Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3JJSploit_8...up.exe
windows11-21h2-x64
10$PLUGINSDI...dl.dll
windows11-21h2-x64
3$PLUGINSDI...nu.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$PLUGINSDI...ls.dll
windows11-21h2-x64
3JJSploit.dll
windows11-21h2-x64
1JJSploit.exe
windows11-21h2-x64
6libcrypto-3-x64.dll
windows11-21h2-x64
1libssl-3-x64.dll
windows11-21h2-x64
1resources/...bot.js
windows11-21h2-x64
3resources/...lip.js
windows11-21h2-x64
3uninstall.exe
windows11-21h2-x64
7$PLUGINSDI...LL.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...ls.dll
windows11-21h2-x64
3xxhash.dll
windows11-21h2-x64
1zstd.dll
windows11-21h2-x64
1Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
13/09/2024, 19:10
Static task
static1
Behavioral task
behavioral1
Sample
JJSploit_8.4.1_x64-setup.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win11-20240802-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240802-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win11-20240802-en
Behavioral task
behavioral7
Sample
JJSploit.dll
Resource
win11-20240802-en
Behavioral task
behavioral8
Sample
JJSploit.exe
Resource
win11-20240802-en
Behavioral task
behavioral9
Sample
libcrypto-3-x64.dll
Resource
win11-20240802-en
Behavioral task
behavioral10
Sample
libssl-3-x64.dll
Resource
win11-20240802-en
Behavioral task
behavioral11
Sample
resources/luascripts/general/aimbot.js
Resource
win11-20240802-en
Behavioral task
behavioral12
Sample
resources/luascripts/general/noclip.js
Resource
win11-20240802-en
Behavioral task
behavioral13
Sample
uninstall.exe
Resource
win11-20240802-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win11-20240802-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240802-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win11-20240802-en
Behavioral task
behavioral17
Sample
xxhash.dll
Resource
win11-20240802-en
Behavioral task
behavioral18
Sample
zstd.dll
Resource
win11-20240802-en
General
-
Target
JJSploit_8.4.1_x64-setup.exe
-
Size
6.0MB
-
MD5
6818667184b5932f3e4f554ed1075fe8
-
SHA1
59a7a5715bf48d4346eaa4a5ce93a87e15adac71
-
SHA256
fe43c0daebace84ed84884b877150d609199c13d0ba9254d35a0d305f4f42440
-
SHA512
4b3a900472b204134d8c9f0ca82b78390ae92557594ed65c514c79664e82fcb9f587fed8a790cee1b6497eb616c4d4dcdcbb5d19de1c6fde01223dadfbd9f665
-
SSDEEP
98304:hvalq0dd99Dq3NpHBJr0ouJTSZoaSnVgMzB3xxiBx49q5kQFOTW7nVCU+Osgnt6o:hS7d3InhJr0ouRIobnVgMz79AKCeOKrU
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
description pid Process procid_target PID 4908 created 3304 4908 JJSploit_8.4.1_x64-setup.exe 52 -
Executes dropped EXE 5 IoCs
pid Process 2616 JJSploit.exe 4116 JJSploit.exe 4880 JJSploit.exe 2900 JJSploit.exe 1496 JJSploit.exe -
Loads dropped DLL 5 IoCs
pid Process 4908 JJSploit_8.4.1_x64-setup.exe 4908 JJSploit_8.4.1_x64-setup.exe 4908 JJSploit_8.4.1_x64-setup.exe 4908 JJSploit_8.4.1_x64-setup.exe 4908 JJSploit_8.4.1_x64-setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe -
Embeds OpenSSL 1 IoCs
Embeds OpenSSL, may be used to circumvent TLS interception.
resource yara_rule behavioral1/files/0x000100000002aa99-92.dat embeds_openssl -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JJSploit_8.4.1_x64-setup.exe -
Enumerates system info in registry 2 TTPs 21 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedgewebview2.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707283457786383" chrome.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 4908 JJSploit_8.4.1_x64-setup.exe 4908 JJSploit_8.4.1_x64-setup.exe 2880 msedgewebview2.exe 2880 msedgewebview2.exe 2976 msedge.exe 2976 msedge.exe 3592 msedge.exe 3592 msedge.exe 3800 msedge.exe 3800 msedge.exe 1072 identity_helper.exe 1072 identity_helper.exe 3016 msedge.exe 3016 msedge.exe 1532 msedgewebview2.exe 1532 msedgewebview2.exe 1268 msedgewebview2.exe 1268 msedgewebview2.exe 4944 msedgewebview2.exe 4944 msedgewebview2.exe 1888 msedgewebview2.exe 1888 msedgewebview2.exe 2736 chrome.exe 2736 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 2108 msedgewebview2.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 1352 msedgewebview2.exe 1252 msedgewebview2.exe 3816 msedgewebview2.exe 4164 msedgewebview2.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 820 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 820 AUDIODG.EXE Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe Token: SeShutdownPrivilege 2736 chrome.exe Token: SeCreatePagefilePrivilege 2736 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2616 JJSploit.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 2108 msedgewebview2.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 2108 msedgewebview2.exe 3592 msedge.exe 4116 JJSploit.exe 1352 msedgewebview2.exe 1352 msedgewebview2.exe 4880 JJSploit.exe 1252 msedgewebview2.exe 1252 msedgewebview2.exe 2900 JJSploit.exe 3816 msedgewebview2.exe 3816 msedgewebview2.exe 1496 JJSploit.exe 4164 msedgewebview2.exe 4164 msedgewebview2.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe 2736 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4908 wrote to memory of 2616 4908 JJSploit_8.4.1_x64-setup.exe 82 PID 4908 wrote to memory of 2616 4908 JJSploit_8.4.1_x64-setup.exe 82 PID 2616 wrote to memory of 2224 2616 JJSploit.exe 83 PID 2616 wrote to memory of 2224 2616 JJSploit.exe 83 PID 2616 wrote to memory of 1364 2616 JJSploit.exe 84 PID 2616 wrote to memory of 1364 2616 JJSploit.exe 84 PID 2616 wrote to memory of 2108 2616 JJSploit.exe 85 PID 2616 wrote to memory of 2108 2616 JJSploit.exe 85 PID 2108 wrote to memory of 1764 2108 msedgewebview2.exe 86 PID 2108 wrote to memory of 1764 2108 msedgewebview2.exe 86 PID 2224 wrote to memory of 4844 2224 cmd.exe 87 PID 2224 wrote to memory of 4844 2224 cmd.exe 87 PID 1364 wrote to memory of 3592 1364 cmd.exe 89 PID 1364 wrote to memory of 3592 1364 cmd.exe 89 PID 3592 wrote to memory of 740 3592 msedge.exe 92 PID 3592 wrote to memory of 740 3592 msedge.exe 92 PID 4844 wrote to memory of 4172 4844 msedge.exe 93 PID 4844 wrote to memory of 4172 4844 msedge.exe 93 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 3192 2108 msedgewebview2.exe 94 PID 2108 wrote to memory of 2880 2108 msedgewebview2.exe 95 PID 2108 wrote to memory of 2880 2108 msedgewebview2.exe 95 PID 2108 wrote to memory of 3152 2108 msedgewebview2.exe 96 PID 2108 wrote to memory of 3152 2108 msedgewebview2.exe 96 PID 2108 wrote to memory of 3152 2108 msedgewebview2.exe 96 PID 2108 wrote to memory of 3152 2108 msedgewebview2.exe 96
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3304
-
C:\Users\Admin\AppData\Local\Temp\JJSploit_8.4.1_x64-setup.exe"C:\Users\Admin\AppData\Local\Temp\JJSploit_8.4.1_x64-setup.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4908
-
-
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exeC:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Windows\system32\cmd.exe"cmd" /C start https://www.youtube.com/@Omnidev_3⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_4⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd85⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,142797797856892460,8531772529461669385,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:25⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,142797797856892460,8531772529461669385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:3800
-
-
-
-
C:\Windows\system32\cmd.exe"cmd" /C start https://www.youtube.com/@WeAreDevsExploits3⤵
- Suspicious use of WriteProcessMemory
PID:1364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd85⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:25⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:85⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:15⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:15⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:15⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:15⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:15⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:15⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:15⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5900 /prefetch:85⤵PID:352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,12005247987676692550,4416726915438716789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:15⤵PID:5048
-
-
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2616.4488.12038738007748393293⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd84⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:24⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1832 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2880
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2288 /prefetch:84⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1712,13789992582505924344,16423846591303330994,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:14⤵PID:4412
-
-
-
-
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4116 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4116.2624.41560826273087756003⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1352 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1d4,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd84⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1788 /prefetch:24⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2112 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1532
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2496 /prefetch:84⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1776,5889382806128652720,8215246533808804650,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:14⤵PID:2372
-
-
-
-
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4880 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4880.3252.121376566962990369693⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1252 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x118,0xf0,0xf4,0xec,0x80,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd84⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:24⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1924 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1268
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2520 /prefetch:84⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1804,15143816422928313282,4305258823783763693,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:14⤵PID:3148
-
-
-
-
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2900 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2900.1444.96688114037408153293⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3816 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b4,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd84⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:24⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2108 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4944
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2376 /prefetch:84⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1728,10504254828809887226,8068612524548630648,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:14⤵PID:4460
-
-
-
-
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:1496 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1496.1072.110590482724347842533⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4164 -
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x118,0x11c,0x120,0xf4,0x1ac,0x7ffaff8a3cb8,0x7ffaff8a3cc8,0x7ffaff8a3cd84⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1744 /prefetch:24⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2088 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2624 /prefetch:84⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1732,10960365388856486065,14650748916319922204,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.4.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:14⤵PID:1424
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2736 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0020cc40,0x7ffb0020cc4c,0x7ffb0020cc583⤵PID:3828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1936 /prefetch:23⤵PID:1200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1972 /prefetch:33⤵PID:340
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:83⤵PID:696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:13⤵PID:2188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:13⤵PID:3296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:13⤵PID:1372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4256,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:13⤵PID:4396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3448,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3436 /prefetch:83⤵PID:5104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3432,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3544 /prefetch:83⤵PID:2396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3244,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:13⤵PID:2168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4436,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4464 /prefetch:13⤵PID:1100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4432,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:13⤵PID:2264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5144,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:13⤵PID:1228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4812,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5280 /prefetch:13⤵PID:2860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5388,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5408 /prefetch:13⤵PID:2300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3368,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:13⤵PID:832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5560,i,5001327568573360743,7781862866908618700,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5688 /prefetch:13⤵PID:4352
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3960
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3268
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D01⤵
- Suspicious use of AdjustPrivilegeToken
PID:820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:788
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3140
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:884
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3428
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:2856
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1756
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
649B
MD5698feab14ce019ce8bfe56a309b80a93
SHA19eb0f7edfddbe6af1f6650f92bb2fa3cfe379887
SHA256ce8fa2f8d9bc15e3a3ee55ef10f9eea8bc0629d204d016ba0a4a1faaf607f8e6
SHA5120a8e0d931be577f735c91831004957b7e5ae39766225239f89c115d48f972dad06afe413c065a544a6ef51d4efe8f21f2c1fd4b8a025d10df4228a943ab685fa
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
936B
MD54fae18496746df36160fe5586ffdb062
SHA1bbd613d1a17810b2f46398019ed33263589f68f2
SHA256c5fa74948232933405bfb52483be567b02726f04c1202a8c2db0ed42299826c9
SHA51203c7041bacebcdfa0f9ed08b5384bf9a39c4ecb462dd984fb75224378b221ddfe6768d53d27754213e93f51dbd40bf2d99c6b7938dc6778e73b277d5f8db6f86
-
Filesize
216B
MD5f0d0adb7928c1fa83cf3c8e5edccc3c7
SHA1af0d069e6b055e3d3717e8c6db2273dce289714c
SHA2567f6d7aec37252868780d4c06b0a2f385a034f8f4eb98548ada1d65023745933d
SHA512b91cf5e81354c3638352ebeee7b34a57bfac400ca63af767377dadc62ceac7bb7cc17ae0f19245ee098dcb7bcc5ff7fd10a09631e02aa7c6265abbf2016cc03b
-
Filesize
2KB
MD563b1fbcf3c626e37d49014af4ec1c782
SHA15e39bf51cec44b1f59015e9daae6e6b56dd00dda
SHA25605f33d96d139ca39d6765f6b5eb0f9431a2bb49b793d112044ebaf13abb81502
SHA512c6b0ee803bcc4c1efb4e345655dbfe0e082b69c8b641e260a13a38eb09cc1f9aa07665feb346f21ac68c88a1ff0ee2afe0ed5c0d25c09ede2de2a758100e707a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
2KB
MD5d354e079483876b34befd860b1c7fefb
SHA1d8bfad69cbcd3cabfaf40beabf8b444dc7293906
SHA256a212000d4f0d51aebe005e603404524316e141361856b415a72f9d55896de3d9
SHA5122502563c2d7d37af9475fd44a0551091199a32619bab2b39cddb6fdc968d78afeccef08408f9cdeb05422953791d1cc0399afce1cbf977de433434ccf56e30c2
-
Filesize
2KB
MD5d82c8074f45c32994f45f8c57f9c0215
SHA18789c20d42910b1a1938050205b7f541f785bf9b
SHA256c549ea61255f3e300c35ff585697a0066c7054a3f2b490662329377b340d043c
SHA512fac34064bc8666a4f89aee4cf1a63222ccaf2217edf6ad39818320c933ca7b849829e5f8f2dd9cca75c75ccf4dae47f956a83fb25573d4e1fc9825441ced9322
-
Filesize
356B
MD587fd6031dc2032332f687047a1184e82
SHA138692d5b10fc278b9fed48a3ecd08b2e3bc7d1ed
SHA256170142bc7a3d08071dc7281c7705604dc505491472d66cc8fd74fbea60bd9f68
SHA5127acf57eafec92eb5f1406e58a122309dcfbaea24a708759f4b9901e01f9da2131d0334fd4becb245fc3288e9357b47113b4d48447137b26ad257c49337f23c97
-
Filesize
10KB
MD5a89b8169f3eb90aed8e38542612fcd7a
SHA1c08f404413f21bf173aed0c0bb8e0e9f731c760d
SHA2568f759214213018ee927b8b4c162938cbbf96a48a7a1c3a862568bd06a205b860
SHA51207f94a02eefcd55bb66beda0211e6c639f4bbf68b29fbfc92137874806a0afcffcfdf76b5a031e8b8c37b3d18f7a7589776a5825e01e0b9e329d20ba1eda4bfd
-
Filesize
10KB
MD53434cbfd33e2b224243509b7d3fd834d
SHA19b0bd0088fbddb8d1daf7da7ac6bca344cabcf3d
SHA256e0626d4a5a2149759389958850167974ee99d892cb6adc9328671cebe9c5b214
SHA51265b7f9c63b76a13ca2d48dffe810003fb95c5af67710889f55b3ade6f44144a1c5466459d3d67d56380b7804da66190175aa9495b0503aa562f218978447cf77
-
Filesize
9KB
MD59c1649bac6a2f3bf600997a0122f441c
SHA10e57c6698c215ac922fe06e681d23c9abce74268
SHA256bd93c3eaa6543cdabab9c4356d85139fa5b572809ab08b99a1d74e34b1525f09
SHA512917828ab55ef1d4bea2f5a40b533f55b9fe69e00da2300ef47eee81638e8d15f3e62201bb48f552f41077eb2b07ecffacd024e8ccf23d3e5ec93d4101cb4cb12
-
Filesize
9KB
MD5790fefda07542b424bda948b0a284499
SHA1bedfc57d5f79dbdd9793219d955a295391a3ef1f
SHA256ff98388fe14b663e096f01bb69ee5816946f9982affaf51e8c73598630825505
SHA51272979c4d5a5c01759d7bf33ac01e851b00f78c8685132f93053b7c9dcafdceff63a2eb1a2a4bba3570e2ac2bd7b85dbfc23d7d67ff35049fd5809b6203e9a325
-
Filesize
9KB
MD52d686a0bc5a3a630df20a366ce5e4b58
SHA1504fc5bc99b9936565b6f9e970ee56b029fa9da4
SHA2562773e9bb96e29e81dfae4addfdb87078f1035234704e81975539eb49bd7493a0
SHA512596fd0c4328936e19f4d0703a465997e852082b359d06bed14b247abcf75c859136a0fdacf1dda857621d692826bb4f63b678d432c178ea96d3284cd50c5f1e4
-
Filesize
9KB
MD5d7d7804d824922f932cb5bc3406df716
SHA10e17fe7504ffb3e36be5ee195bc9b43ecff57530
SHA25621ee9b82b24974ba33bd3d23bf4d7cc7646017bfecc9d5f2ccb7741041bf3402
SHA512ceb00ee744a25804c1891df722c8c20f6ffc0696de54a0ca12f3e5c7b8ded72126ea8ad7bdbc9f01a743749d2a79b153b3f9a5e28fe4c3d80533788a322cff91
-
Filesize
15KB
MD596f1131832ae1f90cbbabdb8d0f77bc2
SHA102248bfbe18f23b565baae5cc501377bf4f9eea0
SHA256a808b9e0732a26118ac879d9e3f7e25a477d8f7e86ceab72a52d7ac58cd2d941
SHA512199cae6d4bc2438cd9e53f79b2ddeb2fbf254c5c2ab2cd5269952c65a19f87616b5cbcc29243d2019a4602989dd24b0e8017518c0bec7a74ded1903821bdc846
-
Filesize
208KB
MD5aa7328cbfaf4c6d6281b409db4e5fc1a
SHA168e156c61e1f989279a8ec5a1af5427a5ab973f2
SHA2568d40f600e2d6362d6c6a56c58d220f628feb5b7a6413513956c5fb28cb671837
SHA5127106717d6cf705e70587ec57ce10a1138bf76d59b9104f19326d9b95cb54373c1bc394156853e490c52f354a8af0ac33332844dc1eb2dc779dd003451e8522e6
-
Filesize
208KB
MD532ac659f06bd016cad78c98ba53d3607
SHA14868f8e1f71137f8a50082cca3610c1fb6d37216
SHA256271abfaa6b0d3208ab68392d8b23f681f9ecaf838b74292f61daa6030555cbdc
SHA5120bed25a117ea371303c43b6e9b541bcef1c2e4b19480a7b571342818ee1035535cdf73308b3840546ce143c4c61ab5753d17173b23b720da41f76a1f6811b4ea
-
Filesize
917KB
MD5bab4ba8054e72fad860ec73e71621cf8
SHA1f74e7eec682a462e84aca555074ec8d3b6ff9ee3
SHA256ae154641180eea7abf177bc6317e6dce2da9f94eb654b0f16ffa7b0125dc1299
SHA5129d9b23e9e2d88e5ba85bd6998ffe1c2e0f63417ac7407888e1dd531cfde11f87ffc3c6f5ae5b2fbb72a0bc2e4de3f2311fae11ea8bd60f7952681e5702fe488f
-
Filesize
10.4MB
MD5b3d9dd590aca552fa889ada909282a72
SHA15e7344ee001b4cf541f539f1c3ddc4cbcd39bdc6
SHA256601a6721f634bf8c81633679f9692b3396d091cfde58e9f84b9065e0c0ce5528
SHA51259a9e131b16dd93d31684b78ccdd114fc90ff447f537d5e73fed41bd18698747d1971a214b79ba5402bcb8ae5d4452ca998377e90e4f2e168c595717c831f815
-
Filesize
4.5MB
MD5a9c1f7ca15c65c139bc9d4bf57df2e1e
SHA11b1377139a6b289d43a6b1161cd1089ffc817cf9
SHA25603ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116
SHA51297f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073
-
Filesize
802KB
MD551b0d5f42a82f6fa8739b403e9b8b81c
SHA175968c157628bb7aca9b5f2331f7a0c9a1d28865
SHA2560bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b
SHA51294fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814
-
Filesize
74KB
MD5fdf00717b4f5176657ac0e62f99703ce
SHA1403031d95efec48693e5183755125a6b9f22b5c2
SHA2567bcbd9bab2c8fc7e34e621a5b1f5cd20afde316d06b4a555de203fe76e1a1301
SHA5123a3559a82565a7597a218fdd88a364608a4e22d87ce43ed78073f0adb648d4d3e829f0a07e5a9a0106225cac0265ce45939492ce1af7e0cab2cc8bab6b72c4cd
-
Filesize
46KB
MD5249a5f6ca047df2a2f802782696c7f80
SHA16a1d96be0f497d689fb55de70284af83cac61f52
SHA2562828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671
SHA512d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f
-
Filesize
638KB
MD521dfe873f6ed38f2f713ecd43ad1ba41
SHA17648cb043587da0e85743f9da8dca8be621ccdf0
SHA2562a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997
SHA51267b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919
-
Filesize
152B
MD5fc36221d3cc9a4657faeb51e3ea7023a
SHA122e3f8e68b2dd3992d544f8ca57c48c6878f77f9
SHA256f393d5cc1a1b59d1bf0f19ade21515652b60bdea4b2d11780b904eb90fdd7b4b
SHA5121d831b911b8e6970f3c829d7aed3c7d0faeb3f986fa029c8db8e2b2ced40898ad96b26311e620300ecd6d5a71f444582052b9ae11c4231224010096105bdb117
-
Filesize
152B
MD570e969d4a2b40aef8eb0736379c0bcfb
SHA1608c4fdf0e6b820eed23b793884e11210b32be58
SHA25682e6cd647225c2781d32207ca56e1bf5e85dddabdfdf67a469c6e8910062975c
SHA512e38f13e75d7a74400b1c21be8c5d8045c366078c4bfd7a25de86a872a22db8b383484c4f044d433f557ba3f181670398eeb7322fb6946a3bfff03875576b596d
-
Filesize
20KB
MD578b73f6aa644f6710b967dfd263d40bd
SHA122646bfd44ce99a80fa1ae71407e2fad328beb80
SHA256397db50d71e076b5e90424581c013707ec0eb99bf7a8032fef7c20ba23a69d6b
SHA512f9c38091594878a2f98686babdef5aa2a04377a00b1487e52f477d3fc4c61c2eb997aafe3aca68d614f8cdc5641cc93a97a42225cb49674fa0b957e1e69aad93
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize840B
MD5f68c11448763785c7fb92deea51958c7
SHA1b5ae7d930d7c785a1ddc242172b6eb5b4d0b8460
SHA256cdd76c484b6916993b073e8c4ccefaca5787005ee01b9bba502a67fe27c7be8f
SHA512e32bda8a2b56bb038920f0b315df556d58c90331521082c794742f5c2291490403d2fec7e9b1f44c87c04c120d4b12dce42175f9e9b5cb7626b6ac4670490275
-
Filesize
2KB
MD58326c0ed6c8128659838115063712fd0
SHA17ff3721f42b79d4d19ac20f4d3b3fc257e4f361a
SHA25634c864de2605917466ca8119fca4c25b7b01698e822d48fca082aaea35300c71
SHA5121fb630a6bcb1ea3a6d0f0eaf836a1978ecad0c762f24e57fd147a8f8e48714d37b3431dc59e0d5d80347c590110f205c2d658c9c670fbe38ef5df7a0f6f4582f
-
Filesize
5KB
MD5c6a29ab5b829e2ca50ead0fb2cc9bbc2
SHA1bed9a80a9bdca095c614aa9d23c4958b0581e8b8
SHA256b9bfb78712a5a6b06786dec133dd2bd62afcca10d1bfbf721cbbf6a56fb44441
SHA51299ee103834809a9f7dca280fd3f9f3b50254a04c302eeade65719dba20293e3c6b9e92077bbd8bf357f59420d10b3f8780e2bac4c4dc608a25df74f5d6f660fc
-
Filesize
6KB
MD5ed08e3c3f86ec47b2d011b1295d5d7d0
SHA1ffcad2e6d2b043d99133acc21d4bc12f5160b32f
SHA2569f7823373b229cde4ca98ffc50cec5ad0bd0f6b28ac7f194624ac29fd402543b
SHA5122f80052f083fe0921a6044ca7ee45b2014b4fe3dd72a49a02621c328d82178f8a889c60050d389a7e650d78119ddc55ef617b32f3e69918b0becc02978193523
-
Filesize
6KB
MD50b5bd99952a1cdf5e9808d832f44cbed
SHA11dc190313f53ffcdbfa28b677bde1a553f2a314c
SHA2566451fedc1435a68909b70fecf2298badee6d450746f091573af5f9c5546ef06c
SHA512203985f1f713dcafe8696758f7f5eb2b9bc76a370b7ea575443387ef9cde6f38d2838f8c83212e15278c398152d883b7d9d35d74260b1bb85ac80c687617dc76
-
Filesize
25KB
MD58c0d6616af07f61a695d23555f03afb5
SHA14d920d7f35be99217c86ea4dc2396a55e960a537
SHA256ecc17c289b6a0f4fe10cae7e9eed2413279d3d4354d82fcc9bc672b7bd7493aa
SHA512f903fe7977d14cc2d021bbf54f103421d0500cbf7b7f3cfd4ba93ae56af294307ec1b7d82c93d1fb530bb132ef4d009aa244ce2a60c23d7748b5ca08e4c7a2d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3efb9b3-5e8a-406d-ad1e-08ab6ffdceca\index-dir\the-real-index
Filesize2KB
MD5ef04b066178fc3b1b10d500627e23084
SHA1f3d36e3f2d82141d34462aa08c0771c2b2f5c13e
SHA2560144b637abe3f8d67c51db4287009b9f7d4b2cabb515078746e06d1dab89b123
SHA512da071196e59f530debb4f1484529d4cba0eedfab5979d64043bd615b3f45e92c847fd72eadb7b56052f58e84ecd478f65f806be55f42d6d7304f3fd5bf9fb815
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3efb9b3-5e8a-406d-ad1e-08ab6ffdceca\index-dir\the-real-index~RFe580e53.TMP
Filesize48B
MD5937d64b4a37310b4f3d8c8f2307fcd94
SHA1d15f27c659b55eef0fbf853c17bee2a44c5c7587
SHA2566c02cf4f163844ef40ec45e8ff27b86a19ece6d66e2ebf4d9b843fc53fc3612d
SHA5124558158874aa36d58a624b5e70bebec5e4a9dfeaa3c4abfb88e5e36aedd2f039d5084accbf14a7bba004ea8910c956169d74d35981ae9564c105da1af26944ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize89B
MD510a6811247d6018659247541bd329dfd
SHA1283471af4c33c0da7c113ed7613c96c0eb2889f0
SHA25698c464eac8d49459b48878a802777f33a39d8c3100dd6bfe51031a8b0889972c
SHA512142daeb2f0e89117cd90d0c887b4a467237cb1cb1d3556c5c0ea474b0caf91d2b95cb6c41a266a35200686473082b29690e28bf4c802a71f51ed4c670cd3ee85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD53c027b3b255edd00a5f6df3189802ac8
SHA1e22c81f8d7399d61cd3f9344c2cf09a25f66b997
SHA2563904398385cb08bd70c579c782469a41d1634ef84201d158832bb2f3d2e5dadf
SHA512b49eda181314292c6bbb45026a87027c08f302bfb5924fd9c0473233c61a4649d42d0658717f56ea9dad093eeac9f5b79ed04d847bdf5b683ad5aebcbb603969
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize148B
MD50cd73b6a96fa8a4e329bbe06dcad76a9
SHA13f9dd79bb93883694583492ba81f2afd5f59b61c
SHA256289d4730026a38762a525325975f0b8a57a3bce75aacf64cf0786d6c45812fdf
SHA512cdf12fc86886d3a696964368a572812ccb2a3b03658dd16275fc43749661dd0358cca5d7b99b679eca791db397a18baeef75170f911d3eef87df630b5a2cdd08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD53e40f217eb7ff34c8a11ef0821451f7d
SHA1c0aba3328769919195f245c8c9e080e8a1533be3
SHA256f394dac168dcaafa93b567a6ad85a23a56bb483d67b0cc2451c95d913b3d34a7
SHA51231b3e4dac956621721df01a9c2b22c7e32577ca578a5477494f867234ec368ef62403e16088810c19319a1e3a03737c9426b3e05209b942e0b500cd4b1abf5a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize84B
MD511af34876d8ebfeb86ed652fbebcb209
SHA17fe1c9542ed15db4eddf0dece1be2b7597d74a70
SHA2565f5fe7ba903e9eec9ab572ee003de47bcde3ada137f1630338200b9c7e0018c5
SHA5128764a42e9a9de7b216b123c3a175cfdc0c88725a2893930e6cce383cc601de82c4c493f62cc492ce2c25dd833b30e171100446ec872a56088e59a5e88fb1def7
-
Filesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD59899665f1a6ed5fe553183cfe3356b5c
SHA12a08cdd564b2c921986ea9bd02d88057c8de3202
SHA25625bb6c3a8bf21a291bb7510e836ca3f2f4cf6f83eef92598c0dce20203631f11
SHA512d13556b7ceadd0edc7db05eb7db37da13556de6ef745c972c3074bc5d78de88276fa78d6e93dba30599b5e080de861d579a4dc748ca0a022cf7ac39a01cba519
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580e53.TMP
Filesize48B
MD51a82e2f75d63412da798e8fe601a48d4
SHA1f25eb66a0622c235a6e177c1e55cf6e31c9241f3
SHA2564e2995d51331f78c55419e3decc4f841143a394291ae7a4ecb591ac9c75a7ff4
SHA5122be2f91704d84df2057fde91297675fd343947041b0e7c139969c565b1952a7ded589d42972b912a895d1cc52de6a6c15c7eaef57344ce4e0a413ed1bd7c524a
-
Filesize
706B
MD59bfa0fbc79f1c588f8048663396fa90e
SHA1d18b3b80577de1a62a39ec912f1a6890075d8dc4
SHA256e74bd3ce4d79f28484be01eea6d08077cf19669723f5f70aca7e6a05efa58373
SHA512dfb03a0d19b01b76cad79b70ad78c6e7cba52c31f323a73258892167d42c47143ca4b9130786cfdd5e7a0c8b8fd89e1531516761f04174ce70c5a77821bc60fc
-
Filesize
706B
MD59c832860bb85a017eb34a39718035fbf
SHA18a83ffe9e5ea1bfe65f78fc8eba093c59f8dbd46
SHA2567ca232997b4e18ef0b21ade8fc1e8dfb22781bb84b1e6da08852a1fc51027791
SHA51296171ecf944c724a409b8562b4393c02a2d275af399ddb6780e0ba4e3f9a39bb9525313579214bd6c3648134f351abbece5b57a45dcf8698a1e0164fd440ed71
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c2a6e8efd4fb238821dd4326fa930b74
SHA10e7783bad603b3b919d60ed0ec79389c7131ea2a
SHA2562d73b7f64f75e13d8f7802629a18034668d3e4091e683aa2b7e0c01b9d8bedb4
SHA51202039815dc4410260dcd24c7d688d41be2021aea511706f15a869a1b1643f8f207e6400bf602139aeea8936ec51a7a7caa59f510ebc571ce82de201e565c3494
-
Filesize
4KB
MD5d8b08b683f983602301e645792f06aa8
SHA1287d6527b0b2853fc1e0c8097f03919de5e7ff06
SHA256631ef664096181d7461f1961b92edaf83127c3dd9b2e05df42a74dc3114d85ea
SHA5120ab7c8d2d0060252fbb3c9a79f8c311409913251f174000ae15376256186a79503262d3df57fa4bb7493e22df4db6a6fd54d2674813de904a5f0bc8195425153
-
Filesize
10KB
MD5d36960846f27c19dc9b8b6fd89206348
SHA176d8debc8b8ba1ea54857a8b733caa5ff89cacb1
SHA256800dcf1af0f71290b9e35c1e84dd0780271ffe1468353fba218640598b3badb7
SHA512fba43c9f157ae0306a79a0e252743e7e36f45599dfc5f62c052df958a23fba90825680b9e078dde1d72cc6b7b8acb4ef87165e742521ff89796f41fc76e27909
-
Filesize
7KB
MD5d070f3275df715bf3708beff2c6c307d
SHA193d3725801e07303e9727c4369e19fd139e69023
SHA25642dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7
SHA512fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
Filesize
29KB
MD58def0196223484f8aed4106148dd3f08
SHA1e0fc0951deb0e5e741df10328f95c7d6678ad3aa
SHA256c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333
SHA5129ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7
-
Filesize
8KB
MD5f66bc6e0b56b0acc8ccc0e64c9a3762d
SHA1cc52cb6b90b9c20f8a2250f8fa5cea2d7d6e109b
SHA256c807886cef452cb97119d51f3828553d1232842ae3b9aa2985ebc2f3972512dd
SHA512ba3dd0bc8119cff786e60160f15d6b2bcc79467e6103ada09802abb8d6adf03d1c93a724b40a33d44ff837a40804201b79f432a42394e836f6a7e959ecb7cb89
-
Filesize
152B
MD5c8035afbb5958b07814d8b9263cd0e25
SHA12ace0e53255600963d7aa2bf9147f199cef8ff24
SHA25600ebe185785460e93899e487c17716b448e9024768a79da610b8af673b210a59
SHA512a7c1113c0b438f124f515d172fcd1243b4e333c60777b8b934a56f5ad6497c310058be33802c08d370ab5695de81c53b951ebfc6bc6dfd07140cbe4df2f6f7ab
-
Filesize
152B
MD5a39414a40b895657c120cd1a138e09d3
SHA17c0f7bd907208d2f3a6d95fa16c478d8e54d3944
SHA25643f11d57f9d883cfaf6a0c7bf424f90c2816f51ad2da10024b17767dfe973cc4
SHA512e0c0d58c44dc1581e05b2f86695cbbb8c49cbf7f90eaff81701014de70b2ba4448f342b21389c64835509abb499153e354bd1904c40e2fc3c016b47776ac9121
-
Filesize
152B
MD5bb61b97d8a6b6eb34740f950d6ef6cb0
SHA1b2277f421bb27a490bd88b69a11a3f2c9a8eb599
SHA256d13aec213e231583d6c95a1bff8536bf812142a3e891af7b45af4e546269c53e
SHA512a0dcecc6c66af3828715008ced57be18fc50b773889a5fc0ad661c8f97cf0ff9bce23e3ee998be8090d657d25473d3cef750f3b2d2991f6b31b3783518303fe9
-
Filesize
20B
MD59e4e94633b73f4a7680240a0ffd6cd2c
SHA1e68e02453ce22736169a56fdb59043d33668368f
SHA25641c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
-
Filesize
48B
MD596f4aa43daa5581abd16282771c0f199
SHA1a3bbece65c65bbcf8181643a0d962f9712bb050f
SHA256d8e07290d0a37357f02e30018431cc4df0dd0795d6510745237fdcb1bedd5352
SHA512e0c0750bb46e62a78ad6643c091f2b81325858940b149a6901c677935692881d6de49ecf8a2d2611beaaadb51a73825b12f5a06df7c7ce8dad8b90e1b75080e4
-
Filesize
20KB
MD55688ce73407154729a65e71e4123ab21
SHA19a2bb4125d44f996af3ed51a71ee6f8ecd296bd7
SHA256be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60
SHA512eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537
-
Filesize
116KB
MD54e2922249bf476fb3067795f2fa5e794
SHA1d2db6b2759d9e650ae031eb62247d457ccaa57d2
SHA256c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1
SHA5128e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da
-
Filesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
76KB
MD5cf7ac318453f6b64b6dc186489ff4593
SHA1b405c8e0737be8e16a08556757dc817bd02af025
SHA256634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a
SHA512b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4
-
Filesize
4KB
MD592a59f912d1bbb639f761f9d04e4132d
SHA17cfbaf04dd0fd459b6c28096204e144539cbc75c
SHA256dac2fc299027ee2a5e1c4df2e9590255d047619ed0f689bf988553462ec67a2d
SHA512d414617d6069be9165c7d1a217069bd7d9681f763edf88c60bac3eec251f1e3f055abfb02d5e0f74f76c460bf9447a45e057db5b21b0d708812af74221b3935f
-
Filesize
4KB
MD5d7cf2c084edc9de52b3c929be7e67c4d
SHA1af0b302aeec2c050904ff567cc21a711e37a4469
SHA25642514ff65cd8e209ce104af689341a409b39a72e01f37519fafb2e26675f3dee
SHA5123a907b320ea139410c9fdef3054226609db302900685ab6b54d93141848d6f1a532b062180782cb1eb3d4b27f8b42fded02703108258da7714df06d56ce298c6
-
Filesize
4KB
MD5efd39d6f7811e30d6fbd99bbe6c06255
SHA1d54976eea4a292f2dae86f07f7474aa394c34cd5
SHA256d70ebb884c35857b963e835d2b4460b7bf594cce323a392f412d9263ee48bde4
SHA512d776590c50329a75e7e4ee2e3bdfc4feb0675fd7b963893e23dc0f60c1a799810cd36914622dc10cd2bf84a2e1f983b2e7cf698267095c0c44a594d4b1ad5293
-
Filesize
4KB
MD54db959701b87fe456c04b87905a68c3d
SHA1c9f5b50b03bf14946b1b9ea340b0d95e6db683a3
SHA25617618090162ea0e0a7d2b7c56777943f6e9b15621c82ecc6f17187b5b9344dfb
SHA5129d33c2bd8acd1b4ae35f9fff9fa193d41786440085a73a6752de76699a505caf1eec42f555201d4f56e0f19affe4bfb2e36a3cc0a332a446965b162137f717c8
-
Filesize
4KB
MD5ddf445888d00070b8f693ae79a321ea2
SHA1651642a1c7e671d393949397e472734a8af29164
SHA256209932bdc4c65ed668019cb1c25b89cef6560185e6a0480749ec68224e83bbfd
SHA512fd4e5c402f74e76a61988f3e77cb557e6b6578a33896068c00978e0dc34707f6d9f0c7b503dd201aafc7862848a27d67abe2baa2310cb1c612569de5555b336e
-
Filesize
8KB
MD542477922e803cc06e36ca83a753fbd59
SHA100f8f8a19b9f3689d91360f1069e45b7127d33c4
SHA2562708afb274c4068292dd0fac2cffff50143ac1c4a96a1d15671d0458e612bf6b
SHA51245ed4258094764a55eaa6b2c5dbd0f78849e8071b9b71ec6430248c73e291dbc13bf57a0365eb8a0b8bbb2b330b6ae0cd48a055890a68f9f438fa498934df130
-
Filesize
305B
MD5ee1fe7681c653ddf91d3477083ab6aab
SHA1911ef31226ffd6222027199617ac00c731f8e1bb
SHA256216bd61bcde62f5838d4edb3467e2570976a989b1419c9c1bf0c410567f2ea14
SHA5127ba20e9bd94a26a78ba3174877665843f0a6808821efee3aeeff20e4e6c4374060bb98b338f804cb79e39f872d94929b42c371137f9b56fe0aa2d06648c13292
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
128KB
MD5108d8a62a4d6f6d3bd82467be5fe4303
SHA1bdc44fa8cb0db33827d8a9f422fce8ad29ab40dc
SHA256d0e6e975ceef3b77178861b16cf2529990996dd0881fd56542dada99dcbc94c0
SHA51206cb85da31e904c71ec1147b3d04966f09b914cb5d687d2a0709b0baf91ca51889fc96de6b1dd3a7e660f5d7fd2c95d121bbf1e340ff58adf9247d205c387588
-
Filesize
110KB
MD512aff5c24b1e165da94cc9ddef6d752a
SHA1345a57b067d6c7561b149b6a7de1d0cf53e42cc9
SHA256b49ee954c97289b707fcaed55266f7c49720d1c24f4a8872038384155081aabf
SHA512fd584f3d7e3a5603ff2699e1b4930d6594b0ea09c0a194b7329f44d3d4d2e1e985a42ab512afc1b6a0f35412ef839d35f27fab1f6506e871d74c648c3adb0ae6
-
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\b3cb91a7-4623-4e66-ab0c-f3caed19f79c.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\fb22acd2-a31a-43d0-bada-dc836bb6ac28.tmp
Filesize61B
MD54df4574bfbb7e0b0bc56c2c9b12b6c47
SHA181efcbd3e3da8221444a21f45305af6fa4b71907
SHA256e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA51278b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
256KB
MD58291d545d86d350d7842343e3f51e5d8
SHA16c3cf8a157cdce202c5432dd103fc08416f43adf
SHA256898566d82206540243258ef8716ef59144f130c86ffa3cd88f04b8cf98b41b30
SHA5127c0f9d7dba1e98713b1ba6ef12a1fcd83173d2a1d9ace493b11ce009e0ca8b6fcff9e5420c8b2cf7065e6ac76416a6e3dde1259809849d3dcb6d722f7d83caf6
-
Filesize
54B
MD541dea3a16884a8a050f599c1b3d3dbf5
SHA10d1893892dd3a5211b8dc4b66efae5d3f2c82689
SHA256e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466
SHA5122c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2