5759205070d0b17d1912f8c69113f6db22f3091c6127f1af3a27f83a34428c35941de229cf2aaae6ad548180313a0d3dd3e1852656a346728b00d51e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
542bc1760f854e6eebdd806354f1b969

SHA1
b8c1f9d51fc0b0da50e48647f0545781810ddbbb

SHA256
421387ac08acf73e0669ed2c0edf8da9211d0bb803909ce653c3e2e5674b3f77

SHA512
deaef3c65aa1be1d521ca7f9608ac5f31bb52d1358b5e24ff01a606938cff372bb71611926b8c7a32bed6ee8cbfb26ec73c159e373210b0f4ef6479f7accbdbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ae611d204884ff96b50e4bb33d0f9a7b

SHA1
b6936eb9a55d006039f7e2190050928b8540139e

SHA256
f9b1519896515ec3e9103b67e0bd7ec5cef956c874c61ef0b4235157b61efad0

SHA512
b0216aa1c560a3b0cb35efa0c204cce595cb68e2b6993dc2eeb5220dffa90158c0022261f41fb0d1832279a8a32c51dbf479bedb6e0acdcd96351ee255b1a379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
adc3ee6c20f2c0614e0ff9bc235473ae

SHA1
d6ba4fee371848d733c52ee33d36bc95379b4be6

SHA256
3a97693c9f0856a8a4b34c57ae5d29750e76c40c24a09f3fd5db29400ac7ab2d

SHA512
59ac0616321336390e69b157ca54bce46b6c324faf9baa2979a8096c40d2c965840ed21c41ec5b27e19fb54ee3d23671e68dcf7fbf521074183dfb64cd6c2650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3994850d70a1c9711cc5cc56f1f52adb

SHA1
cdb6ff76086ebad5642e50f11ed5bfe45eea9059

SHA256
5918d86451d1e2cc379ec8b6d433c2cbabe5522aa927e01456c5aefafa168534

SHA512
85d3d5614ac1418fe62d0201cdaa1b7eac6b4df5ec38cf983fd9fca15544abe7492865b6fdc8e9facde044585dff712cda77592cecaec56d525dc20c7fa3a187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50964284b01e70e551b0bf614a18f87b

SHA1
55a401e51ee8963583d716545274944a2385eb8b

SHA256
00ed46c145f725f3d8f441abefc287d1f6b7ed7ee4e9553a4024b676ccc6e102

SHA512
f4e6aa2d4f1c1b05001542bc729149c4c17851f0cbf12de76363a54d5d3a6c8bd93e6a991d1ccd6cb33e1e53d710b786f9b62f3619bb1b6658294fa76c793fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
84B

MD5
02ac93d47683107ed6da737b6f8ceab8

SHA1
6a432198de8ce1708b999086f6df67ade3915a1c

SHA256
3971ba66418ab319015b471e230f68dd3c0643acdb086ab63fafe93946894306

SHA512
2dd4fd6f9cd3cc0702739e6a3a9d58c99f80e18a13551c1cf2d5e87faeff049eb06139b4cd03007a16d9a58fd9c0d429cda2b6c2a5f724413bf3fc4708193d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5b1f3c.TMP

Filesize
148B

MD5
b54cf96220ec5b3235f9dc81708302ba

SHA1
6254ca997d6978a4c7d1e75de87329558f1618fd

SHA256
616619f6ee08d3d2e067b6a475f7fb734205f740276045f3d0df774598830622

SHA512
aadd47f0016db94eae3dd1dee33f72ad59227f7f48c7b1e731f4e62fac042a6ac332b232cc5646e280083d6ca10d37cd4af14d3c58877311f6fa403be6da630c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
a6fd027dea2d28001ecc07b1f38f93a4

SHA1
dca3a86703ba3abc23083e07437d2aa3f7b722e6

SHA256
583a513959072948cc80efe05e5daf761e119931e117400a8a9c8daaade33e4c

SHA512
6e77aeaa7dd698bff9d5719eaf199df25abb730f6ea24026c3a754f324a481e970079d438679f90da9d41028cfee8849630fa64a059fc4bf475acdfad003ecde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ab66921d3950840edc8a6a9ce1c5d39d

SHA1
e06d754c5211d58902a9faa1b1233fa7c668d752

SHA256
5c48f202855682a9beebca2d3ceb538299b8ae0b14d8263de688654e6f0ea52f

SHA512
b71641505ffaf95ac188c1963d0bcd21438cbe056027a6872a16fb66d8755e9d9db899071c065457e0372c80e1feb2aa38dc4fe87519195b08ae348f4056854d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
b3bff974c7d9860126dc4bf160949f83

SHA1
f9ca5915e8bd1daf41324a9098c94d0979a3a0f4

SHA256
55754d46aeaa735cd327d0909e49fd8f9251f749a1ef4feccdf9dd04d1909dc0

SHA512
faf272d4480f19a83d839cc0681ecc6959ad07cd898c90bdf28016d3c9221c68ed9322fafac7ab9b90597646b3cbf54841beb858c4717e525daf8e1ea6008017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
211ea1d63409e9083b9187dc33fa017f

SHA1
0950d02d86591426ca73dbf123f3075c20449ddf

SHA256
e0fc9ffc0a744d15fdd1e3b25566759724d7fc7244e5f865f79ffc44aa525bb6

SHA512
a21f656011dafd0a5818e82d6bba44edab9a22a23023fb3a7a3026db4aef09bdf49d18f9d737a4628ef59645a0c6887ddd75599e5e39831e3c92f5beaad85c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
54314f3d1547b2b1ad7febcee9109aba

SHA1
eeb8127ce88760485f281d7d2d9dad9f6620e5c9

SHA256
2a844e356978cbfa7de18fe5d4c002164fe9f9b4753363f7838f9902c5182599

SHA512
13a51d54deef78487c3e3371b26db7a315950e2d169314a0ef1eaa234edec849f9f695c2205bf44ea3238efbc3927a64b497034f7df5f98b3a04a9c16c51c42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
39edd9a987978466c17ec6b8b1e81cb2

SHA1
46f9b5fb0d5a3405b23faa9975e2ef22163830de

SHA256
1b3cc076a7ef3e5c047b442fe8c8d3601b48c63e3f3f29ea41f8e098a7e405d9

SHA512
99f7022ae9adc48ca5be2d07fe0146189698c5c36eefc0632ff7f5864b9f10876ace98f5dc913217bbbbd0cfdb25969e99973fa0ab2b1a8e2f1ef843bd08c80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f4b0aa7d0aa32fc94f68c86192420a3f

SHA1
c998299547097c6b8be4c4e762f6162a1cc6fbcd

SHA256
a3fac24c794b6ba4ae7b54fd52bc043c1354593f7e5594c50e3eb035fe964e1f

SHA512
90ee4ea136ac195a447c57988730297634b16f78da059d7bd6d54910e9ae9c98e7fb13ecfe75bb227c3a02a8db3d337de38ce8bbf955796310039540803c74ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10842\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10842\_ctypes.pyd

Filesize
121KB

MD5
565d011ce1cee4d48e722c7421300090

SHA1
9dc300e04e5e0075de4c0205be2e8aae2064ae19

SHA256
c148292328f0aab7863af82f54f613961e7cb95b7215f7a81cafaf45bd4c42b7

SHA512
5af370884b5f82903fd93b566791a22e5b0cded7f743e6524880ea0c41ee73037b71df0be9f07d3224c733b076bec3be756e7e77f9e7ed5c2dd9505f35b0e4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10842\base_library.zip

Filesize
1.4MB

MD5
0cbf40b73eb279c2ea5b3d1c9c626cf4

SHA1
d142a7046b8871ca83dfde051c67bd1c836d0bbe

SHA256
f5908f37a3e301cfac1d435a9ea728097717f204155c881536b17e4e5c83e5b7

SHA512
96765b3b9303c96a2b1d9ad0ca099ecd5c86024f7a2f1f0f1715202427c1350ed851b6954603e1d52af87e4244051237666bc6b112786c0334b8da008b81b49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10842\python3.dll

Filesize
65KB

MD5
7e07c63636a01df77cd31cfca9a5c745

SHA1
593765bc1729fdca66dd45bbb6ea9fcd882f42a6

SHA256
db84bc052cfb121fe4db36242ba5f1d2c031b600ef5d8d752cf25b7c02b6bac6

SHA512
8c538625be972481c495c7271398993cfe188e2f0a71d38fb51eb18b62467205fe3944def156d0ff09a145670af375d2fc974c6b18313fa275ce6b420decc729

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10842\python311.dll

Filesize
5.5MB

MD5
387bb2c1e40bde1517f06b46313766be

SHA1
601f83ef61c7699652dec17edd5a45d6c20786c4

SHA256
0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

SHA512
521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI10842\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI63682\attrs-23.2.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\Downloads\Jules.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
3d0f8f97aa11c121c0db88fe942e2c3b

SHA1
80c6e2fd14260810b4806ab668ed06d9401241ab

SHA256
56403b135ce776f617eb2e50ef893a9f9be91d253cd3f3848761962e6b6ac1c3

SHA512
6dfa84155eba3d7bfcee1037a8bb66c261753067e24aea46c02aaac1518440c33447f8c3169b9f5bb3ac6641f14c68288491c68ff2a57e40def5c36331e3728f

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
f526a34677f64c7d72249d6cc3b6e473

SHA1
993f1419df1cfd2ad624c8c263fd4bc1ad09f2df

SHA256
d5216ade246ecbfcae7af5f649b8b16351c2556350ef5a0e9a7d5fc9cc134adb

SHA512
5f9e7958036791c8e1ed9bf70b1fa46b40390ef742a0576de72e7c2a6ef182f5cad73611e5100964ab185d3bac655d78f4e4cd5ff69fcf60f136acf847ea8464

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
34087b8642b3d751cbcdb1fad543b527

SHA1
8a99f0dcad7f21b492d07a16054b67d3d9b03f6c

SHA256
2b4dce8e91fc8b3917135870487d44636a01f3f2e45d079a8dad70130a909728

SHA512
497217e8ae8e8b7bf5ba687d03fd24f102a0d7c1a0f5a9ef04642b2d4a2f86c00f38e7901f52badc141608a6aefe8fb8b795d55d99d2c2525a7dccb170858da6

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
299B

MD5
28e43599f40d4513ede18ce5129df147

SHA1
451cc4b390dd44193cc63f7ca2b2084403055a3f

SHA256
fc613840a0b7b32218e336e43c58082f30071072cf9adcd69ef744c8a99c0e92

SHA512
ceb9da1bf4f7f652674973b4392e1b1a89460d1e867df8426fc118ddb8c3df2fb79a0486cc4bc454232b465c984f015f8128f19430b653ea60c0d34e5fa902fc

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5a0ea7.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\Preferences

Filesize
10KB

MD5
a06368254427a7af73cea0a6a1a19248

SHA1
425d43660ab903a8710637accd25e33a1dcd97cb

SHA256
426fa389e6ea4b1cae321a33a094a085504eff1ebf207d4a6162e6e0c28de0ed

SHA512
3225fbe977f53c819b5fed6be972143870c27e460ab3b775be4c32a94bf568f23fe9a6ab7d075cbf60feeada604a12a331c82817066c47a2680936c6c0139cac

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\Preferences

Filesize
10KB

MD5
915f8528796287e3ce02e65b65b29a55

SHA1
15a2b2145be69c1ef57611f94dc81074b3f2d7f9

SHA256
378ecc0ca5a30ecb817e14ce3f3dd453d96bde0c2fd0f3b45ea00d8de870cd1a

SHA512
4bffbca5d46de389f433b7c1410a8c953846f1a88140b9c59fc0866cde1aeb82fb227db612c1b8f507cccf8383fa2f39855ed69f77d3ea3857cfdd51a46d4889

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\Secure Preferences

Filesize
6KB

MD5
0165008205a238524a018750ca915db2

SHA1
d1a986c9a7f97c6edf218892c4e87c2410a50df7

SHA256
ffbbd859cf8e025ae9abb60c21d7f885b2ca23c0d997e3af735b5a8eca11ea98

SHA512
08bec69c45662b0dad8bb2418d8adcd285c7c2d23612d722aca0d87edde1fbcd8a14f380d92ed87c019a320408b8ff5cc25e07dd89337262fa99f7d0cd5a89da

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
6ef6f5b59e54d462b6d277abc13baaaf

SHA1
fae15292a274f76b64482cbea7338bac1999ab41

SHA256
29fc775769e1d3145e30894c99c6c75623c4b0865f6f69e7abff2757e13b8739

SHA512
5a7ebe179aa490558358461fcb5549fb7c02ef3e99b8a2d05f495bcdcd00b857e2e41ecfcf2eea561b899a6aacddc8f6f7a18841ed6e148d58d7309496500f1d

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Local State

Filesize
24KB

MD5
d58c64c5c502ee96c430b664cc931fc5

SHA1
c6c546868ad22c84c8d424bac6330e9fba74710a

SHA256
65e7f8a97ad268b91e707607f88ed8994ac57e09ff4a892b86f0a36210e55a6c

SHA512
426753c10554a289c8668792d7a2f30871e33bd75f0ac9458afd50e5a81b45da809ed4cb747a3a9098f93a567990394de44e31d97b57e6b25e6897f654cd2d2e

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Local State

Filesize
23KB

MD5
04b731c2b3d42bdf5f7be35e3d6dcada

SHA1
f589d205043fce5935fdea1f0b29cc184f7d4f53

SHA256
749af4e7f9ae31db4dbec1c10f14cdfd4608c9f63a8bac6889fd475b4db9f2f6

SHA512
732abf7bd2ad9e34b2c16bfd30da88f03cb79de1d705873566c07e827bcfe0e84f6e70812497b80f18874858ea60e7eafbdc23fd0bba963a600497967cfe2fcd

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Local State

Filesize
24KB

MD5
a523ad5c282de83766dd6939dd90b268

SHA1
4232d465da293c6431f5fc648c2c3fa2e4c1b777

SHA256
40dbbd507c7dff94f8577356500ffee0cd77cd6b8c1f05f51a9ea38f4fe917a7

SHA512
263bbd1736740d6860e5f8a5536f3370d6ed2e468394460715c01db8868ffc8365d511851ade0ef1e34d85eec4c0c8b891109e08a8cd7dd13d6a5f24715c0196

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Local State:Zone.Identifier

Filesize
74B

MD5
6392d08e782233a6925807ee2143632e

SHA1
c57a76fefbe8e61973138fea66904ad620febc5c

SHA256
9c0e50cd650e6b3b223216b1de948e1a4d02a49425483ae9f0c97d9d27e7ad80

SHA512
ffc4d4e9064b5dfb1c488fb940b88ad5e7eba2f1ef2f5639a089621d8988a3de53c15c131da37d730c95daa63dad2c07276cb52cf7b37f91ef08ce488fa42a23

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Advertising

Filesize
24KB

MD5
131857baba78228374284295fcab3d66

SHA1
180e53e0f9f08745f28207d1f7b394455cf41543

SHA256
b1666e1b3d0b31e147dc047e0e1c528939a53b419c6be4c8278ee30a0a2dbd49

SHA512
c84c3794af8a3a80bb8415f18d003db502e8cb1d04b555f1a7eef8977c9f24e188ae28fc4d3223b52eab4046342b2f8fd0d7461130f3636609214a7b57f49cb4

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Analytics

Filesize
4KB

MD5
da298eacf42b8fd3bf54b5030976159b

SHA1
a976f4f5e2d81f80dc0e8a10595190f35e9d324b

SHA256
3abd2e1010e8824f200878942e0850d6e2620a2f0f15b87d32e2451fdda962ec

SHA512
5bf24c2df7cc12c91d1fb47802dbac283244c1010baa68bfae9eb5eb8ee25758156bb1e21f6cc3f55e7d71e5c330888ffd41469b2630eb86237c9970d7ede75e

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\CompatExceptions

Filesize
689B

MD5
108de320dc5348d3b6af1f06a4374407

SHA1
90aa226d3c9d50cf4435ecdd2b8b0086d8edeb8b

SHA256
5b462316a51c918d0bae95959bf827cb9c72bbd84ffb0e43b750aa91fbf3ba53

SHA512
70f30c45e20b7cddd0cba6476af9338975cec8e40b8b19603af5fa859a34c6eb2138957daaa263633fe65213e2186402d05d9d29ad53e8f311335555116314c2

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Content

Filesize
6KB

MD5
97ea4c3bfaadcb4b176e18f536d8b925

SHA1
61f2eae05bf91d437da7a46a85cbaa13d5a7c7af

SHA256
72ec1479e9cc7f90cf969178451717966c844889b715dff05d745915904b9554

SHA512
5a82729fd2dce487d5f6ac0c34c077228bee5db55bf871d300fcbbd2333b1ee988d5f20ef4d8915d601bd9774e6fa782c8580edca24a100363c0cdce06e5503f

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Cryptomining

Filesize
1KB

MD5
16779f9f388a6dbefdcaa33c25db08f6

SHA1
d0bfd4788f04251f4f2ac42be198fb717e0046ae

SHA256
75ad2a4d85c1314632e3ac0679169ba92ef0a0f612f73a80fdd0bc186095b639

SHA512
abd55eff87b4445694b3119176007f71cf71c277f20ea6c4dcadfb027fdce78f7afbcf7a397bd61bd2fa4bc452e03087a9e0e8b9cc5092ec2a631c1ebb00ee25

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Entities

Filesize
68KB

MD5
571c13809cc4efaff6e0b650858b9744

SHA1
83e82a841f1565ad3c395cbc83cb5b0a1e83e132

SHA256
ab204851f39da725b5a73b040519c2e6aaf52cb7a537c75802cb25248d02ec1b

SHA512
93ff4625866abf7cd96324528df2f56ecb358235ff7e63438ac37460aeb406a5fb97084e104610bb1d7c2e8693cabedc6239b95449e9abb90252a353038cb2a2

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Fingerprinting

Filesize
1KB

MD5
b46196ad79c9ef6ddacc36b790350ca9

SHA1
3df9069231c232fe8571a4772eb832fbbe376c23

SHA256
a918dd0015bcd511782ea6f00eed35f77456944981de7fd268471f1d62c7eaa3

SHA512
61d6da8ee2ca07edc5d230bdcbc5302a2c6e3a9823e95ccfd3896d2e09a0027fece76f2c1ea54e8a8c4fa0e3cf885b35f3ff2e6208bf1d2a2757f2cbcdf01039

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Other

Filesize
34B

MD5
cd0395742b85e2b669eaec1d5f15b65b

SHA1
43c81d1c62fc7ff94f9364639c9a46a0747d122e

SHA256
2b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707

SHA512
4df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Mu\Social

Filesize
355B

MD5
4c817c4cb035841975c6738aa05742d9

SHA1
1d89da38b339cd9a1aadfc824ed8667018817d4e

SHA256
4358939a5a0b4d51335bf8f4adb43de2114b54f3596f9e9aacbdb3e52bef67e6

SHA512
fa8e1e8aa00bf83f16643bf6a22c63649402efe70f13cd289f51a6c1172f504fedd7b63fc595fb867ecb9d235b8a0ea032b03d861ebb145f0f6a7d5629df8486

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Advertising

Filesize
2KB

MD5
326ddffc1f869b14073a979c0a34d34d

SHA1
df08e9d94ad0fad7cc7d2d815ee7d8b82ec26e63

SHA256
d4201efd37aec4552e7aa560a943b4a8d10d08af19895e6a70991577609146fb

SHA512
3822e64ca9cf23e50484afcc2222594b4b2c7cd8c4e411f557abea851ae7cbd57f10424c0c9d8b0b6a5435d6f28f3b124c5bc457a239f0a2f0caf433b01da83f

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Analytics

Filesize
432B

MD5
01f1f3c305218510ccd9aaa42aee9850

SHA1
fbf3e681409d9fb4d36cba1f865b5995de79118c

SHA256
62d7286cd7f74bdfda830ee5a48bce735ee3661bda8ceac9903b5627cbd0b620

SHA512
e5b665e981f702a4a211d0569bb0bc42e3c29b76b3f75aaf8dc173f16f18f7c443f5cf0ccf1550df3aa2b151e607969c2c90ab1a6e7a910dfeb83854cea4e690

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Content

Filesize
48B

MD5
7b0b4a9aafc18cf64f4d4daf365d2d8d

SHA1
e9ed1ecbec6cccfefe00f9718c93db3d66851494

SHA256
0b55eb3f97535752d3c1ef6cebe614b9b67dddfcfd3c709b84c6ecad6d105d43

SHA512
a579069b026ed2aaef0bd18c3573c77bfb5e0e989c37c64243b12ee4e59635aaa9d9c9746f82dcc16ca85f091ec4372c63e294c25e48dfffbed299567149c4e2

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Cryptomining

Filesize
32B

MD5
4ec1eda0e8a06238ff5bf88569964d59

SHA1
a2e78944fcac34d89385487ccbbfa4d8f078d612

SHA256
696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5

SHA512
c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Entities

Filesize
42KB

MD5
f446eb7054a356d9e803420c8ec41256

SHA1
98a1606a2ba882106177307ae11ec76cfb1a07ee

SHA256
4dc67d4b882621a93ffdb21a198a48a0bc491148c91208cf440af5f0de3ef640

SHA512
3cc3a521b297e4f48ed4ba29866a5ade380c9f0c06d85bea4140e24b05c6762d645df3d03d0a7058383b559baa3ae34ad3ed2b06017e91a061632862911a823b

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Fingerprinting

Filesize
172B

MD5
3852430540e0356d1ba68f31be011533

SHA1
d3f622450bcf0ced36d9d9c0aad630ebccfcb7ff

SHA256
f1f413704c32a28a31a646f60cad36cc2da793e143f70eee72ae56f736df8054

SHA512
7a4faa493c141ea88d6cd933dfc0b50ef6d25983323db2b931c7512e039859d60c4935e56b771264ca72b45c035b1962ad8680d616eaaf04fbc5a6e0b674e435

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Other

Filesize
91B

MD5
09cedaa60eab8c7d7644d81cf792fe76

SHA1
e68e199c88ea96fcb94b720f300f7098b65d1858

SHA256
c8505ea2fe1b8f81a1225e4214ad07d8d310705be26b3000d7df8234e0d1f975

SHA512
564f8e5c85208adabb4b10763084b800022bb6d6d74874102e2f49cc8f17899ce18570af1f462aa592a911e49086a2d1c2d750b601eedd2f61d1731689a0a403

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Social

Filesize
3KB

MD5
318801ce3611c0d25c65b809dd9b5b3c

SHA1
b9d07f2aa9da1d83180dc24459093e20fe9cf1d8

SHA256
2458da5d79b393459520e1319937cfc39caadbc2294f175659fae5df804e1d03

SHA512
7daff0253da90f35bf00141b53d39c7cadacf451a7ecf1667c4ca6e8aed59a0c4a6b44ddc2afffa690e12c2134eddb9f46f72e4317ce99c307d9e524a5fd1103

Download Submit
C:\Users\Admin\Downloads\Jules\Jules\Jules.exe.WebView2\EBWebView\Trust Protection Lists\1.0.0.26\Sigma\Staging

Filesize
16KB

MD5
39bdf35ac4557a2d2a4efdeeb038723e

SHA1
9703ca8af3432b851cb5054036de32f8ba7b083f

SHA256
04441a10b0b1deee7996e298949ac3b029bd7c24257faf910fe14f9996ba12ae

SHA512
732337f7b955e6acaf1e3aaa3395bc44c80197d204bd3cbb3e201b6177af6153cc9d7b22ad0e90b36796f92b0022806c32ac763eaec733b234503890900bf284

Download Submit
memory/980-233-0x00007FFF4A5B0000-0x00007FFF4A5B1000-memory.dmp

Filesize
4KB

Download
memory/5296-202-0x0000000004B70000-0x0000000004B7A000-memory.dmp

Filesize
40KB

Download
memory/5296-201-0x0000000004B80000-0x0000000004C12000-memory.dmp

Filesize
584KB

Download
memory/5296-205-0x0000000004CC0000-0x0000000004CCE000-memory.dmp

Filesize
56KB

Download
memory/5296-206-0x0000000005A50000-0x0000000005AE0000-memory.dmp

Filesize
576KB

Download
memory/5296-204-0x00000000057A0000-0x00000000059B2000-memory.dmp

Filesize
2.1MB

Download
memory/5296-203-0x0000000074850000-0x0000000075001000-memory.dmp

Filesize
7.7MB

Download
memory/5296-299-0x000000007485E000-0x000000007485F000-memory.dmp

Filesize
4KB

Download
memory/5296-207-0x0000000074850000-0x0000000075001000-memory.dmp

Filesize
7.7MB

Download
memory/5296-300-0x0000000074850000-0x0000000075001000-memory.dmp

Filesize
7.7MB

Download
memory/5296-3219-0x0000000009680000-0x0000000009732000-memory.dmp

Filesize
712KB

Download
memory/5296-3220-0x0000000009610000-0x0000000009632000-memory.dmp

Filesize
136KB

Download
memory/5296-200-0x00000000051F0000-0x0000000005796000-memory.dmp

Filesize
5.6MB

Download
memory/5296-3230-0x0000000009740000-0x0000000009A97000-memory.dmp

Filesize
3.3MB

Download
memory/5296-199-0x0000000000060000-0x00000000000D0000-memory.dmp

Filesize
448KB

Download
memory/5296-198-0x000000007485E000-0x000000007485F000-memory.dmp

Filesize
4KB

Download
memory/5296-266-0x0000000074850000-0x0000000075001000-memory.dmp

Filesize
7.7MB

Download