f93c3a4931c1d065d6d2d7c5233e6d6415926f240b512bb41e12a2610dc898a9

Resubmissions

06/10/2024, 12:47

241006-p1hfxayfqa 10

06/10/2024, 12:45

241006-pzch9syfmc 8

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/10/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JJSploit_8.10.6_x64-setup.exe
Size

6.1MB
MD5

69a250d257eb041a676f0e8da7d20669
SHA1

7ab2cf80a8151b7432a82cc7b025c76c8d9ba1bb
SHA256

f93c3a4931c1d065d6d2d7c5233e6d6415926f240b512bb41e12a2610dc898a9
SHA512

aa88b11e380a27b08b53cff7c66c2b889728da6faa45f197a5b7dab41717c019b52389acebf054717cf9ad9116922fcc642d82c52691d02acb09eef162b34235
SSDEEP

98304:xtUlGk9TjJ1FaXCZikMBp+vrXyMUI/yBiPQDK6AiXMTOzE9znSfUJHkuyJmt3W1W:xt2/fFjZ2BpSX00QT+OzEdniSG1zC

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 3456 created 3344	3456	JJSploit_8.10.6_x64-setup.exe	52

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
1176	JJSploit.exe
1540	JJSploit.exe
1320	JJSploit.exe
1096	JJSploit.exe
4060	JJSploit.exe
832	JJSploit.exe
5848	JJSploit.exe

Loads dropped DLL 5 IoCs

pid	Process
3456	JJSploit_8.10.6_x64-setup.exe
3456	JJSploit_8.10.6_x64-setup.exe
3456	JJSploit_8.10.6_x64-setup.exe
3456	JJSploit_8.10.6_x64-setup.exe
3456	JJSploit_8.10.6_x64-setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x000100000002a9f5-104.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit_8.10.6_x64-setup.exe

Enumerates system info in registry 2 TTPs 27 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{C106D5BF-5C3F-40FC-969C-92F24F73CBBE}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 34964.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
3456	JJSploit_8.10.6_x64-setup.exe
3456	JJSploit_8.10.6_x64-setup.exe
3020	msedge.exe
3020	msedge.exe
996	msedge.exe
996	msedge.exe
1972	msedge.exe
1972	msedge.exe
3200	msedgewebview2.exe
3200	msedgewebview2.exe
3808	msedge.exe
3808	msedge.exe
2324	identity_helper.exe
2324	identity_helper.exe
3848	msedgewebview2.exe
3848	msedgewebview2.exe
1032	msedgewebview2.exe
1032	msedgewebview2.exe
5048	msedgewebview2.exe
5048	msedgewebview2.exe
4944	msedgewebview2.exe
4944	msedgewebview2.exe
2792	msedgewebview2.exe
2792	msedgewebview2.exe
836	msedge.exe
836	msedge.exe
764	msedge.exe
764	msedge.exe
6056	identity_helper.exe
6056	identity_helper.exe
4928	msedge.exe
4928	msedge.exe
5676	msedge.exe
5756	msedge.exe
5756	msedge.exe
1740	msedgewebview2.exe
1740	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
3784	msedgewebview2.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
2752	msedgewebview2.exe
3028	msedgewebview2.exe
2980	msedgewebview2.exe
4368	msedgewebview2.exe
4632	msedgewebview2.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
4536	msedgewebview2.exe
836	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2960	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2960	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1176	JJSploit.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
3784	msedgewebview2.exe
3784	msedgewebview2.exe
1972	msedge.exe
1540	JJSploit.exe
2752	msedgewebview2.exe
2752	msedgewebview2.exe
1320	JJSploit.exe
3028	msedgewebview2.exe
3028	msedgewebview2.exe
1096	JJSploit.exe
2980	msedgewebview2.exe
2980	msedgewebview2.exe
4060	JJSploit.exe
4368	msedgewebview2.exe
4368	msedgewebview2.exe
832	JJSploit.exe
4632	msedgewebview2.exe
4632	msedgewebview2.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 1176	3456	JJSploit_8.10.6_x64-setup.exe	78
PID 3456 wrote to memory of 1176	3456	JJSploit_8.10.6_x64-setup.exe	78
PID 1176 wrote to memory of 4484	1176	JJSploit.exe	79
PID 1176 wrote to memory of 4484	1176	JJSploit.exe	79
PID 1176 wrote to memory of 2008	1176	JJSploit.exe	80
PID 1176 wrote to memory of 2008	1176	JJSploit.exe	80
PID 1176 wrote to memory of 3784	1176	JJSploit.exe	81
PID 1176 wrote to memory of 3784	1176	JJSploit.exe	81
PID 3784 wrote to memory of 3540	3784	msedgewebview2.exe	83
PID 3784 wrote to memory of 3540	3784	msedgewebview2.exe	83
PID 2008 wrote to memory of 3204	2008	cmd.exe	84
PID 2008 wrote to memory of 3204	2008	cmd.exe	84
PID 4484 wrote to memory of 1972	4484	cmd.exe	85
PID 4484 wrote to memory of 1972	4484	cmd.exe	85
PID 1972 wrote to memory of 4028	1972	msedge.exe	88
PID 1972 wrote to memory of 4028	1972	msedge.exe	88
PID 3204 wrote to memory of 2180	3204	msedge.exe	89
PID 3204 wrote to memory of 2180	3204	msedge.exe	89
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 2740	1972	msedge.exe	90
PID 1972 wrote to memory of 3020	1972	msedge.exe	91
PID 1972 wrote to memory of 3020	1972	msedge.exe	91
PID 3204 wrote to memory of 3352	3204	msedge.exe	92
PID 3204 wrote to memory of 3352	3204	msedge.exe	92
PID 3204 wrote to memory of 3352	3204	msedge.exe	92
PID 3204 wrote to memory of 3352	3204	msedge.exe	92

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3344
- C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.6_x64-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\JJSploit_8.10.6_x64-setup.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3456
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1176
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@Omnidev_
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
        5⤵
        
        PID:4028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
        5⤵
        
        PID:2740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
        5⤵
        
        PID:3512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:4916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
        5⤵
        
        PID:1520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
        5⤵
        
        PID:3132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
        5⤵
        
        PID:4688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
        5⤵
        
        PID:5020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3728 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
        5⤵
        
        PID:2420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
        5⤵
        
        PID:3612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5672 /prefetch:8
        5⤵
        
        PID:1748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
        5⤵
        
        PID:1700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
        5⤵
        
        PID:920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
        5⤵
        
        PID:2696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
        5⤵
        
        PID:856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,9650778291138856909,5336004728688133421,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
        5⤵
        
        PID:3132
- - C:\Windows\system32\cmd.exe
    "cmd" /C start https://www.youtube.com/@WeAreDevsExploits
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
        5⤵
        
        PID:2180
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12677127133038519214,9992617501496483317,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2040 /prefetch:2
        5⤵
        
        PID:3352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,12677127133038519214,9992617501496483317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:996
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1176.1132.4560980289024978731
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3784
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1816,2379562407222098555,3198289914058110345,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
      4⤵
      PID:384
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,2379562407222098555,3198289914058110345,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1912 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3200
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,2379562407222098555,3198289914058110345,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2360 /prefetch:8
      4⤵
      PID:1960
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1816,2379562407222098555,3198289914058110345,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
      4⤵
      PID:3868
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:1540
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1540.2984.15615289963268989774
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2752
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1c8,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      4⤵
      PID:2784
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1772,3647756310987218336,12182519393777086852,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:2
      4⤵
      PID:2788
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,3647756310987218336,12182519393777086852,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1932 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3848
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,3647756310987218336,12182519393777086852,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2420 /prefetch:8
      4⤵
      PID:3492
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1772,3647756310987218336,12182519393777086852,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
      4⤵
      PID:3032
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:1320
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1320.4168.427862718197983406
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3028
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x180,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      4⤵
      PID:4456
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1736,6162366904649093536,8024484325882908447,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1748 /prefetch:2
      4⤵
      PID:2268
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,6162366904649093536,8024484325882908447,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2116 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1032
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,6162366904649093536,8024484325882908447,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2656 /prefetch:8
      4⤵
      PID:4616
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1736,6162366904649093536,8024484325882908447,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1
      4⤵
      PID:3560
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:1096
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1096.4700.13705124577413882888
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2980
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1c0,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      4⤵
      PID:904
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1876,16767470957220209727,13323396018150328431,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
      4⤵
      PID:4800
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,16767470957220209727,13323396018150328431,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1944 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5048
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,16767470957220209727,13323396018150328431,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2628 /prefetch:8
      4⤵
      PID:2024
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1876,16767470957220209727,13323396018150328431,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
      4⤵
      PID:2084
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:4060
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4060.2836.11638002400225880653
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4368
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x184,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      4⤵
      PID:4752
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1768,16481476884987534916,1697256887546133744,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2
      4⤵
      PID:4452
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,16481476884987534916,1697256887546133744,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2052 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4944
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,16481476884987534916,1697256887546133744,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2664 /prefetch:8
      4⤵
      PID:1336
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1768,16481476884987534916,1697256887546133744,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
      4⤵
      PID:768
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:832
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=832.3176.13770087098903043996
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4632
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1ac,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      4⤵
      PID:1744
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1720,2640667111150288981,18352579021978314000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1740 /prefetch:2
      4⤵
      PID:4592
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,2640667111150288981,18352579021978314000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2020 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2792
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,2640667111150288981,18352579021978314000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2716 /prefetch:8
      4⤵
      PID:2740
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1720,2640667111150288981,18352579021978314000,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
      4⤵
      PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
    3⤵
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
    3⤵
    PID:2184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:3020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:5176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
    3⤵
    PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:5888
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
    3⤵
    PID:4340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:5192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
    3⤵
    PID:3292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:5548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:6012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
    3⤵
    PID:3856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6308 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6456 /prefetch:8
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6440 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
    3⤵
    PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
    3⤵
    PID:5996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,1542935440445845674,5601919481374440510,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6428 /prefetch:8
    3⤵
    PID:5640
- C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe
  "C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe"
  2⤵
  - Executes dropped EXE
  PID:5848
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=5848.4716.2854132228529324883
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4536
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x19c,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      4⤵
      PID:2120
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1720,7770632214659961088,15181341841809526166,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1796 /prefetch:2
      4⤵
      PID:696
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,7770632214659961088,15181341841809526166,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2116 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1740
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,7770632214659961088,15181341841809526166,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2672 /prefetch:8
      4⤵
      PID:3596
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1720,7770632214659961088,15181341841809526166,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
      4⤵
      PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\JJSploit\JJSploit.dll

Filesize
1.2MB

MD5
8c0b7c86c22f99f120fc916a5229b79c

SHA1
456c940054312a542b7431044a39fffd8df091da

SHA256
10a6683f040ede6509a5173487a1eac66045edb9968a03db5011e3f5bb6bdb5d

SHA512
088fd27ae3d093c727f51e7b716af65bd5e2a3e335cb072f64e2343d21822a7e08e92de8bbebece2e6a5ee4258d5f9cdc26f368b2ed729cc35cbe809e539d241

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\JJSploit.exe

Filesize
10.5MB

MD5
53c26fb6d15d5706267608f952c1a4b2

SHA1
52d32c17782ab23546c30e0c31d51e6af30e4a65

SHA256
16d0aa5fecc8ed4ece2c21f3002d5bab11ad9a9c954b7de33d602f0416b2750f

SHA512
f40c9562b81984bd7bd7b2e540698b916d1fe427b2d1034206eb662bad85d90f726eaca30b80ada0e46c663bb8a11c922cc16897e129a033b37ef0b5567bd8f1

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\db.json

Filesize
394B

MD5
0db367a2b2be9a60bc78568e5c2747ad

SHA1
df10acdb237c168a8ebdc66551aeb7c6679a93c7

SHA256
8e2467680b3183de59833855e14d40240c66fb41b4c405b12ad6cc83f241af0c

SHA512
65d89b8b7e2f38a5a43d3d5b3a5d56245e8c9cac28d3a4567cc015329d1e6b00bdad9116450da2b0dbcaebef607b4029cea0274023b81ad3dfeb804f6c832c26

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libcrypto-3-x64.dll

Filesize
4.5MB

MD5
a9c1f7ca15c65c139bc9d4bf57df2e1e

SHA1
1b1377139a6b289d43a6b1161cd1089ffc817cf9

SHA256
03ec9292dcdfda520638490e11baeefff5ab1b6eb22feb90a22fc771272ce116

SHA512
97f8745dba6330c196de9b822638bfe7f74a86bdcb6726f4bd1d3d917de54f9abcb05163c42255173eac3bde995f0d611af718dbcc0de432b67666bed0c0b073

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\libssl-3-x64.dll

Filesize
802KB

MD5
51b0d5f42a82f6fa8739b403e9b8b81c

SHA1
75968c157628bb7aca9b5f2331f7a0c9a1d28865

SHA256
0bda7daeb4040c722b8c287dfd2307c9b8228576db1dbbbaac901c35cc8dc62b

SHA512
94fba90ad7bcf190079089dcc3af97c598c016eb359fe4d2ea439b5fbcd4a5489ab4422652223926aae64002beef1368d5b95874f68a2e5bc4971b4f9604d814

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\uninstall.exe

Filesize
74KB

MD5
eb4cd39be977db64c46cfa8b0e706101

SHA1
e000aa30358e62ab703288f52a08598b0cfa4eb1

SHA256
3e6adfc7edecc6985f05250029228f360f857ea398b5d49b0050e1697842cd54

SHA512
9855ea8f3584e2ba38ce01964af1d633d8653b9a4be1bf732910d3bbd925663b5e38fc453276430a551e7adf347e33cfbf36035b89a6b1aae3add7389486b145

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\xxhash.dll

Filesize
46KB

MD5
249a5f6ca047df2a2f802782696c7f80

SHA1
6a1d96be0f497d689fb55de70284af83cac61f52

SHA256
2828e3014c3283caeb1b00d14145a42f4e347e7f547b40634540394892265671

SHA512
d2d0b6ba2ec95c33609d98788e5a4cce382d93721ea5dea61cde3f4c065b06530a0b01ae4909f7883a81d55529a36cb6a5820aa2afc320b5761f6f59a3a45f1f

Download Submit
C:\Users\Admin\AppData\Local\JJSploit\zstd.dll

Filesize
638KB

MD5
21dfe873f6ed38f2f713ecd43ad1ba41

SHA1
7648cb043587da0e85743f9da8dca8be621ccdf0

SHA256
2a2d63c48b6b3ac7768231ade30122c94a0a33e62e5d2725e11c95b3194aa997

SHA512
67b4f976f3511387ce2a4743e2281ac88533bd204d4e07a5c6751f0ec30a3463dfabcda18103a632541ec2a8b7b937806121e21e44959411c39106e22b739919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
459eb0821a3a970de1185193800cbca1

SHA1
bde00183a6d76d593653ec4ef268b325ff687d8d

SHA256
00c58ef4a6001559367d33160306723803905d2f48b32375cf4753a80de2f7f2

SHA512
f6ed2710a916ae5630a294c2aa44d8c71c44f58f7b2afb7033fe8ca9896a1feb04a104b1a5c5b25f45c6542af9686ab3a6d55ffa84fb8d2378957af2494ba850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9c6d95faab3a9f685740925888adce37

SHA1
a85231e47a2845c6de54a84814e02ecf26f924c5

SHA256
bb1939d9582ed01fbdcffb0a22db2d35a99d344778b464158f9ecf8e1f52e379

SHA512
ec80571a0b4501130436a175803f0b76107986bfecbb66603eab965ed9d94d89d9235390b6b53804b51fa4802c0c8be6c192a8239857817daa5e36c2c897e5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
9a95465d3764f96b7999c7c0f30f87a6

SHA1
5d2f08cb28acc8716afc6406beec43120b5737df

SHA256
425485dac92e5a7f24fbe3c728977bb245cd9425ddfcfe51352eebbd8bd2c0fb

SHA512
e80de30197ce9460abac1f3831a85da660aa382afbebd41524b448dc0e092c0270e5758c6b5e67992d3129ac6e3bf55f5a01316c0515b241a4aa88044af59913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
100KB

MD5
2e52bee929ab7d56b2622ae84962e0dd

SHA1
7fd648bb1fb1f069578e992972d7f22ef1bfb36b

SHA256
58a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b

SHA512
c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
317520e44d068ffdd6487349d6bd0314

SHA1
0aa82bb72be5cfbca24fb71f5cd98676b7e677f9

SHA256
1c96744866b18512d96049e417e36802ad93ea20a88ec3e54596804cc127a167

SHA512
7d2f1baaffe374d195f018c2b850ae45408275efc6d97ea7a2a5a9f53a00486bf7f9bbad56cfd42a710944572217f064ca72753be19f9e222328130b0587e4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
88f7021c120bd41ea5a3d5e4f2d46869

SHA1
1eacaf7ebd8e64e89f554b9db86fcad133f361aa

SHA256
b292040467c23c48eca6c5c24e0b267964ac9f2a77480a9b3683e30b14d55edf

SHA512
c82a5af94c5e04a582083213e2e57e56a4397c1719aa94c3161ebb0b4bbabec8813b5ed9ea1ba0a37178efd85a7c0f15cf54e9f05aabc71dfffa022b91cbb0a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
98a9c3547a77e7308e1cb651c9974015

SHA1
30eb7e122b8031799852fff7e6b369efe7fb498a

SHA256
83c2266a47bd76ed24ac0362084adb301f41c76164b3d9129b873a1ae1f695f8

SHA512
90ca8626287337f6b4e6ba698fc7514d832340b2a2c602cac4be48021bc2fd0e602577ce8057840be306ed468da70cd2e885f75e81ae9cd4268d885eb8956bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e440fe37b4893b2b637bff8263055dc

SHA1
10838fc663bd4d69f6c4f3110ca948ae462edf10

SHA256
0646f75df4781ae20a2d74c46b21e3d2f471ee9cbed55d83fedc797b1257d74b

SHA512
f93be0ee518e34561a0c1661ae96f0c5c7905e1aae4679419c006f5a810fcf45aec65c94aa74cfbf741eb26bce309ac7613a98b5a064521bbda6598b33b4f1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e76c7db38d06b1737f072de2e809d15

SHA1
8bca938204b39f4a4a69d865660c773653382a70

SHA256
24a811e93c7d62fcf02d4ff0f723f23de8f931a601b2eeb53e41872e6d802b98

SHA512
34a5de06bd7b0a866445debacb7e3e7505676a20feee236b5084a96d4a08f59cb0621d3a8ce0a66259363e95057a7ba11f4361abf912c824ae2240da527628b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1731f095cd59b86094be53ced0dfaf66

SHA1
c7ecb2b814c9ebdee5a7ab71926750b2c63b9196

SHA256
391ef27215044d160b660f19273c0695c4114e9ccd9d79d50cae26dfc6b1659a

SHA512
86ef3e5407fa10d2c5c1db78812a5add7e5dcc7e6dae0ededa8fb61cd4dd56632db7ed504888c03bdb52303f499121f02b65d56d43fb614be106c723ddefe884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6d22594cf5203720a42e0ac256d6ce7

SHA1
f5febc8badc593b94c55c7d19e3f4fe0e9067288

SHA256
14e3c5f9a009f92ad5f3d4bd2b8b50cc53ed45da54808bc507313e8bba5d2448

SHA512
27b4bd470600c2258658e1fb0a1bc4605c2bd34a312358e6e367616ec17e43ff786c8ed8dd2322579aea2bc30395ce4f9d7f1ee888eececa38e5adfbb96caf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07b0e8a30eafc64fcacda926aec59a50

SHA1
a851a8cc0f471e2bde4c2652ae9cc10ba6c2b27e

SHA256
8d7915bc536d48ff7cb1f2193f77f83e887cd34cd3a80374fdb5833014d77404

SHA512
2acc0a618f3c26404285055fc664f73bf1de3d29ccfb06b65fd4a72793c9c5c9383e7c94d9aacf96e9cc8218b702f3a32f26e2675867af22815be0f87f94e681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e02f6c6758e31d785e3f919af5b53ed1

SHA1
c373a13be077db713cb0dd14a27a118641bdd894

SHA256
7e7040cc0d204b53c1e7e4d5a93ffa5d64b4aacab03e69c02a42bf1e22f956e0

SHA512
4be83801fb8edf93a41b7a90c6e014d904372555b8f052efce0e47872ee7d20c0c3caee4a675097c8a8cd71fc19a0c97c064544cff1f097cf1ac7dc2aacba0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f1dcefd7acc81986cf842fc71ba651f

SHA1
96d109f05ffc6ec1ba39eb73df7478927105521f

SHA256
e256783199672bed3191f5c44bcef0f9dc000d22d3a721d9796fc9e958c7159a

SHA512
1e0997cf5ff2972b2b7bc6a99996e8629195a6954bae38528b6cd0fdfb66e6b767aa7341d4742e2b7a704c2b5908a1578ef08c0287776fa8733615691c9b2d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60053659239047395b25136b4e0c73cc

SHA1
7b27377158a956f8c0794cb7780a1484f808cc7d

SHA256
1016a3a39578d2e9cd652c4c9414f9c7c00abec3cd8a0f53b9e4139eba0cb8d2

SHA512
dd989f0411d65656162d46560e3818aca4e7e2dbf0dce5dd69035a606429289d6655585f3d289cec63fcb5f2eae6b1596ef854d41bd4001c9f1212cca69071ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eaa5a26-d8e8-4b2e-be91-deeecc2d7f5a\index-dir\the-real-index

Filesize
2KB

MD5
378f46c5b135eb1f882dccd2cdf4c43e

SHA1
ff88f323d001819b245ddebd0eaff78fa3fd3631

SHA256
0a9ea6d4c945480bbfd2cee06fbbff2a8e898f06148c8a644819d924cc094b0a

SHA512
34f6bff145b5df7924b12594277a7a92a15a6426de1a73f587f01f6b912a6e3185a95cfd5566b831d20db8fb62dc76d994cd93cab218e6d916ded0ce5c64a0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8eaa5a26-d8e8-4b2e-be91-deeecc2d7f5a\index-dir\the-real-index~RFe5829e9.TMP

Filesize
48B

MD5
470dac7a2853aaafbb619aa6a022e833

SHA1
19163fac307bad13a4fd8c53dc2a47d78967726f

SHA256
14d4828483823444932714f82a0a683484e5424207af8be0007fcf95e9e22ccd

SHA512
4d4dc1f84f326a1f12c22d268a8bfb25948b49be3f20ab03f78cf2c37cdfae235563ef4c7a0f861d0f0ba174bde240dc9601e2738bdd713edffe0a0f1677b7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e72784186a63cbacd0684952fe7aa634

SHA1
dd2c7e4b16f55035b4679f13e862a080544af025

SHA256
795cbf32795fd82f087d7cd32a499c9ece733051f26ef9536f209101192da02a

SHA512
0bce4d85ddb8601eb9cc84a4aa1da09516b1791d91a52c591ca4be87aecb0d9645b9125fb822d81620b2c1ece899422166e2fe6f216e5ff9fd00dc08f482a034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2a41a453d33c44d597e73c8e92b72432

SHA1
23e682f3c891dc3bcdcb6e24d707fffa1d0cf7e0

SHA256
22d99c1e9e71431a15c0551902c4e279405bbe161f212eb18786c9c212d3e276

SHA512
8957161b6210352513b93a315c598f726eafab1a6451aca8d6cecec0ad97f2d2101cac1b9b10fd8d920421eb8c96f85c67304b8ffd92d7d776daaab1f427149e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
da382cc9783184463cfeb8b78bde1297

SHA1
08c6a9b0027e6682512bb55760036276d6e76d39

SHA256
11e5a4058d3c7a1b586d5762d5851256898e5d42c6a80737a488b54bc430bcdf

SHA512
7b5b0bab2ac081cbbb6a998b524247f093359be01e3367182290751eb0d374e4fc5b50f2b03bedbddd4491215c04eb2ce60e6d90f1cf9d500220e0596b8e54e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5e2a86379dca9a65d046f926702c1349

SHA1
512a3389c8a7135eb6f86b9fb63a0ef467c7dfd1

SHA256
1920e7f99e2673eb7c6317653a428554947d29fae106a393d68d8ff4764f687a

SHA512
202204aff138aac2afac3bb5b34b1bd0c80d6632bab43ad26f02641b8615df99652959198d2dd046298ae5a9b15dbeda1b9228b7f2f565a031c8eb4815cb1d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
cd2b6e06b147dcea93b9d420e7dad278

SHA1
32e5652c1736163c116499aab967ee435f8ae279

SHA256
1f6463dd56de327afe2f4f8f57e327a4802199785c7503ddee04d043fecdb3fd

SHA512
0e1d6b5fdcafe9d08892a616f2260ff79897cb2810872d4b66581f64ac2a98d0092b9499ebff12a75ca36f1abfce2d1faaaca98d12ce3ec12b9d2133514e5e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
00a9d1fd304ee8c6bb9e202e76ce0c5a

SHA1
853e34ea8d1118296629a7ce5d663caf3b595e4c

SHA256
a7ed2412a501d103c353b0118106ad579b6b755a345eca586a6f535ae281f4eb

SHA512
2654ea5cf285b77200622d87ce78b3381eb2182d337504c9cf3a165d27304969eeb5dbd9662246ee9c652c83afc0131bb282d3384f8c435a797519032267fdee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
063722eb1266a4162aab8df8ebd3905b

SHA1
a0750d3c780ea7789b513ee9e43262f517c72578

SHA256
6624ea04ab5169cfe87fc276c3f12d7ce7e477e3fbb3e0b9b5a2cd3b50697bad

SHA512
00c96c5c04517ca1dd0e079b057d04b781b86bde427398af9926e9a27772672d62d2e8fcc76859f96807388425fb9f2f129a6874d61474375bd07933e3700171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5829e9.TMP

Filesize
48B

MD5
033ebcdacc9a46d61831ad7d8e965cf0

SHA1
07af32af1606e13e1fa10bc22e8b00721ed0aa99

SHA256
6762b16ca8555cf2d97d03948d1400853b0bd42b62cc42e8cba78b373ac26394

SHA512
1ac5b51e1f8742db0e9223879e1d6a900edee534770efc03a4d5801197aeb60dd48ac6df2fa1a72128c627f71245c14bde778dba3f13ea3e09d30b309d114c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7b02fd1f2e45c3e41f35d6f974ecb8c2

SHA1
e6f61ec5e54b9b6c71864f36d3c789702dd2ae0a

SHA256
d5954daba1b2b9d4a57b386b4729e74466fd27738158d09fa8e2e0d478790adf

SHA512
4acac3787034e6ae2f72440ac9b19db0315b71b49e903b282272c1a11e6cf9aef9e13e177f7698ea6b2708e7dce4bfaf4587801dd8e06985da3ca20743bdfef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dfef7451631f4ed375fbf30ed99f37a0

SHA1
702b5bd6a2859dc141cf38579a6a4ce14897cbff

SHA256
5d4b553f38e580ccd896e0a4b76171784d7022d82b860a1460bc3a5185049605

SHA512
9d00ecedd1491ba1bb4d21c141f535e4c776e82414c89377dc7e6ef26e21a11a079cebf3d7cddb4b8a9d69668469e657598309905394af2542cfc4fa34d7299e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
a254ab56bda33a5730b727889eca22c9

SHA1
ba3e69b72de0700f35739a0f9e84c5b8df78d407

SHA256
9abc857ff20c86f0d2ed21c527b57396c2bbe9e00ff5bee027fa7cd0e7364af9

SHA512
1b2ae379b0512b32806ec9269f42a9d70400f75b0b340d92a52816a888ef083da05b3d07f37e213bbf2e52cc171104bcb495f7d1cdce2ba9c805f4511324080b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d3d5ff1c9f723909a921ab6207b1ceda

SHA1
1f0249abc413943770d1f9d3628fd0793b5b5361

SHA256
ecef1035fb1e173fbb674f9ea9e4b38e3f3526f98fcd709f56a4d133e5aefed5

SHA512
38a197f19392aeeec5d582cf170f6362fc45bd4783b0ef8ed81a5b7e4974b2ede5bc7f6093e0bad0cd81965911523251f5e1fa3cb9390e105a6b5d78e5df696f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
71fd139408cee93b1d92bba67f2f7a64

SHA1
79d494163ffcd3cff4644d5ff91dbbd4f19fc433

SHA256
d7532dd1221105bf7bc7e271fe3afeeaea01174c7eaf99597f150114fe086512

SHA512
2e96abad47d9ccf0775665cb07e11e348a0353bbf49c7d64cbcb1e17e143073c8777db0892f473ccf67d47c6f8bc4167caae9167c480ca062b30c620b384e75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b741bfdda6b2ee099016f5ad4ba97eda

SHA1
ad5640dd58d9dd775590b91290a80fa17cf98877

SHA256
364941f24b975a3340753b089a63203d7092d5640faf4ae91f02765ea3cec008

SHA512
fff227ed34fead58425098e51dc93ced480ee4fa541d5f3712bb3e242dcfb245c63e3ac0b45ec514394e6317f5eb99f6395043e7ed59554f15d5819d097ad025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a85a3ab52da3fac1d8b12c3819fd3c57

SHA1
7509b61b6f78016351cb6d639a55530be844457a

SHA256
b3ab2ff408c0a909380fc4be28cfbc05c036c1ab075010d3979bfd1b62c283e1

SHA512
862d10181b0e54cbfa927938969c4f33e04e9ccfa5844cdfb21610b0063616b8dbfc20087c800e5377aee7693ac56da4b7ff650ca16674d5a27bffd147af943b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b15.TMP

Filesize
539B

MD5
951e8446c38c2014a65224ce55b79a5c

SHA1
420a555f26e7df18a0d0252dc710685ab0fd1d84

SHA256
8b1bd736b5905a0a2c9de34db95288fe881f71fe6324f43309ac263ac4a8407e

SHA512
50a04d0c50eb3c43dc4599300cc6cc5048fcb63a86eb3e1a42bc82a7621148867ae2ba648725e762d8b56f74003eaa238ea5d222c0c3474307ee4e89ed83aeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
90449120f190a68716a8b7397f44a53b

SHA1
41ac31fcb76a469268feb8cf67fa43c247ddb1d3

SHA256
0b8d627c82e7bf0ff1978498a343d75694b6e5f9d0f99b7062e79e22793ed3da

SHA512
33d4d2fc800cc0fa35a384de3d22c7965906fdd97233e84d91091e31c26f647c787bbd8de212395921ad83421baee0d835649736de40dd23c99930bcfafe4587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9fae6f9fdc4c4c04b68c5da186bde453

SHA1
2a5e2ce115764b795724f93533268dd676e325c5

SHA256
25c63a22fa17df151508a512c33368711e4c1847b8f6ff4e94ed1028a5c9ac27

SHA512
34eaf565247083089c10a29ea0de5b5a14998045ed6ee1263b8d20e34d4a51144aaba5927365e0c290799328292a84af53fc4e559b8f6ba43d91097b666cde4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e40ed5d0ec0aac2c2b8177ba331c06a

SHA1
0ea0baf5349fcc35f8a110186d5d71735acb1f90

SHA256
540cc7e262d2e65eba7e4977bf3789d4d1680483f22f538a064ffd78f1c04adb

SHA512
682aec7d0f513110cd49b56af81b848cbc0e0ef8efe9bfb37655303e002adaa2448565d4424a38642e82f04a68ce55cc90387aa3403d7c26b9b5e7740e5b4c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aada1ceb2b14d8f17f05841e7dc1a33c

SHA1
171ec5c0307b0f4cfcd74eabba998b4001f07b71

SHA256
bd2cf77986d9f42d9bd4913d12640c595c760a54f3a35321c22948831a36b3ed

SHA512
20c05b60822d7c0574ce55d8e83378744aba4ac6c304b5d9a010a89fb364a0254c040769439bb43a2b9380c97621a5389b10f733b76f854fd9994aa145b4345e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9944.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9944.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9944.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9944.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc9944.tmp\nsis_tauri_utils.dll

Filesize
29KB

MD5
8def0196223484f8aed4106148dd3f08

SHA1
e0fc0951deb0e5e741df10328f95c7d6678ad3aa

SHA256
c0f2b928bc4c81cc5ca30a8932a6dc8cd617dd016679c057e23355fe732b2333

SHA512
9ffa66181bce5aa5210da0fe5edc6c80aa9e46e2bd1fafd840f468965f4d06bc03f9a77e04b975ffc9f25c886c274196e3fedae6cfb57f366ef39f1e31e1ada7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
359fc3f25303af2f48f17eb8bd70aac3

SHA1
6202e07d6a2db61af984006113f2c44c8fa6d6f4

SHA256
d2a35a62253d6cddfb7f1db70028e1486c5b9148cb6b8d930fe281c52fd8887d

SHA512
894b8a0ed69842cbba70709a9f19fdd142d19b2b625d2a30e0d34c1d032f5f800035cf1bfb583c90164a2dcb00604f6d1dc112a6225754064566b2040940fcf7

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
ab455ff143b0c8b1c45f138f1c475d84

SHA1
79fb12346d202704f7cdfe2630ec166745c6d174

SHA256
0a64e99703776e187b15ab82e092db499cae71796a15ebd2a44f8676f385ae41

SHA512
83f1ac79b3559b9eae40c7a86f2f77c9730a71b5eae8428118ab951506e27b3c5464348a030b50aed0bba5e7aaa7a562326df15aa4d902558da4e6a45709cdac

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
3925a603f249d09e44980067e31f8a26

SHA1
66b98af79939704facd2984938cf0b18a009784f

SHA256
178368e795673ceab034ba8e91a534208022320edb7fe0e424c55f12393603cb

SHA512
c583b9871a719b1117a8a9aa607269ab9c07a76bff0a8ab080d6e01d956d262c6edc282fbfaa1c7a3f501799962c3030fb8b82059f2037d9fe45ce6509254ca5

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
4195778d1dcb4a8c0a333d85a9290c51

SHA1
974362c6035d4de13f539c7b5f1b3c95fee2e387

SHA256
b464569b594c993eae61bc3066fbd085df030d27069577164b55075b31cd0182

SHA512
6e521c51ccda9ed98a3e2f5a916600244ac573ab5ece8ff5a836b61b062cebe60cce086d9f59ee95e60f4bbc1794793c04d9754acc34923fcef02c7b36bfb079

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
c83821dcbe8cdb5f855d488378519350

SHA1
a98fd2bbdeaf33f2f7717519dac626b2df7c831d

SHA256
54f2ec9434dc5a89bed41546bbb427b33a80453c679693cb59c456910ec52e0d

SHA512
b736bf9b9b2dc08cab14f67acf1e1622d3b3aae0052b79e855bd1578ccb4ce673f74edf363adcbeada1773c83302b78b6c3c70d850b9e4f3e28cbaacd246b1af

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
b32e0fcff18717fd5f0abb72c620a3d3

SHA1
259c9a9cb078dcb44b45ef4155ee75f83f31b44a

SHA256
305f9519589ded2220f3992c154ac788e9181fa0560309e53d4201a76b609af6

SHA512
bf3db9abbf32f470b48002c577f6bb041121e7da5a1e36ce6f51a8655bd21e4d79d217416594b7d99722235b2941f876e8a350c0c3ffd17af3068d6ecce1d030

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
27fa408cf95e7af909e6f9d32357aeda

SHA1
0905f33aa58aef63685e2a5048adc3133061cd30

SHA256
d8c5d85f5488976cc46f93dc71455496038c07cef33b8607df58d0e25496b0e2

SHA512
4e236de40c53d83871de23c86b1357c025480f4cec15681ca6658ba24e09693d748e6c3a9b5e79e63773f8839dbdd3023d96c4ef73b08d4be9c2f0d7a6e221b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
b87cc8eea89e360c665b441c987bc890

SHA1
f6ff5cc3025c36a859e45bd5a43bab649ea282ae

SHA256
b34b53b02181692662892e3370a85e6b29f3380f4de944a6047dc90d1914a504

SHA512
38311b295411def5afb24088d0825061a41f8c875168841602e9cf010f299ef9d663c2def78e1f9323a59444001b57ff490edcd73e9322964b68bbed1342c256

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
3KB

MD5
10eafbb0de1c0cf6561ce37b4bb78a04

SHA1
4a495a8a6584546fbf58571991db2c1629d0eccd

SHA256
522dcecc78686be7edf3838598e9591ce78193a02b059e43a3b8a63754dfdc9e

SHA512
50cb66743405a2e14803c34377f33d8298c7db443924c97c7397b09b98c62b05dfaac3590951d7c66f1ff53b6ccbfc0137a1e1c72b5c9e8237f4f1d7256f54d4

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
4KB

MD5
20602fac3e9296ce330ed3900d19a9a3

SHA1
ae98bb6e461e22169806eef576a92b3a74a4fb93

SHA256
a835a3ebe5e005dcc50f9b915130e1e95c8f484a4ff89dbb61859f7b1920f45f

SHA512
4be3cb1344984df5f88c75ff4153c33487dc74e2468cfc6ddc154a6af4fdd1a148cc2688d0ac1091904561a5a8549a03d7a572269757e3e92f43aa99985c1500

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
39d952a53bd322544fb61eb2c4e852fb

SHA1
4fbfcd7d992d02ac0c24fc9616be01e187107a12

SHA256
861a761fc33e33fba29dc5baee04d7eb974fd891b14af93e3e3b01656fe63f8c

SHA512
8089b912b8f441d51105f7994d72a6ab02bccda8791a254bd85a25744991c11f6929268b5c312675d52ee4001d826ebe5240d5732ec6b29d5226bfff217694fa

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Visited Links

Filesize
128KB

MD5
2c5180a7702565d9d212915370419f13

SHA1
6ac45a194eeb3fda7f087d9bf371c5476b14f2c8

SHA256
6cbd88743cc00888a39858d3632f12e0a0526c97bc2881593cffcfec46c8034f

SHA512
e43ffee97948c603a3781639b7bd2f03a915c73c543e5c91495688b166abf4a580b096cc88d535292b8b544842a7bf3fd4c57f34a19376e9efc6ce724d5c8aaa

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\ab031eba-05d6-4d42-93b0-d633913ab20a.tmp

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\f4d3daa8-7838-43cf-a391-935a4193c8de.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
bb4f4684f143fbaa6f52f5bb74298c2b

SHA1
e2395f7712e6c86cc7917d4e7b06ea202d40a280

SHA256
e5b14683f982d50e8c76c260f39c6302e2f78ec3f905fad113f2be71a0bb5cbe

SHA512
7781e2728c4f92b48e12585aabad86c5a6b4f0972d096e03a4bd42b3d0fe267effe341b5fa907a9059b8bcb105ba8d52ad0c2f10edd6f049567bf4482e95adf2

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
56912196809ea9444d4d21b685dee127

SHA1
f5d7fd79e583d77b6cbf377eb0294be56b7f5bf9

SHA256
26e8070039a56fafd02c1f1f97f1b07be399d7889e4e3f9d19cf9046bf6bd364

SHA512
27f2be3baa374e4263c77f81636d5bf277e1bc1feb9fafcdd7bc50c3bccfeef071e9a5736313fc9f9ba2a0d9fab344da43e68413882dec1e527bc9f7c9fc0f9a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
a02d23b280d803eb4aeafe642cb3f8b5

SHA1
6f64141d20205510bdf296e59110faa8d5040401

SHA256
73c38bd1721304af614e82a6971b459f367a110c69134531ae5582551f34fe97

SHA512
3a236aaf9edba229f3051040ba666302f12974799bf26a5cf43c4b520c3ad32cf5b85676c8e0432a53b697a8e8d73ecab8699e485f1ee4d2a905773bec0be537

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
4d5aeadd31bfea0d865f9ea8a2aba5cb

SHA1
dbf3afb250242b438d0992095aca6dc27751dc40

SHA256
8bed45fab168d3b642a90040bc9b5449feea93f6c2a8ae89287b70d117d396b2

SHA512
227214eadb036f8e645d28edd167fc7e2dc7086fa4280d684488914213b7bd082ae161befe24fd9f053e8a632022b6bc114dc9486938bc35dc4572b8316cb736

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
78b470138922ea3b425e647176b3c714

SHA1
65f241ea35a9b524c7211afb065271ae896dbe58

SHA256
b5e419c70cbfb13f5892270a0f3ae34a22e4fa986e0aa208a322e4f74ec63264

SHA512
c0edfce5eaa5edcc804c8004901ca5b15d914c3a0b3474a39ae816e45b88fbd0d06574fc8900890c5b3a9c18306f5e3a5b0462f13e394ccd7590db2712dec5af

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
0de0549bea6e4ab12d76db957474c6e2

SHA1
9571560b6df98fdbbe7606321f68e1ae3a4ff87e

SHA256
dd9055ea947585591aa6558e5e167c686593dac2d7a7aa6b827247b5850118d1

SHA512
6c97773e34f30ebc9997b038b1f901ab64bed406a9d7ff1d781b51eba9ad40606a17dbadaf93a4de077efcdaaf3b16296abd275648dd52d4612f379808692623

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\ShaderCache\GPUCache\index

Filesize
256KB

MD5
0083c0866e9827b39bf1fb5d314dd6c5

SHA1
0c56113ba691f7517d3c17252cd9d8e14019f57c

SHA256
d3845869bac87393ca083ee07759296a6985b041922038e68037302747b5755d

SHA512
0a1c6b24c1ecca35f77597dd3a22067055246aa3ee6f57fe1c58aa055c9aac694c1c9891b7e11bf5a6c97e729bddee4ebfdd6971ac40d0350c21b5343f9d2e67

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\f1cb16e5-7d1f-48f1-9dab-d5645c0b9a34.tmp

Filesize
2KB

MD5
10f43563fd934cfd7a07e803590ba6ce

SHA1
a07f6e2c58b1879e442fd165820adca5d746dbaf

SHA256
84333389f50848bdfd21aca5ac3cf2a706ab11f39c48fdad73ffc8496bee1a09

SHA512
a75b1eac8bdd1a667ceb894a3fc3788d33c5e860ee17c28118bb8a6f92e2ede5c16cc292233aee8002914f9fb1df98274bb6d33f66b54433d548a2f564efb66b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Documents\jjsploit\db.json

Filesize
54B

MD5
41dea3a16884a8a050f599c1b3d3dbf5

SHA1
0d1893892dd3a5211b8dc4b66efae5d3f2c82689

SHA256
e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466

SHA512
2c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 34964.crdownload

Filesize
6.5MB

MD5
4541a5097100cedbe1ab8ba8ad36eb47

SHA1
236a9c043bddcd0cac31868dc550fce020547f86

SHA256
9d9c1ffcedfa1c9a38b19d0f06447d7ee068276b91e37f7ca29c87de652ff261

SHA512
4d1ae838f6b4b4b160d308cc7c1cf95dbc86e81992e5bbb9a9c1e14047cf378c3cffd6e9d6cde5e7b8fd636bdd397cd7294655175b0dbf7e2b0ff72770b784ee

Download Submit
memory/384-166-0x00007FFDE83B0000-0x00007FFDE83B1000-memory.dmp

Filesize
4KB

Download