c9ff34cb7d2374891dbd649a3bbaee384e41736818754dd6ba836df250bf8a74

Analysis

max time kernel
93s
max time network
144s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01/10/2024, 19:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_8.10.5_x64-setup.exe
Size

6.1MB
MD5

ad0fde3ecfc62e0ec5c3b75e15751ac4
SHA1

c9b7254bc3ba1716db45bd72889e3df901cc3da7
SHA256

c9ff34cb7d2374891dbd649a3bbaee384e41736818754dd6ba836df250bf8a74
SHA512

8b6ce18cf0737d56273f6fe1b28066b52082bd8c688eb2767a5eb7d6dbdca717c7610d0e8098e05903573a417ef0b642f0823d015820db8494114d376ebc8576
SSDEEP

196608:xYpp3SbRwIaDURmn0DGYeqCxNjaYKJrWcZNdXDY:xqpcR3amGdHx47d7NdzY

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1496 created 3336	1496	JJSploit_8.10.5_x64-setup.exe	52

Executes dropped EXE 4 IoCs

pid	Process
716	JJSploit.exe
1260	JJSploit.exe
2560	JJSploit.exe
8	JJSploit.exe

Loads dropped DLL 5 IoCs

pid	Process
1496	JJSploit_8.10.5_x64-setup.exe
1496	JJSploit_8.10.5_x64-setup.exe
1496	JJSploit_8.10.5_x64-setup.exe
1496	JJSploit_8.10.5_x64-setup.exe
1496	JJSploit_8.10.5_x64-setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x000100000002ab17-95.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit_8.10.5_x64-setup.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722834272466788"	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1496	JJSploit_8.10.5_x64-setup.exe
1496	JJSploit_8.10.5_x64-setup.exe
2800	msedge.exe
2800	msedge.exe
3700	msedge.exe
3700	msedge.exe
4320	msedge.exe
4320	msedge.exe
1368	msedgewebview2.exe
1368	msedgewebview2.exe
3252	msedge.exe
3252	msedge.exe
1552	identity_helper.exe
1552	identity_helper.exe
4752	msedgewebview2.exe
4752	msedgewebview2.exe
4684	msedgewebview2.exe
4684	msedgewebview2.exe
3648	chrome.exe
3648	chrome.exe
4568	msedgewebview2.exe
4568	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
3056	msedgewebview2.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
2756	msedgewebview2.exe
4964	msedgewebview2.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
2584	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: 33	3052	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3052	AUDIODG.EXE
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
716	JJSploit.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
3056	msedgewebview2.exe
3056	msedgewebview2.exe
4320	msedge.exe
1260	JJSploit.exe
2756	msedgewebview2.exe
2756	msedgewebview2.exe
2560	JJSploit.exe
4964	msedgewebview2.exe
4964	msedgewebview2.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
8	JJSploit.exe
2584	msedgewebview2.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 716	1496	JJSploit_8.10.5_x64-setup.exe	78
PID 1496 wrote to memory of 716	1496	JJSploit_8.10.5_x64-setup.exe	78
PID 716 wrote to memory of 2248	716	JJSploit.exe	79
PID 716 wrote to memory of 2248	716	JJSploit.exe	79
PID 716 wrote to memory of 792	716	JJSploit.exe	80
PID 716 wrote to memory of 792	716	JJSploit.exe	80
PID 716 wrote to memory of 3056	716	JJSploit.exe	81
PID 716 wrote to memory of 3056	716	JJSploit.exe	81
PID 3056 wrote to memory of 4780	3056	msedgewebview2.exe	82
PID 3056 wrote to memory of 4780	3056	msedgewebview2.exe	82
PID 2248 wrote to memory of 2952	2248	cmd.exe	83
PID 2248 wrote to memory of 2952	2248	cmd.exe	83
PID 792 wrote to memory of 4320	792	cmd.exe	84
PID 792 wrote to memory of 4320	792	cmd.exe	84
PID 2952 wrote to memory of 1372	2952	msedge.exe	87
PID 2952 wrote to memory of 1372	2952	msedge.exe	87
PID 4320 wrote to memory of 472	4320	msedge.exe	88
PID 4320 wrote to memory of 472	4320	msedge.exe	88
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 4320 wrote to memory of 1612	4320	msedge.exe	90
PID 2952 wrote to memory of 4536	2952	msedge.exe	91
PID 2952 wrote to memory of 4536	2952	msedge.exe	91
PID 2952 wrote to memory of 4536	2952	msedge.exe	91
PID 2952 wrote to memory of 4536	2952	msedge.exe	91
PID 2952 wrote to memory of 4536	2952	msedge.exe	91
PID 2952 wrote to memory of 4536	2952	msedge.exe	91

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3336
- C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.5_x64-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.5_x64-setup.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1496
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:716
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@Omnidev_
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc4c6b3cb8,0x7ffc4c6b3cc8,0x7ffc4c6b3cd8
        5⤵
        
        PID:1372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1026151985212586795,3039999935311949462,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
        5⤵
        
        PID:4536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,1026151985212586795,3039999935311949462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2800
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4c6b3cb8,0x7ffc4c6b3cc8,0x7ffc4c6b3cd8
        5⤵
        
        PID:472
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
        5⤵
        
        PID:1612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
        5⤵
        
        PID:3108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
        5⤵
        
        PID:2844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:3924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
        5⤵
        
        PID:956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
        5⤵
        
        PID:3592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
        5⤵
        
        PID:3988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
        5⤵
        
        PID:2684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
        5⤵
        
        PID:3000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3376 /prefetch:8
        5⤵
        
        PID:4940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1552
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
        5⤵
        
        PID:2680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
        5⤵
        
        PID:4448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
        5⤵
        
        PID:1092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7545514822446643966,13482775870996518990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
        5⤵
        
        PID:1032
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=716.1452.10344602958986548440
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x1b4,0x7ffc4c6b3cb8,0x7ffc4c6b3cc8,0x7ffc4c6b3cd8
      4⤵
      PID:4780
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1768,17686554889409591612,11593765902977508646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,17686554889409591612,11593765902977508646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2092 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1368
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,17686554889409591612,11593765902977508646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2352 /prefetch:8
      4⤵
      PID:3060
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1768,17686554889409591612,11593765902977508646,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
      4⤵
      PID:2392
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:1260
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1260.3632.16623757199383405629
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2756
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1d4,0x7ffc4c6b3cb8,0x7ffc4c6b3cc8,0x7ffc4c6b3cd8
      4⤵
      PID:5116
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1740,10798754282205507441,4217404898878039581,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1772 /prefetch:2
      4⤵
      PID:4536
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,10798754282205507441,4217404898878039581,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4752
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1740,10798754282205507441,4217404898878039581,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2528 /prefetch:8
      4⤵
      PID:3596
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1740,10798754282205507441,4217404898878039581,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
      4⤵
      PID:3472
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:2560
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2560.2100.1715424723104415742
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4964
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x17c,0x7ffc4c6b3cb8,0x7ffc4c6b3cc8,0x7ffc4c6b3cd8
      4⤵
      PID:5104
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1756,17710258202209388133,4680029274817467703,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1800 /prefetch:2
      4⤵
      PID:1444
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,17710258202209388133,4680029274817467703,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2100 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4684
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,17710258202209388133,4680029274817467703,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2708 /prefetch:8
      4⤵
      PID:3504
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1756,17710258202209388133,4680029274817467703,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
      4⤵
      PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3a8fcc40,0x7ffc3a8fcc4c,0x7ffc3a8fcc58
    3⤵
    PID:3772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:2
    3⤵
    PID:796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2028 /prefetch:3
    3⤵
    PID:4896
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:8
    3⤵
    PID:4816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3092 /prefetch:1
    3⤵
    PID:3868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
    3⤵
    PID:560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3556,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3544 /prefetch:1
    3⤵
    PID:1244
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
    3⤵
    PID:1216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4536,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:8
    3⤵
    PID:1108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
    3⤵
    PID:4436
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,18298156642964401801,5204135530018284431,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:8
    3⤵
    PID:3496
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
    3⤵
    - Drops file in Windows directory
    PID:3160
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6e1894698,0x7ff6e18946a4,0x7ff6e18946b0
      4⤵
      Drops file in Windows directory
      PID:3596
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:8
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=8.4972.7661208694379821131
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2584
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x17c,0x7ffc4c6b3cb8,0x7ffc4c6b3cc8,0x7ffc4c6b3cd8
      4⤵
      PID:2644
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1736,15875136894085827932,10919480196692193308,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1748 /prefetch:2
      4⤵
      PID:936
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,15875136894085827932,10919480196692193308,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4568
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,15875136894085827932,10919480196692193308,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2560 /prefetch:8
      4⤵
      PID:4140
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1736,15875136894085827932,10919480196692193308,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.5 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
      4⤵
      PID:2308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
505bcdf1f8fd5e8d41fbe0ade694dc73

SHA1
e8cc1bee7624f02e82e61a71c3adfe9837719f05

SHA256
8ce180082ef0ecd90b8bf2e14079bd24557e2cf5844b0f052be910b7889cbed1

SHA512
9768fe92918e2dd15e577e96aeba138421d604b3f6665e3de4c1280e331f73251bd0bb2240be2edd9132629d2a21e6e05003e3c2b87e5f710f450183e8f93ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9fbe16eb62c853b7c42e0f74b51acbf3

SHA1
c000d849e0a786ad4643ee385554ee85d3f094bb

SHA256
a9e9be3d3afbc8c9e0567b748fb03864baa27f8463a50c6895d50c0e4ef510a0

SHA512
129bb632994b7596db76b84b9bbdcfd9d696d80587366665870a66abbfac6a9a2a197576393e215b5a94bf7cd55b9d5fdf33c1b6c224aec2e0f195ae2e8320a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e196e7762f8c73ac0d848c6face62897

SHA1
5b429f765e4ac3f8ae5893ffdf7f0b786437999a

SHA256
191c76e0c507d2c483a9a0bbd07276e0a5a01f3344c8792415ebb24210e0339e

SHA512
2ba22b8064e34a30c0d9273ada61353659e529088a5bf7e2dd554d4c7b968258708da34a46bd3403bc280a2ba3a140b5f2e88bf54e3e24aa7b8485b85545c57f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0433625a2acfd206705d5f29ecde578

SHA1
359d3afefde0ebda5cd9e71190c1544dfbe3fbab

SHA256
2710b13ea1684d538ad214aa65febae190166188077f5535b4db8e35fb572d1c

SHA512
55b28225dc619fc89eab6a12f2020467bdf147a2d26e697c538746693cba0fea8b5f519535c8284c43acc2ed7465bfb151afcd8fdb4dc7bd76323fadbc8b5aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d94cbe3c7a4159ebf2e12f50846f32f3

SHA1
53a774664b0d3677553c5cb5bcef981cfe3c7549

SHA256
1e2b6a016dc6871a94276293254cf44d79398fa4740bd448ac158e847385f366

SHA512
6c6ce0138ddbc6a66634e183d961eeb8bd7cbe108d2abd8adfe1ae11bd1f45fd913e742a8142c4a61f211a29faa914a1b6dee1eb63cac940c47de9292d6decc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
4fe659b5019befeec62cee881fa384e0

SHA1
ccebcf85b2b93e7cbe6f4af57dfb013527c30142

SHA256
7e22687f99020e7ca9314feb6c763d6e1b3ac1f2589e042103b2d59f6506a84d

SHA512
3b2e02e535e41bfa9da708eb7f80a4af0aef95aef8edfb7cb3b801cda8d134f44911d96bd83c1eff0156e352f9acd6326a35bcd59eed4e6cf0dff9b80d5ba07c

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.dll

Filesize
1.2MB

MD5
8c0b7c86c22f99f120fc916a5229b79c

SHA1
456c940054312a542b7431044a39fffd8df091da

SHA256
10a6683f040ede6509a5173487a1eac66045edb9968a03db5011e3f5bb6bdb5d

SHA512
088fd27ae3d093c727f51e7b716af65bd5e2a3e335cb072f64e2343d21822a7e08e92de8bbebece2e6a5ee4258d5f9cdc26f368b2ed729cc35cbe809e539d241

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe

Filesize
10.5MB

MD5
9d3765c344c77d362bb57d54f96297dd

SHA1
c9c1e4df8bff920594be873872b8dfd1b6bddd21

SHA256
91e5d48a31d5b4b7952c19a3ad5b2c27838272487f99eca6f64d8f8038131d9e

SHA512
c83283dccdf9175733a8f3ab362a653a25c05665ed670351597b9970e2691785f3aec403c7d7b3b98da1c57a69c2b52e875b299439607ba2034069249f8cb629

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\db.json

Filesize
394B

MD5
0db367a2b2be9a60bc78568e5c2747ad

SHA1
df10acdb237c168a8ebdc66551aeb7c6679a93c7

SHA256
8e2467680b3183de59833855e14d40240c66fb41b4c405b12ad6cc83f241af0c

SHA512
65d89b8b7e2f38a5a43d3d5b3a5d56245e8c9cac28d3a4567cc015329d1e6b00bdad9116450da2b0dbcaebef607b4029cea0274023b81ad3dfeb804f6c832c26

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libcrypto-3-x64.dll

Filesize
4.5MB

MD5
a9c1f7ca15c65c139bc9d4bf57df2e1e

SHA1
1b1377139a6b289d43a6b1161cd1089ffc817cf9

SHA256
03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116

SHA512
97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libssl-3-x64.dll

Filesize
802KB

MD5
51b0d5f42a82f6fa8739b403e9b8b81c

SHA1
75968c157628bb7aca9b5f2331f7a0c9a1d28865

SHA256
0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b

SHA512
94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\uninstall.exe

Filesize
74KB

MD5
ff876da38a1f6c52c08d23055086fe3a

SHA1
e224b15125f5e7d46401347f4928f5855d672186

SHA256
e51f9625f6b7f05829f500e1e19dd7ba400fd332fa231bd53e5fbaab288a3d66

SHA512
eb6af93340a87ba1940443cd485a1e77c8a3910e2ba026ff44422be4e948bb8037a29f13ed050997b0fa8f4e4f223e203f3e172a97fb49ee8d67f60fd46ff50f

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\xxhash.dll

Filesize
46KB

MD5
249a5f6ca047df2a2f802782696c7f80

SHA1
6a1d96be0f497d689fb55de70284af83cac61f52

SHA256
2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671

SHA512
d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\zstd.dll

Filesize
638KB

MD5
21dfe873f6ed38f2f713ecd43ad1ba41

SHA1
7648cb043587da0e85743f9da8dca8be621ccdf0

SHA256
2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997

SHA512
67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
82923d65105617b5b95d3eb818947773

SHA1
1138b51e0e730c439c97e372f892996201624f03

SHA256
8bbe1151f4fc744ea9cf8b5db9b153fd7b29193d45778ceae67f438de97be15a

SHA512
30e2dd3266d39b008e9b920380c1d6fd2f5362997e6017aae515bd9ef66cfc818d211c20f23353b124f483e7fd0a233c5a759a7c1e592cb80559de80b6b96fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4cedbf0567834c20387c7093d6a14673

SHA1
7f761cae7baacd700ece54fd55adb10d57e17c29

SHA256
f243b4cc4b9e19be1b0e8df534745af2f6c9c0dde49101a13c097c9cba041f48

SHA512
ff6893cc5d9fd2744171165754487ea955bb5ccc82ad6c9150e9e7d05687ca140ba5cbff7954f267cc99cda0f79039f413debd5d2230606b4f877f5567cd9f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b82c726ad98eeb5f981fb95de9d73089

SHA1
473f94fa51271b1ac473034bc43927cb16090049

SHA256
98acb603c58751683f0f52a2ae2af0b5910e09dda38b136565acce7606150373

SHA512
9713ad334a4a436cdac4842435011ea22b24f8dc6f1da7a8335d47fe18d22fa4296e84c8973d4304a40f4a3a46f11d66a371d46a4d508bb8617457f1c2ebb51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9dfab404d3f6b6ee6a1dbcf73fc3c0f0

SHA1
c8b829c2a483a1be30a69f3ddb1b57c262809f19

SHA256
0d12d044642d4d3c03b3f7e644e715646197700a1c19bf07f9f9a424e7ce9dd8

SHA512
59c2d3cbf68aee24a426cbe3f3a9d3f905c1a8364fbac3b97f32fef9a92524d0bc1640f1a7036a95cf496f43d04218d00abe4885db88af9f47bfdca9a02d85ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11e1efa6f5fbefc9eac6fabe0573b929

SHA1
acb4ba3761be85e9d1a4fe9590597d17ebc8acb5

SHA256
069981e14aa8c82eeaa7fb59f5bfe86d429a588f4e02e7cbd370d538ac38875e

SHA512
f0e389e88cd824d618e721be3455c889181e3eaa816fbc3d0371ba869ecdf23cf4ba0544503475baeb9cbb2d1ca14d1805b9f66bc69b95ab0acc4711bb5c1ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\23a8c8a3-8072-4fcf-8c10-975873f72d3b\index-dir\the-real-index

Filesize
624B

MD5
d3ae724e5ae304e73217c11506dd04a4

SHA1
a1f96d7763f8fbc17050f1c6624cd56a09153d82

SHA256
877d0cfb6ffa11e45771fad86c6f53abe24febd3588b3c6704dd0cf515973e90

SHA512
aa42294f167898f5e5cda2ad750f2e7a0b27426fea67a6c94953084cc41dc8345d6eab315dc4da5429598ea006cd42dbe9691eed035468014a280175ccc4df1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\23a8c8a3-8072-4fcf-8c10-975873f72d3b\index-dir\the-real-index~RFe586b57.TMP

Filesize
48B

MD5
e024ed08dc514143e78293828d60eacf

SHA1
0c1954b8f0e7af2f2e59abbf15035e7ed1e26b2b

SHA256
8b6d00b5da9f3ec0e57dadd4c5db2d5fcb70098e7d48ea2cce1ae1d3a47967ab

SHA512
72962f2def6f0c6f2e8df726953a6b72fad9eb5e0174644a4ffa2e369e177f5f9cbe0aab6390a9be8e7dca553fa981ab1843660c1e6b1fa6e9003cce6b5a16f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ab5e405-4d58-43ee-b67e-94ffe8e6bffb\index-dir\the-real-index

Filesize
2KB

MD5
a25e75eb42f55293ef263a819afb6be3

SHA1
6fea8f78b5a21f3acd2585bde4ad498534d51da5

SHA256
3f78b0af33fc4a06050b647269e3f08ab2292ef40249ae2d136ea265f3b70adb

SHA512
59700244ec340471706f7e87d86111d8ff03dd16526eb5c3e79943e108d120898fd7480d745621aa34f97b124d654e48791860050ebc9d7b9510179e80c9d03f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ab5e405-4d58-43ee-b67e-94ffe8e6bffb\index-dir\the-real-index~RFe586b57.TMP

Filesize
48B

MD5
9bf4b3b90c86f0652b8267620731c768

SHA1
919bbe14b19209cc3d1148659fb9287f3f80386f

SHA256
2333272fa6abf7ca48cf1da9b9fdb5e881d41c23917981466ab38cdb7c5fa0f1

SHA512
a98a5ebad9fd479e4703d3e213ebe7e39ba8bd3d9b3d977761cefd6747cb2a56376eec36e57c5d8259ef143509bc422928792402e8578b26e04c7991b515f9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
7efd8dc30198f352ff64ccd90cb87777

SHA1
0c3447eebe367d401acf8911bffb271edad77bb9

SHA256
6acbdd59b5649ed370caf0726617686c06c22044f8948bdb95d27ec7f03bf9c2

SHA512
281efbd6bd24a606a223e330d7260e9823c89a3aa3782e8a42251114939131597ee6d754d269967069d40e1b09e40705b797f212fc045ac9f929ac46fe9f2437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5a95d0cbface3ac88b45b8880bf56bf2

SHA1
07454f9caf6e0f829c0ee0b518c8d8bba56a3878

SHA256
37bc072c6a70293fad9e72afe9c30ffdae6736147321b09a36fe9b21d78244cf

SHA512
d9359aa495f3d241acd14ec9f6d6be002075b3bdccc7f850d991e52faa11a0f7da2894c6136f91c5f77370f880b4640f94d44cdf6b39f83e9f6325333bedf4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4dcbe06bc539a671a698b110b0b7c366

SHA1
6f5346900a0b33012aff583068347fa52bbdc070

SHA256
d511a5d22ca69e03b08719d0030e2ac8901f9221a83eb1b2923e46d780b0d122

SHA512
0e771c8a66cb3e404006b493b2a878dead75fa3c904c9b7157cef7e726524bb3432e6aa2309506c088d963f90af06d8e2f26e644450c97406b514416a284e078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
f58d2783081cdeeb3288d432d563c199

SHA1
a11156c4811b8e5fbf20f9b1b2ad7d976aa79bff

SHA256
2f4fd21815a5cf2cbaf48372223c11f3c1301f6f9e4d9331bc58ea89391ac2d7

SHA512
e364da2dca93d8d04fb3cd3ad99da585dbd1dcd3338a08b157c5c64bec996438f4d23006bec39d937f675c72184c4aaf768f1a65bc0e041d9b28eb640884a9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
35e4c8e204d4679e6c6f2348a27095dc

SHA1
4a3050b9a74e43523fe6cb38d8bb18ec26b19ab3

SHA256
b81a56a97cb9d1ac3d901e2bee6ac22bce209775c07cccc1d2eba9639d0024d4

SHA512
7725e410a3557232494d1735a513c82fefc3c64499d9e35930f87cde1b332f57089d80a585f610af1bb2db2d5ab4811680849d5d3badafd62aad32449e2a9965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2e03aa54287cf3238b3fc9970b34dbf6

SHA1
f99e2d53dc8846cd528f013f08444a6c5a2f7872

SHA256
63e1201b852cc7e7d3291ad57d7a0714feeeb97ac4ee9a2b31af9181769d8adf

SHA512
18c2f41e9becedab7372691b50ac7d43134cd9ee79037e272b88b8459888471cefdb37977233e97fb82361a10eac0699b30b41ed91c6196d7dcbe03f3b387952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586b57.TMP

Filesize
48B

MD5
a7718c673341dd0db5cae4d430e20dc1

SHA1
f290eedd65532a4a47205f954348c22d12fb3547

SHA256
510ef64c38a0dc16d7cab4259b094ecaac4528f84f57755b8f93e98fb0365dcd

SHA512
858934134e4ddb1e10ff47bf426e365a2a4dfdfd450b9aa021147272f680b75f93d724b2d41c7c754c72213d91158b58f06a4c079c78bef6f00c50c3c29a0008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
579d340cca7797d0797d7b633a80841c

SHA1
29224f05e98da09c7d240bfddec1c272090c3c3c

SHA256
721d2f67708e0825f75a36118f98900b673cae79f79e80306c646ac017c39af6

SHA512
994d778a7a86057932851999332e7dd4c03963cfa6f88e109fc2b52d7a86683621fd7d612c22a18c9dec7ac704183c4b15f0ecc5dacc550b437bb414733d6c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586443.TMP

Filesize
372B

MD5
e2d1b70b30362bda6763531db87c1a33

SHA1
9bbc089f1b650ae524581f394507e77fee12c9a1

SHA256
524640defdd9d6ba56509ceb9a4c05b6cc811a63e2fdab63475b03784f90a2aa

SHA512
6a304c4764d25886bd2ef9db97417fdd739614e1231dfd14e8b99ac43dbfe370c13589a4faf7b0a7ec5fbfb2fad04b7e1c93fda833583fc0d97171027e75532e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
436322cc2ff37d0633b3c31bb908a87e

SHA1
1c8c3dfa2df9796db2e02782712248fe82e69b4a

SHA256
7b7f8fb861c5686f65fadfc71d415bf925bc037ad68733432ef0295a3c62fe1b

SHA512
ad4b0419d03ec16d5c967f903120c3fb88ee95d68ed6f48c6c2a7a26bf259809768b12ce04a0d79534b9e4e925b942ac32c22573e8ef3b3bad2a19a235f45aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fa0097dc01a4752a02480c10090d224f

SHA1
d8e55b78e2a3eb0bd877eeadb123d08596a4f134

SHA256
1f618b0f5dc0376f6e62c036905ffb21997f61f7f436e348e42592c950e4f6bd

SHA512
d973d637115570d0f0496bcf234a04ab096340eae8a6c156e9ecd4afcabc1004ec5025e562519ec34c803bf0a07202f136fe5940f6406038bf6ea35b66bf5e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0278cd8ca69e2a75b11c9c1fe4d5884b

SHA1
8c8bffc7692516bf4b1fdcc11e5949132cdabbd9

SHA256
161c9133653c9c0c10573356453e9dd7d8644ef054034f56dece6a3f9403d666

SHA512
96c562290231954dd2fd23322bafae944de223d6ca861280bdd4c0c36d9af91ae9f176440e26eb1997058e484fd8833dffc1d6a51302511e3b93a8c769fb7c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnD8AF.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnD8AF.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnD8AF.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnD8AF.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsnD8AF.tmp\nsis_tauri_utils.dll

Filesize
29KB

MD5
8def0196223484f8aed4106148dd3f08

SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa

SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333

SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\63178776-c42e-4e3a-8a4d-d1e533a6cc49.tmp

Filesize
2KB

MD5
b87f0ea40a74c97b11c5f4c9868489ab

SHA1
e6dff4e240e0c74136546d848b8db428c717177a

SHA256
5cf4b528e85b5ab9fd9a2b6a2b0abf7f58cfef552e3c05099fbbb880f7d53611

SHA512
ee0339104a30f11ec63a68ce7ae0964989c15725ea160b73646d6e4a48f3a8829f3bdec874f598b63f6ef1a3bba2bc7ac6089c122aaa2509749833fceb841967

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
e3d2a3e4e155acd4b21eb8adea1f33f5

SHA1
481c9a5fa38fdfa923ecf9c62688894e8b0f06cc

SHA256
028c60822ff336383fb9f4cc9fee65f683fde515c51503d5652ada1a0c436fa5

SHA512
a3b97ca31056aeec68035f364295b973cf01436607a583345b1d05a629b7ea1d908da3084810adb32ce3466f1f470e20102367cbef307dd127b18effcb7e7ac4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
3b16ca7441c884a9767e93579c573f07

SHA1
b5e10c3ace5f0fccbf3fe45f368f30d042db03dd

SHA256
0cf94aa99c16d47b73fb89b74e1545db11b8104e293965d58948a60b3199abc6

SHA512
570e1e84cb0b9a68809feb2cb7a216a77e64acca1a11ed20c2c6c50ede61901b91900a7741488fec868cbc52b74464768b57ce7cb65b11f181159cee88488ce7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
15ff63862295fb5c276331e686fcb9aa

SHA1
fdff917dabb8de987c831a2591e85fc09294eeca

SHA256
99fb00bbba9d9ba958c60eb5493bf0d1ad2e9a852d52d1f2caaba8aaaf43871c

SHA512
fe1d2bf182cb27ef88fd16cf381645b0de303030f5b44866b065c134ee7991a668d4e5e2a8adaa60c3b97d08a05caa86ccb6bb87841074df93cdd423fa1d683a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\9d33b6e0-efee-4ba3-ac77-cdee68f620c6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
10a8d27901f6ceaefeaf683e0b6ae457

SHA1
db13f40b08c4c151383e7926fbd579c2169e9a1f

SHA256
5e7c1ed31961d2b69c8db44ea5ffedda5d83a3a7b23fcf925e4c4086e06be622

SHA512
53c87ac946860dd4de54447ddee77b38d65e5218029e9aa21ea42f76a796a3689a688ac93035eb314a387902fe4adf217ffc9cf2bf0035f3bea1d8a0047935f1

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Media History

Filesize
76KB

MD5
cf7ac318453f6b64b6dc186489ff4593

SHA1
b405c8e0737be8e16a08556757dc817bd02af025

SHA256
634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a

SHA512
b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
f89a9698709c26d8df415529f80d1f12

SHA1
7014f19687c11d0fb6950b20d61848160c3a07d0

SHA256
20905431284fe3a145fd324890d7a7ba196c4d6fd1f32e186579dfcb6148eb0c

SHA512
cd99be3772704092a7a7e33811b91d8104fa5186b6c74f7bb08708d37f251e40b3439902fd5dcb9e56d172c506b2e73bca24c945bcf65b9fc81b92e66e92b7dd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
7d2b9a70abaf4e1d475208bfa4c135de

SHA1
a7a8e33d2d89f1763409ba811f073f620867d9ef

SHA256
8646bc0cfe4181a3858d66f3c5ac80d41add773f3373f2ab475a06ad91d33a25

SHA512
45fc325ecad409ebe386a593f59b6c4849116ef79f9857ea0af69ab3549660fecacc001108f3bd79ebe1cd9cdceec30973d9d6dce9550a9635b48e50dd997b7e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
0502f29e88ca210f1ff292f6733caa36

SHA1
39776e7abb8f196ea3e4464dea0762b733145e01

SHA256
a0faf21f342d3d3b75f4cb7189c42d1d48be168d9048a5f64d36674bbabc5968

SHA512
93e1fd6c84b86628693ee4686da1c77901a929ae7ffd9c29eff046e53e709a24ace2113b8520f5a5768248a30d8d317fd96b5eb44bedf652f5f4f5aa72fcbfae

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
74847cafe15c115a56c05b9053b5fff2

SHA1
4eaba2e774c3d741e8555d3af4826278ddaa3687

SHA256
6ce7307490deabb3f34aaba382487a87caf9fee35aa1bd0f6ffa5fd91291f6d6

SHA512
e492279d2e450f75c0d14d9fe5024e82c856b22e1f7c3aba70d4886d2a0b0a346ef775320ab51e8d2185fe82bf01d9c022eb7c57df99a870618786bf28e43cc0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
b3c08a60239ce6678e4e67886a87f2cf

SHA1
1f6839a43084e95755a11deca7ea598c87870043

SHA256
876e3b2759192f4c0b9e5a69bfd034bbe00f7587525f19d61bd8d4d064239ed7

SHA512
99781fda782e803b1922b15d59e021972625c8c7f6c4e134267de81f4026e80fa6bebc2a3f261cded11a0a1db469cbc84695691ff519f644e90db080fbc40bbb

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\LOG

Filesize
307B

MD5
374e7099757b7d62dbd45a45e4c58620

SHA1
23fecc50aee55b8b080a55c5773961b207c3ff9d

SHA256
fd17139a2a8c3e2bf2bce50053bd0b128fba6cf5ef479b302712000a57132453

SHA512
57825ed0a9b26f1830bf8447b4f27982ed42dc6a0416e1c39cd11e497f1ff3fb1a0ea340dde8100f7a59173183edd729d53b29938d6e9c826617114dc40e9842

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
38d3f20193ae95b43e47252de115d68d

SHA1
e4a021c8a4d79488202c763355294f57886a6115

SHA256
1654732a6431663e1f1bd45ee25bd970971aa42d28076cf864aca21d4a715169

SHA512
b35a4291aa2424d59c71d0f1f854022f549a644a3315b8ec6c73611401f18b59bba71c4fea90290b561fc7dba95351c47a3a071f4591162809c8e606b9e1d2a2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
5660ea970e20c88375092b23efa7d3b6

SHA1
5a11e00a813cb82ba68185179bac2b33dcd90217

SHA256
021d1f3f95e69df940816761865aff50157608d5eb3dd82e923addc126c8f2c8

SHA512
93dfe3288889ba61aae10ca47234ed3b8ffb50b259727b87354f6fc5e6fcab3dd405944ac626097a78acf243299874f22bc7170e74a99a270fb9f2f0bf65c2cc

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
0739f5bbe8f00637daa8a2e899898084

SHA1
c266b7189c6594f2a8e5c33a2b920dad92506498

SHA256
1a5a9bd3de50b2a9e10c34b9c0b21405f79d4df1a7109b6f54f4cae07ce19490

SHA512
97e422c33f6c14ee7ea6b19440907191e97993eaf2f4b2582565871639e0e0a84057e9769acc5a0160ad629cd4cd563cf11af7d3cb870a232ef4ea2b609ab903

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\index

Filesize
256KB

MD5
e44b896b4a3fcc139b2f37307bc0f15e

SHA1
10edf9597fe19f2003acc9d42e051f187f0b286a

SHA256
66021093e847c6dc1b7a64f343cfdfc613e76187c6b33dc61d7ab10f7a13426e

SHA512
0e8decbec45edd26367a84dfa2fa9075fc5e3746f7606409b00370a8e6a8e82138f9b0e25fd8e821f2c8ba2a3acc86710c00dda941be1fff1adc6c142d87675c

Download Submit
C:\Users\Admin\Documents\jjsploit\db.json

Filesize
54B

MD5
41dea3a16884a8a050f599c1b3d3dbf5

SHA1
0d1893892dd3a5211b8dc4b66efae5d3f2c82689

SHA256
e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466

SHA512
2c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2

Download Submit
memory/3544-167-0x00007FFC5AC70000-0x00007FFC5AC71000-memory.dmp

Filesize
4KB

Download