fe43c0daebace84ed84884b877150d609199c13d0ba9254d35a0d305f4f42440

Analysis

max time kernel
143s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/09/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_8.4.1_x64-setup.exe
Size

6.0MB
MD5

6818667184b5932f3e4f554ed1075fe8
SHA1

59a7a5715bf48d4346eaa4a5ce93a87e15adac71
SHA256

fe43c0daebace84ed84884b877150d609199c13d0ba9254d35a0d305f4f42440
SHA512

4b3a900472b204134d8c9f0ca82b78390ae92557594ed65c514c79664e82fcb9f587fed8a790cee1b6497eb616c4d4dcdcbb5d19de1c6fde01223dadfbd9f665
SSDEEP

98304:hvalq0dd99Dq3NpHBJr0ouJTSZoaSnVgMzB3xxiBx49q5kQFOTW7nVCU+Osgnt6o:hS7d3InhJr0ouRIobnVgMz79AKCeOKrU

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4908 created 3304	4908	JJSploit_8.4.1_x64-setup.exe	52

Executes dropped EXE 5 IoCs

pid	Process
2616	JJSploit.exe
4116	JJSploit.exe
4880	JJSploit.exe
2900	JJSploit.exe
1496	JJSploit.exe

Loads dropped DLL 5 IoCs

pid	Process
4908	JJSploit_8.4.1_x64-setup.exe
4908	JJSploit_8.4.1_x64-setup.exe
4908	JJSploit_8.4.1_x64-setup.exe
4908	JJSploit_8.4.1_x64-setup.exe
4908	JJSploit_8.4.1_x64-setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x000100000002aa99-92.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit_8.4.1_x64-setup.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707283457786383"	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4908	JJSploit_8.4.1_x64-setup.exe
4908	JJSploit_8.4.1_x64-setup.exe
2880	msedgewebview2.exe
2880	msedgewebview2.exe
2976	msedge.exe
2976	msedge.exe
3592	msedge.exe
3592	msedge.exe
3800	msedge.exe
3800	msedge.exe
1072	identity_helper.exe
1072	identity_helper.exe
3016	msedge.exe
3016	msedge.exe
1532	msedgewebview2.exe
1532	msedgewebview2.exe
1268	msedgewebview2.exe
1268	msedgewebview2.exe
4944	msedgewebview2.exe
4944	msedgewebview2.exe
1888	msedgewebview2.exe
1888	msedgewebview2.exe
2736	chrome.exe
2736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
2108	msedgewebview2.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
1352	msedgewebview2.exe
1252	msedgewebview2.exe
3816	msedgewebview2.exe
4164	msedgewebview2.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	820	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	820	AUDIODG.EXE
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2616	JJSploit.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
2108	msedgewebview2.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
2108	msedgewebview2.exe
3592	msedge.exe
4116	JJSploit.exe
1352	msedgewebview2.exe
1352	msedgewebview2.exe
4880	JJSploit.exe
1252	msedgewebview2.exe
1252	msedgewebview2.exe
2900	JJSploit.exe
3816	msedgewebview2.exe
3816	msedgewebview2.exe
1496	JJSploit.exe
4164	msedgewebview2.exe
4164	msedgewebview2.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 2616	4908	JJSploit_8.4.1_x64-setup.exe	82
PID 4908 wrote to memory of 2616	4908	JJSploit_8.4.1_x64-setup.exe	82
PID 2616 wrote to memory of 2224	2616	JJSploit.exe	83
PID 2616 wrote to memory of 2224	2616	JJSploit.exe	83
PID 2616 wrote to memory of 1364	2616	JJSploit.exe	84
PID 2616 wrote to memory of 1364	2616	JJSploit.exe	84
PID 2616 wrote to memory of 2108	2616	JJSploit.exe	85
PID 2616 wrote to memory of 2108	2616	JJSploit.exe	85
PID 2108 wrote to memory of 1764	2108	msedgewebview2.exe	86
PID 2108 wrote to memory of 1764	2108	msedgewebview2.exe	86
PID 2224 wrote to memory of 4844	2224	cmd.exe	87
PID 2224 wrote to memory of 4844	2224	cmd.exe	87
PID 1364 wrote to memory of 3592	1364	cmd.exe	89
PID 1364 wrote to memory of 3592	1364	cmd.exe	89
PID 3592 wrote to memory of 740	3592	msedge.exe	92
PID 3592 wrote to memory of 740	3592	msedge.exe	92
PID 4844 wrote to memory of 4172	4844	msedge.exe	93
PID 4844 wrote to memory of 4172	4844	msedge.exe	93
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 3192	2108	msedgewebview2.exe	94
PID 2108 wrote to memory of 2880	2108	msedgewebview2.exe	95
PID 2108 wrote to memory of 2880	2108	msedgewebview2.exe	95
PID 2108 wrote to memory of 3152	2108	msedgewebview2.exe	96
PID 2108 wrote to memory of 3152	2108	msedgewebview2.exe	96
PID 2108 wrote to memory of 3152	2108	msedgewebview2.exe	96
PID 2108 wrote to memory of 3152	2108	msedgewebview2.exe	96

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3304
- C:\Users\Admin\AppData\Local\Temp\JJSploit_8.4.1_x64-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\JJSploit_8.4.1_x64-setup.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4908
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@Omnidev_
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd8
        5⤵
        
        PID:4172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,142797797856892460,8531772529461669385,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
        5⤵
        
        PID:776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,142797797856892460,8531772529461669385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3800
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd8
        5⤵
        
        PID:740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
        5⤵
        
        PID:4168
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
        5⤵
        
        PID:464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
        5⤵
        
        PID:3248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:3116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
        5⤵
        
        PID:4756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
        5⤵
        
        PID:2616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
        5⤵
        
        PID:4424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
        5⤵
        
        PID:1396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
        5⤵
        
        PID:3192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5900 /prefetch:8
        5⤵
        
        PID:352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
        5⤵
        
        PID:5048
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2616.4488.1203873800774839329
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd8
      4⤵
      PID:1764
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:2
      4⤵
      PID:3192
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1832 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2880
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2288 /prefetch:8
      4⤵
      PID:3152
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
      4⤵
      PID:4412
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:4116
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4116.2624.4156082627308775600
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1352
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1d4,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd8
      4⤵
      PID:1716
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1788 /prefetch:2
      4⤵
      PID:1416
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2112 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1532
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2496 /prefetch:8
      4⤵
      PID:4396
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
      4⤵
      PID:2372
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:4880
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4880.3252.12137656696299036969
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1252
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x118,0xf0,0xf4,0xec,0x80,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd8
      4⤵
      PID:2764
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
      4⤵
      PID:3432
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1268
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2520 /prefetch:8
      4⤵
      PID:1396
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
      4⤵
      PID:3148
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:2900
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2900.1444.9668811403740815329
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3816
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b4,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd8
      4⤵
      PID:3784
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:2
      4⤵
      PID:3468
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2108 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4944
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2376 /prefetch:8
      4⤵
      PID:4604
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:1
      4⤵
      PID:4460
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:1496
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1496.1072.11059048272434784253
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4164
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x118,0x11c,0x120,0xf4,0x1ac,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd8
      4⤵
      PID:2880
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1744 /prefetch:2
      4⤵
      PID:2576
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2088 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1888
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2624 /prefetch:8
      4⤵
      PID:464
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
      4⤵
      PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2736
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0020cc40,0x7ffb0020cc4c,0x7ffb0020cc58
    3⤵
    PID:3828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:2
    3⤵
    PID:1200
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1972 /prefetch:3
    3⤵
    PID:340
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:8
    3⤵
    PID:696
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:3296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:1
    3⤵
    PID:1372
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4256,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
    3⤵
    PID:4396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3448,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:8
    3⤵
    PID:5104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3432,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3544 /prefetch:8
    3⤵
    PID:2396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3244,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:1
    3⤵
    PID:2168
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4436,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4464 /prefetch:1
    3⤵
    PID:1100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4432,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:1
    3⤵
    PID:2264
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5144,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:1228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4812,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5280 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5388,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5408 /prefetch:1
    3⤵
    PID:2300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3368,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:1
    3⤵
    PID:832
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5560,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5688 /prefetch:1
    3⤵
    PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
698feab14ce019ce8bfe56a309b80a93

SHA1
9eb0f7edfddbe6af1f6650f92bb2fa3cfe379887

SHA256
ce8fa2f8d9bc15e3a3ee55ef10f9eea8bc0629d204d016ba0a4a1faaf607f8e6

SHA512
0a8e0d931be577f735c91831004957b7e5ae39766225239f89c115d48f972dad06afe413c065a544a6ef51d4efe8f21f2c1fd4b8a025d10df4228a943ab685fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
4fae18496746df36160fe5586ffdb062

SHA1
bbd613d1a17810b2f46398019ed33263589f68f2

SHA256
c5fa74948232933405bfb52483be567b02726f04c1202a8c2db0ed42299826c9

SHA512
03c7041bacebcdfa0f9ed08b5384bf9a39c4ecb462dd984fb75224378b221ddfe6768d53d27754213e93f51dbd40bf2d99c6b7938dc6778e73b277d5f8db6f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f0d0adb7928c1fa83cf3c8e5edccc3c7

SHA1
af0d069e6b055e3d3717e8c6db2273dce289714c

SHA256
7f6d7aec37252868780d4c06b0a2f385a034f8f4eb98548ada1d65023745933d

SHA512
b91cf5e81354c3638352ebeee7b34a57bfac400ca63af767377dadc62ceac7bb7cc17ae0f19245ee098dcb7bcc5ff7fd10a09631e02aa7c6265abbf2016cc03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
63b1fbcf3c626e37d49014af4ec1c782

SHA1
5e39bf51cec44b1f59015e9daae6e6b56dd00dda

SHA256
05f33d96d139ca39d6765f6b5eb0f9431a2bb49b793d112044ebaf13abb81502

SHA512
c6b0ee803bcc4c1efb4e345655dbfe0e082b69c8b641e260a13a38eb09cc1f9aa07665feb346f21ac68c88a1ff0ee2afe0ed5c0d25c09ede2de2a758100e707a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d354e079483876b34befd860b1c7fefb

SHA1
d8bfad69cbcd3cabfaf40beabf8b444dc7293906

SHA256
a212000d4f0d51aebe005e603404524316e141361856b415a72f9d55896de3d9

SHA512
2502563c2d7d37af9475fd44a0551091199a32619bab2b39cddb6fdc968d78afeccef08408f9cdeb05422953791d1cc0399afce1cbf977de433434ccf56e30c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d82c8074f45c32994f45f8c57f9c0215

SHA1
8789c20d42910b1a1938050205b7f541f785bf9b

SHA256
c549ea61255f3e300c35ff585697a0066c7054a3f2b490662329377b340d043c

SHA512
fac34064bc8666a4f89aee4cf1a63222ccaf2217edf6ad39818320c933ca7b849829e5f8f2dd9cca75c75ccf4dae47f956a83fb25573d4e1fc9825441ced9322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
87fd6031dc2032332f687047a1184e82

SHA1
38692d5b10fc278b9fed48a3ecd08b2e3bc7d1ed

SHA256
170142bc7a3d08071dc7281c7705604dc505491472d66cc8fd74fbea60bd9f68

SHA512
7acf57eafec92eb5f1406e58a122309dcfbaea24a708759f4b9901e01f9da2131d0334fd4becb245fc3288e9357b47113b4d48447137b26ad257c49337f23c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a89b8169f3eb90aed8e38542612fcd7a

SHA1
c08f404413f21bf173aed0c0bb8e0e9f731c760d

SHA256
8f759214213018ee927b8b4c162938cbbf96a48a7a1c3a862568bd06a205b860

SHA512
07f94a02eefcd55bb66beda0211e6c639f4bbf68b29fbfc92137874806a0afcffcfdf76b5a031e8b8c37b3d18f7a7589776a5825e01e0b9e329d20ba1eda4bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3434cbfd33e2b224243509b7d3fd834d

SHA1
9b0bd0088fbddb8d1daf7da7ac6bca344cabcf3d

SHA256
e0626d4a5a2149759389958850167974ee99d892cb6adc9328671cebe9c5b214

SHA512
65b7f9c63b76a13ca2d48dffe810003fb95c5af67710889f55b3ade6f44144a1c5466459d3d67d56380b7804da66190175aa9495b0503aa562f218978447cf77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c1649bac6a2f3bf600997a0122f441c

SHA1
0e57c6698c215ac922fe06e681d23c9abce74268

SHA256
bd93c3eaa6543cdabab9c4356d85139fa5b572809ab08b99a1d74e34b1525f09

SHA512
917828ab55ef1d4bea2f5a40b533f55b9fe69e00da2300ef47eee81638e8d15f3e62201bb48f552f41077eb2b07ecffacd024e8ccf23d3e5ec93d4101cb4cb12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
790fefda07542b424bda948b0a284499

SHA1
bedfc57d5f79dbdd9793219d955a295391a3ef1f

SHA256
ff98388fe14b663e096f01bb69ee5816946f9982affaf51e8c73598630825505

SHA512
72979c4d5a5c01759d7bf33ac01e851b00f78c8685132f93053b7c9dcafdceff63a2eb1a2a4bba3570e2ac2bd7b85dbfc23d7d67ff35049fd5809b6203e9a325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d686a0bc5a3a630df20a366ce5e4b58

SHA1
504fc5bc99b9936565b6f9e970ee56b029fa9da4

SHA256
2773e9bb96e29e81dfae4addfdb87078f1035234704e81975539eb49bd7493a0

SHA512
596fd0c4328936e19f4d0703a465997e852082b359d06bed14b247abcf75c859136a0fdacf1dda857621d692826bb4f63b678d432c178ea96d3284cd50c5f1e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7d7804d824922f932cb5bc3406df716

SHA1
0e17fe7504ffb3e36be5ee195bc9b43ecff57530

SHA256
21ee9b82b24974ba33bd3d23bf4d7cc7646017bfecc9d5f2ccb7741041bf3402

SHA512
ceb00ee744a25804c1891df722c8c20f6ffc0696de54a0ca12f3e5c7b8ded72126ea8ad7bdbc9f01a743749d2a79b153b3f9a5e28fe4c3d80533788a322cff91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
96f1131832ae1f90cbbabdb8d0f77bc2

SHA1
02248bfbe18f23b565baae5cc501377bf4f9eea0

SHA256
a808b9e0732a26118ac879d9e3f7e25a477d8f7e86ceab72a52d7ac58cd2d941

SHA512
199cae6d4bc2438cd9e53f79b2ddeb2fbf254c5c2ab2cd5269952c65a19f87616b5cbcc29243d2019a4602989dd24b0e8017518c0bec7a74ded1903821bdc846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
aa7328cbfaf4c6d6281b409db4e5fc1a

SHA1
68e156c61e1f989279a8ec5a1af5427a5ab973f2

SHA256
8d40f600e2d6362d6c6a56c58d220f628feb5b7a6413513956c5fb28cb671837

SHA512
7106717d6cf705e70587ec57ce10a1138bf76d59b9104f19326d9b95cb54373c1bc394156853e490c52f354a8af0ac33332844dc1eb2dc779dd003451e8522e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
32ac659f06bd016cad78c98ba53d3607

SHA1
4868f8e1f71137f8a50082cca3610c1fb6d37216

SHA256
271abfaa6b0d3208ab68392d8b23f681f9ecaf838b74292f61daa6030555cbdc

SHA512
0bed25a117ea371303c43b6e9b541bcef1c2e4b19480a7b571342818ee1035535cdf73308b3840546ce143c4c61ab5753d17173b23b720da41f76a1f6811b4ea

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.dll

Filesize
917KB

MD5
bab4ba8054e72fad860ec73e71621cf8

SHA1
f74e7eec682a462e84aca555074ec8d3b6ff9ee3

SHA256
ae154641180eea7abf177bc6317e6dce2da9f94eb654b0f16ffa7b0125dc1299

SHA512
9d9b23e9e2d88e5ba85bd6998ffe1c2e0f63417ac7407888e1dd531cfde11f87ffc3c6f5ae5b2fbb72a0bc2e4de3f2311fae11ea8bd60f7952681e5702fe488f

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe

Filesize
10.4MB

MD5
b3d9dd590aca552fa889ada909282a72

SHA1
5e7344ee001b4cf541f539f1c3ddc4cbcd39bdc6

SHA256
601a6721f634bf8c81633679f9692b3396d091cfde58e9f84b9065e0c0ce5528

SHA512
59a9e131b16dd93d31684b78ccdd114fc90ff447f537d5e73fed41bd18698747d1971a214b79ba5402bcb8ae5d4452ca998377e90e4f2e168c595717c831f815

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libcrypto-3-x64.dll

Filesize
4.5MB

MD5
a9c1f7ca15c65c139bc9d4bf57df2e1e

SHA1
1b1377139a6b289d43a6b1161cd1089ffc817cf9

SHA256
03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116

SHA512
97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libssl-3-x64.dll

Filesize
802KB

MD5
51b0d5f42a82f6fa8739b403e9b8b81c

SHA1
75968c157628bb7aca9b5f2331f7a0c9a1d28865

SHA256
0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b

SHA512
94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\uninstall.exe

Filesize
74KB

MD5
fdf00717b4f5176657ac0e62f99703ce

SHA1
403031d95efec48693e5183755125a6b9f22b5c2

SHA256
7bcbd9bab2c8fc7e34e621a5b1f5cd20afde316d06b4a555de203fe76e1a1301

SHA512
3a3559a82565a7597a218fdd88a364608a4e22d87ce43ed78073f0adb648d4d3e829f0a07e5a9a0106225cac0265ce45939492ce1af7e0cab2cc8bab6b72c4cd

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\xxhash.dll

Filesize
46KB

MD5
249a5f6ca047df2a2f802782696c7f80

SHA1
6a1d96be0f497d689fb55de70284af83cac61f52

SHA256
2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671

SHA512
d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\zstd.dll

Filesize
638KB

MD5
21dfe873f6ed38f2f713ecd43ad1ba41

SHA1
7648cb043587da0e85743f9da8dca8be621ccdf0

SHA256
2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997

SHA512
67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc36221d3cc9a4657faeb51e3ea7023a

SHA1
22e3f8e68b2dd3992d544f8ca57c48c6878f77f9

SHA256
f393d5cc1a1b59d1bf0f19ade21515652b60bdea4b2d11780b904eb90fdd7b4b

SHA512
1d831b911b8e6970f3c829d7aed3c7d0faeb3f986fa029c8db8e2b2ced40898ad96b26311e620300ecd6d5a71f444582052b9ae11c4231224010096105bdb117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70e969d4a2b40aef8eb0736379c0bcfb

SHA1
608c4fdf0e6b820eed23b793884e11210b32be58

SHA256
82e6cd647225c2781d32207ca56e1bf5e85dddabdfdf67a469c6e8910062975c

SHA512
e38f13e75d7a74400b1c21be8c5d8045c366078c4bfd7a25de86a872a22db8b383484c4f044d433f557ba3f181670398eeb7322fb6946a3bfff03875576b596d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
78b73f6aa644f6710b967dfd263d40bd

SHA1
22646bfd44ce99a80fa1ae71407e2fad328beb80

SHA256
397db50d71e076b5e90424581c013707ec0eb99bf7a8032fef7c20ba23a69d6b

SHA512
f9c38091594878a2f98686babdef5aa2a04377a00b1487e52f477d3fc4c61c2eb997aafe3aca68d614f8cdc5641cc93a97a42225cb49674fa0b957e1e69aad93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
f68c11448763785c7fb92deea51958c7

SHA1
b5ae7d930d7c785a1ddc242172b6eb5b4d0b8460

SHA256
cdd76c484b6916993b073e8c4ccefaca5787005ee01b9bba502a67fe27c7be8f

SHA512
e32bda8a2b56bb038920f0b315df556d58c90331521082c794742f5c2291490403d2fec7e9b1f44c87c04c120d4b12dce42175f9e9b5cb7626b6ac4670490275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8326c0ed6c8128659838115063712fd0

SHA1
7ff3721f42b79d4d19ac20f4d3b3fc257e4f361a

SHA256
34c864de2605917466ca8119fca4c25b7b01698e822d48fca082aaea35300c71

SHA512
1fb630a6bcb1ea3a6d0f0eaf836a1978ecad0c762f24e57fd147a8f8e48714d37b3431dc59e0d5d80347c590110f205c2d658c9c670fbe38ef5df7a0f6f4582f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6a29ab5b829e2ca50ead0fb2cc9bbc2

SHA1
bed9a80a9bdca095c614aa9d23c4958b0581e8b8

SHA256
b9bfb78712a5a6b06786dec133dd2bd62afcca10d1bfbf721cbbf6a56fb44441

SHA512
99ee103834809a9f7dca280fd3f9f3b50254a04c302eeade65719dba20293e3c6b9e92077bbd8bf357f59420d10b3f8780e2bac4c4dc608a25df74f5d6f660fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed08e3c3f86ec47b2d011b1295d5d7d0

SHA1
ffcad2e6d2b043d99133acc21d4bc12f5160b32f

SHA256
9f7823373b229cde4ca98ffc50cec5ad0bd0f6b28ac7f194624ac29fd402543b

SHA512
2f80052f083fe0921a6044ca7ee45b2014b4fe3dd72a49a02621c328d82178f8a889c60050d389a7e650d78119ddc55ef617b32f3e69918b0becc02978193523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b5bd99952a1cdf5e9808d832f44cbed

SHA1
1dc190313f53ffcdbfa28b677bde1a553f2a314c

SHA256
6451fedc1435a68909b70fecf2298badee6d450746f091573af5f9c5546ef06c

SHA512
203985f1f713dcafe8696758f7f5eb2b9bc76a370b7ea575443387ef9cde6f38d2838f8c83212e15278c398152d883b7d9d35d74260b1bb85ac80c687617dc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
8c0d6616af07f61a695d23555f03afb5

SHA1
4d920d7f35be99217c86ea4dc2396a55e960a537

SHA256
ecc17c289b6a0f4fe10cae7e9eed2413279d3d4354d82fcc9bc672b7bd7493aa

SHA512
f903fe7977d14cc2d021bbf54f103421d0500cbf7b7f3cfd4ba93ae56af294307ec1b7d82c93d1fb530bb132ef4d009aa244ce2a60c23d7748b5ca08e4c7a2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3efb9b3-5e8a-406d-ad1e-08ab6ffdceca\index-dir\the-real-index

Filesize
2KB

MD5
ef04b066178fc3b1b10d500627e23084

SHA1
f3d36e3f2d82141d34462aa08c0771c2b2f5c13e

SHA256
0144b637abe3f8d67c51db4287009b9f7d4b2cabb515078746e06d1dab89b123

SHA512
da071196e59f530debb4f1484529d4cba0eedfab5979d64043bd615b3f45e92c847fd72eadb7b56052f58e84ecd478f65f806be55f42d6d7304f3fd5bf9fb815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3efb9b3-5e8a-406d-ad1e-08ab6ffdceca\index-dir\the-real-index~RFe580e53.TMP

Filesize
48B

MD5
937d64b4a37310b4f3d8c8f2307fcd94

SHA1
d15f27c659b55eef0fbf853c17bee2a44c5c7587

SHA256
6c02cf4f163844ef40ec45e8ff27b86a19ece6d66e2ebf4d9b843fc53fc3612d

SHA512
4558158874aa36d58a624b5e70bebec5e4a9dfeaa3c4abfb88e5e36aedd2f039d5084accbf14a7bba004ea8910c956169d74d35981ae9564c105da1af26944ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
10a6811247d6018659247541bd329dfd

SHA1
283471af4c33c0da7c113ed7613c96c0eb2889f0

SHA256
98c464eac8d49459b48878a802777f33a39d8c3100dd6bfe51031a8b0889972c

SHA512
142daeb2f0e89117cd90d0c887b4a467237cb1cb1d3556c5c0ea474b0caf91d2b95cb6c41a266a35200686473082b29690e28bf4c802a71f51ed4c670cd3ee85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
3c027b3b255edd00a5f6df3189802ac8

SHA1
e22c81f8d7399d61cd3f9344c2cf09a25f66b997

SHA256
3904398385cb08bd70c579c782469a41d1634ef84201d158832bb2f3d2e5dadf

SHA512
b49eda181314292c6bbb45026a87027c08f302bfb5924fd9c0473233c61a4649d42d0658717f56ea9dad093eeac9f5b79ed04d847bdf5b683ad5aebcbb603969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
0cd73b6a96fa8a4e329bbe06dcad76a9

SHA1
3f9dd79bb93883694583492ba81f2afd5f59b61c

SHA256
289d4730026a38762a525325975f0b8a57a3bce75aacf64cf0786d6c45812fdf

SHA512
cdf12fc86886d3a696964368a572812ccb2a3b03658dd16275fc43749661dd0358cca5d7b99b679eca791db397a18baeef75170f911d3eef87df630b5a2cdd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3e40f217eb7ff34c8a11ef0821451f7d

SHA1
c0aba3328769919195f245c8c9e080e8a1533be3

SHA256
f394dac168dcaafa93b567a6ad85a23a56bb483d67b0cc2451c95d913b3d34a7

SHA512
31b3e4dac956621721df01a9c2b22c7e32577ca578a5477494f867234ec368ef62403e16088810c19319a1e3a03737c9426b3e05209b942e0b500cd4b1abf5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
11af34876d8ebfeb86ed652fbebcb209

SHA1
7fe1c9542ed15db4eddf0dece1be2b7597d74a70

SHA256
5f5fe7ba903e9eec9ab572ee003de47bcde3ada137f1630338200b9c7e0018c5

SHA512
8764a42e9a9de7b216b123c3a175cfdc0c88725a2893930e6cce383cc601de82c4c493f62cc492ce2c25dd833b30e171100446ec872a56088e59a5e88fb1def7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9899665f1a6ed5fe553183cfe3356b5c

SHA1
2a08cdd564b2c921986ea9bd02d88057c8de3202

SHA256
25bb6c3a8bf21a291bb7510e836ca3f2f4cf6f83eef92598c0dce20203631f11

SHA512
d13556b7ceadd0edc7db05eb7db37da13556de6ef745c972c3074bc5d78de88276fa78d6e93dba30599b5e080de861d579a4dc748ca0a022cf7ac39a01cba519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580e53.TMP

Filesize
48B

MD5
1a82e2f75d63412da798e8fe601a48d4

SHA1
f25eb66a0622c235a6e177c1e55cf6e31c9241f3

SHA256
4e2995d51331f78c55419e3decc4f841143a394291ae7a4ecb591ac9c75a7ff4

SHA512
2be2f91704d84df2057fde91297675fd343947041b0e7c139969c565b1952a7ded589d42972b912a895d1cc52de6a6c15c7eaef57344ce4e0a413ed1bd7c524a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
9bfa0fbc79f1c588f8048663396fa90e

SHA1
d18b3b80577de1a62a39ec912f1a6890075d8dc4

SHA256
e74bd3ce4d79f28484be01eea6d08077cf19669723f5f70aca7e6a05efa58373

SHA512
dfb03a0d19b01b76cad79b70ad78c6e7cba52c31f323a73258892167d42c47143ca4b9130786cfdd5e7a0c8b8fd89e1531516761f04174ce70c5a77821bc60fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ea1.TMP

Filesize
706B

MD5
9c832860bb85a017eb34a39718035fbf

SHA1
8a83ffe9e5ea1bfe65f78fc8eba093c59f8dbd46

SHA256
7ca232997b4e18ef0b21ade8fc1e8dfb22781bb84b1e6da08852a1fc51027791

SHA512
96171ecf944c724a409b8562b4393c02a2d275af399ddb6780e0ba4e3f9a39bb9525313579214bd6c3648134f351abbece5b57a45dcf8698a1e0164fd440ed71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c2a6e8efd4fb238821dd4326fa930b74

SHA1
0e7783bad603b3b919d60ed0ec79389c7131ea2a

SHA256
2d73b7f64f75e13d8f7802629a18034668d3e4091e683aa2b7e0c01b9d8bedb4

SHA512
02039815dc4410260dcd24c7d688d41be2021aea511706f15a869a1b1643f8f207e6400bf602139aeea8936ec51a7a7caa59f510ebc571ce82de201e565c3494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
d8b08b683f983602301e645792f06aa8

SHA1
287d6527b0b2853fc1e0c8097f03919de5e7ff06

SHA256
631ef664096181d7461f1961b92edaf83127c3dd9b2e05df42a74dc3114d85ea

SHA512
0ab7c8d2d0060252fbb3c9a79f8c311409913251f174000ae15376256186a79503262d3df57fa4bb7493e22df4db6a6fd54d2674813de904a5f0bc8195425153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d36960846f27c19dc9b8b6fd89206348

SHA1
76d8debc8b8ba1ea54857a8b733caa5ff89cacb1

SHA256
800dcf1af0f71290b9e35c1e84dd0780271ffe1468353fba218640598b3badb7

SHA512
fba43c9f157ae0306a79a0e252743e7e36f45599dfc5f62c052df958a23fba90825680b9e078dde1d72cc6b7b8acb4ef87165e742521ff89796f41fc76e27909

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8DCB.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8DCB.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8DCB.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8DCB.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd8DCB.tmp\nsis_tauri_utils.dll

Filesize
29KB

MD5
8def0196223484f8aed4106148dd3f08

SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa

SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333

SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\06dae75b-e579-4baf-9022-23cb274e4861.tmp

Filesize
8KB

MD5
f66bc6e0b56b0acc8ccc0e64c9a3762d

SHA1
cc52cb6b90b9c20f8a2250f8fa5cea2d7d6e109b

SHA256
c807886cef452cb97119d51f3828553d1232842ae3b9aa2985ebc2f3972512dd

SHA512
ba3dd0bc8119cff786e60160f15d6b2bcc79467e6103ada09802abb8d6adf03d1c93a724b40a33d44ff837a40804201b79f432a42394e836f6a7e959ecb7cb89

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
c8035afbb5958b07814d8b9263cd0e25

SHA1
2ace0e53255600963d7aa2bf9147f199cef8ff24

SHA256
00ebe185785460e93899e487c17716b448e9024768a79da610b8af673b210a59

SHA512
a7c1113c0b438f124f515d172fcd1243b4e333c60777b8b934a56f5ad6497c310058be33802c08d370ab5695de81c53b951ebfc6bc6dfd07140cbe4df2f6f7ab

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
a39414a40b895657c120cd1a138e09d3

SHA1
7c0f7bd907208d2f3a6d95fa16c478d8e54d3944

SHA256
43f11d57f9d883cfaf6a0c7bf424f90c2816f51ad2da10024b17767dfe973cc4

SHA512
e0c0d58c44dc1581e05b2f86695cbbb8c49cbf7f90eaff81701014de70b2ba4448f342b21389c64835509abb499153e354bd1904c40e2fc3c016b47776ac9121

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
bb61b97d8a6b6eb34740f950d6ef6cb0

SHA1
b2277f421bb27a490bd88b69a11a3f2c9a8eb599

SHA256
d13aec213e231583d6c95a1bff8536bf812142a3e891af7b45af4e546269c53e

SHA512
a0dcecc6c66af3828715008ced57be18fc50b773889a5fc0ad661c8f97cf0ff9bce23e3ee998be8090d657d25473d3cef750f3b2d2991f6b31b3783518303fe9

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
96f4aa43daa5581abd16282771c0f199

SHA1
a3bbece65c65bbcf8181643a0d962f9712bb050f

SHA256
d8e07290d0a37357f02e30018431cc4df0dd0795d6510745237fdcb1bedd5352

SHA512
e0c0750bb46e62a78ad6643c091f2b81325858940b149a6901c677935692881d6de49ecf8a2d2611beaaadb51a73825b12f5a06df7c7ce8dad8b90e1b75080e4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Media History

Filesize
76KB

MD5
cf7ac318453f6b64b6dc186489ff4593

SHA1
b405c8e0737be8e16a08556757dc817bd02af025

SHA256
634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a

SHA512
b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
92a59f912d1bbb639f761f9d04e4132d

SHA1
7cfbaf04dd0fd459b6c28096204e144539cbc75c

SHA256
dac2fc299027ee2a5e1c4df2e9590255d047619ed0f689bf988553462ec67a2d

SHA512
d414617d6069be9165c7d1a217069bd7d9681f763edf88c60bac3eec251f1e3f055abfb02d5e0f74f76c460bf9447a45e057db5b21b0d708812af74221b3935f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
d7cf2c084edc9de52b3c929be7e67c4d

SHA1
af0b302aeec2c050904ff567cc21a711e37a4469

SHA256
42514ff65cd8e209ce104af689341a409b39a72e01f37519fafb2e26675f3dee

SHA512
3a907b320ea139410c9fdef3054226609db302900685ab6b54d93141848d6f1a532b062180782cb1eb3d4b27f8b42fded02703108258da7714df06d56ce298c6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
efd39d6f7811e30d6fbd99bbe6c06255

SHA1
d54976eea4a292f2dae86f07f7474aa394c34cd5

SHA256
d70ebb884c35857b963e835d2b4460b7bf594cce323a392f412d9263ee48bde4

SHA512
d776590c50329a75e7e4ee2e3bdfc4feb0675fd7b963893e23dc0f60c1a799810cd36914622dc10cd2bf84a2e1f983b2e7cf698267095c0c44a594d4b1ad5293

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
4db959701b87fe456c04b87905a68c3d

SHA1
c9f5b50b03bf14946b1b9ea340b0d95e6db683a3

SHA256
17618090162ea0e0a7d2b7c56777943f6e9b15621c82ecc6f17187b5b9344dfb

SHA512
9d33c2bd8acd1b4ae35f9fff9fa193d41786440085a73a6752de76699a505caf1eec42f555201d4f56e0f19affe4bfb2e36a3cc0a332a446965b162137f717c8

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
ddf445888d00070b8f693ae79a321ea2

SHA1
651642a1c7e671d393949397e472734a8af29164

SHA256
209932bdc4c65ed668019cb1c25b89cef6560185e6a0480749ec68224e83bbfd

SHA512
fd4e5c402f74e76a61988f3e77cb557e6b6578a33896068c00978e0dc34707f6d9f0c7b503dd201aafc7862848a27d67abe2baa2310cb1c612569de5555b336e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
42477922e803cc06e36ca83a753fbd59

SHA1
00f8f8a19b9f3689d91360f1069e45b7127d33c4

SHA256
2708afb274c4068292dd0fac2cffff50143ac1c4a96a1d15671d0458e612bf6b

SHA512
45ed4258094764a55eaa6b2c5dbd0f78849e8071b9b71ec6430248c73e291dbc13bf57a0365eb8a0b8bbb2b330b6ae0cd48a055890a68f9f438fa498934df130

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\LOG

Filesize
305B

MD5
ee1fe7681c653ddf91d3477083ab6aab

SHA1
911ef31226ffd6222027199617ac00c731f8e1bb

SHA256
216bd61bcde62f5838d4edb3467e2570976a989b1419c9c1bf0c410567f2ea14

SHA512
7ba20e9bd94a26a78ba3174877665843f0a6808821efee3aeeff20e4e6c4374060bb98b338f804cb79e39f872d94929b42c371137f9b56fe0aa2d06648c13292

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Visited Links

Filesize
128KB

MD5
108d8a62a4d6f6d3bd82467be5fe4303

SHA1
bdc44fa8cb0db33827d8a9f422fce8ad29ab40dc

SHA256
d0e6e975ceef3b77178861b16cf2529990996dd0881fd56542dada99dcbc94c0

SHA512
06cb85da31e904c71ec1147b3d04966f09b914cb5d687d2a0709b0baf91ca51889fc96de6b1dd3a7e660f5d7fd2c95d121bbf1e340ff58adf9247d205c387588

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Web Data

Filesize
110KB

MD5
12aff5c24b1e165da94cc9ddef6d752a

SHA1
345a57b067d6c7561b149b6a7de1d0cf53e42cc9

SHA256
b49ee954c97289b707fcaed55266f7c49720d1c24f4a8872038384155081aabf

SHA512
fd584f3d7e3a5603ff2699e1b4930d6594b0ea09c0a194b7329f44d3d4d2e1e985a42ab512afc1b6a0f35412ef839d35f27fab1f6506e871d74c648c3adb0ae6

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\b3cb91a7-4623-4e66-ab0c-f3caed19f79c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\fb22acd2-a31a-43d0-bada-dc836bb6ac28.tmp

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\index

Filesize
256KB

MD5
8291d545d86d350d7842343e3f51e5d8

SHA1
6c3cf8a157cdce202c5432dd103fc08416f43adf

SHA256
898566d82206540243258ef8716ef59144f130c86ffa3cd88f04b8cf98b41b30

SHA512
7c0f9d7dba1e98713b1ba6ef12a1fcd83173d2a1d9ace493b11ce009e0ca8b6fcff9e5420c8b2cf7065e6ac76416a6e3dde1259809849d3dcb6d722f7d83caf6

Download Submit
C:\Users\Admin\Documents\jjsploit\db.json

Filesize
54B

MD5
41dea3a16884a8a050f599c1b3d3dbf5

SHA1
0d1893892dd3a5211b8dc4b66efae5d3f2c82689

SHA256
e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466

SHA512
2c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2

Download Submit
memory/3192-142-0x00007FFB0E230000-0x00007FFB0E231000-memory.dmp

Filesize
4KB

Download