Analysis Overview
SHA256
76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c
Threat Level: Likely malicious
The file Krnl_8.10.8_x64_en-US.msi was found to be: Likely malicious.
Malicious Activity Summary
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
A potential corporate email address has been identified in the URL: httpswww.youtube.com@WeAreDevsExploitscbrd1
A potential corporate email address has been identified in the URL: httpswww.youtube.com@Omnidevcbrd1
Downloads MZ/PE file
Network Share Discovery
Event Triggered Execution: Image File Execution Options Injection
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Checks computer location settings
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Windows directory
Drops file in Program Files directory
Checks system information in the registry
Loads dropped DLL
Executes dropped EXE
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
System Location Discovery: System Language Discovery
Event Triggered Execution: Installer Packages
Checks whether UAC is enabled
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
System policy modification
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 19:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 19:32
Reported
2024-11-13 19:33
Platform
win7-20240708-en
Max time kernel
33s
Max time network
17s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\aimbot.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\animations\dab.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\magnetizeto.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\JJSploit.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\beesim\autodig.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\animations\energizegui.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\tptool.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\infinitejump.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\animations\jumpland.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\fly.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\animations\levitate.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\jailbreak\policeesp.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\jailbreak\removewalls.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\teleportto.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\animations\walkthrough.lua | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\JJSploit\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\noclip.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\Uninstall JJSploit.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\jailbreak\walkspeed.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\chattroll.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\jailbreak\criminalesp.lua | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\JJSploit\resources\luascripts\general\god.lua | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\f770c9e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f770c9e.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f770c9f.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID88.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f770ca1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f770c9f.ipi | C:\Windows\system32\msiexec.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Event Triggered Execution: Installer Packages
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\MainProgram | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\PackageCode = "6BA04691B11BD7E458FA5475B2122A24" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\ProductIcon = "C:\\Windows\\Installer\\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\\ProductIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\ProductName = "JJSploit" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\ShortcutsFeature = "MainProgram" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Language = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Version = "134873096" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\Environment = "MainProgram" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\External | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\PackageName = "Krnl_8.10.8_x64_en-US.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Krnl_8.10.8_x64_en-US.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DB3CB66E5E3215D50FAD63FC22058512 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005C8" "000000000000005C"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
Network
Files
\Users\Admin\AppData\Local\Temp\MSIEF7D.tmp
| MD5 | cfbb8568bd3711a97e6124c56fcfa8d9 |
| SHA1 | d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57 |
| SHA256 | 7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc |
| SHA512 | 860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04 |
\Program Files\JJSploit\JJSploit.exe
| MD5 | d0d04bc3cb9e341925f36736c7730dc5 |
| SHA1 | c958e77cd69768e3753835dbfcb66a903b373c21 |
| SHA256 | bc360c4a540aad33bcd8a358566bb4e0844ca36138ef36fb5dd8084d36517495 |
| SHA512 | 2f04c151d57826a89b52f82c6b8c4ae5c0a45b83556c9aa6c45aa520f312d1a0edd2bb36c90c94b5a4967ea1b498634c4673828ef4afbdb63ab0e9d76609b31a |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk
| MD5 | 772f9a5209a2808dc748b4499f4a4bae |
| SHA1 | 48cdc0d6e6da6ff14bf950d23854543176a6dab6 |
| SHA256 | 080cfdd91d8a08dbcc2dfe6d10fd397ffa1dc1eba64d767ed3d12fca0ebe742b |
| SHA512 | 910790234834c19668002ab0ef4d166713ed2e15480021f39d012f0967b68ab5687e80bb9a444cadc4c8e6fb88dc2a7f87fc47c5498c8c64d01733155339739d |
memory/2944-59-0x000000001B6F0000-0x000000001B9D2000-memory.dmp
memory/2944-60-0x0000000001D10000-0x0000000001D18000-memory.dmp
C:\Windows\Installer\f770c9e.msi
| MD5 | b837d10b9a71425dbf3d62b2cc59f447 |
| SHA1 | 85c9ba3331f7eb432c28365b0d1f36a201373a72 |
| SHA256 | 76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c |
| SHA512 | f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-13 19:32
Reported
2024-11-13 19:34
Platform
win10v2004-20241007-en
Max time kernel
131s
Max time network
130s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
A potential corporate email address has been identified in the URL: httpswww.youtube.com@Omnidevcbrd1
A potential corporate email address has been identified in the URL: httpswww.youtube.com@WeAreDevsExploitscbrd1
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\JJSploit\JJSploit.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Network Share Discovery
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{3D33D542-D2B2-4F33-A39D-CD4F70D3442E} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID87E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57d795.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57d793.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57d793.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Browser Information Discovery
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\JJSploit\JJSploit.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Installer Packages
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001a73a27760024bf60000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001a73a2770000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001a73a277000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1a73a277000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001a73a27700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760000353220115" | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ = "Microsoft Edge Update Broker Class Factory" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\245D33D32B2D33F43AD9DCF4073D44E2 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E}\InprocHandler32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\MicrosoftEdgeUpdateOnDemand.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E}\InprocHandler32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82}\ = "PSFactoryBuffer" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe | N/A |
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Krnl_8.10.8_x64_en-US.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8D8BCB8C5DAAE776F05BA49BF802E44E C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ1NjNGOEUtQzQyNS00MzQzLTkxM0EtMDZENTU0MzJFMkU2fSIgdXNlcmlkPSJ7MjU0RTJBNUYtM0U1Qy00MUJELTg4RDEtRDk3NkQzRjc2OTc2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0MjdBMThDNi00RTZCLTQ3MDUtQTZCNy0zNkVCNDlBQTVFRUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjMxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDEyMTg4NDI1IiBpbnN0YWxsX3RpbWVfbXM9IjQyMiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2D563F8E-C425-4343-913A-06D55432E2E6}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ1NjNGOEUtQzQyNS00MzQzLTkxM0EtMDZENTU0MzJFMkU2fSIgdXNlcmlkPSJ7MjU0RTJBNUYtM0U1Qy00MUJELTg4RDEtRDk3NkQzRjc2OTc2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RUEyQjM3NDUtMUE4Ri00RDY2LTk5ODEtQUEyODYzM0I4NzM1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2xoVmkxMlFjazZTbDB1VTFPQjZZMTUyOWJSNmJzZXk0K2N1N2RIeHM2Y2s9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzNyIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzNDAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjYwNzU2NjEwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAxNzUwMTAzNCIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff61bf5d730,0x7ff61bf5d73c,0x7ff61bf5d748
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ1NjNGOEUtQzQyNS00MzQzLTkxM0EtMDZENTU0MzJFMkU2fSIgdXNlcmlkPSJ7MjU0RTJBNUYtM0U1Qy00MUJELTg4RDEtRDk3NkQzRjc2OTc2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFRjZBMjUxMi1GRDUwLTRFMjgtOTM3OC0wRkIwNThGNTYwNjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMwLjAuMjg0OS44MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAzNzU5MDAzOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwMzc3NDYyNDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjc1NDM0MzQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yN2NiNzI5ZC1mZjk0LTRkMzQtYWFlNC0zMzg1ZmEwOWM0NGM_UDE9MTczMjEzMTE3MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1lUEJZRVNENU0yWTZWS3VhOVJ5WVVCaWJTeTBDU2gyOU1XbTBoZFV1YkR5SDA4QlYlMmY1QXFpcSUyZiUyYkdVTHlneFN5ZGFNUm55Z2ZYUzdyM2tNd0FDR2haUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgZG93bmxvYWRfdGltZV9tcz0iMTczNDciLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjc1NzQ2NjUxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI5MDEyMTkzMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTU2Mzc1ODgyMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE0NzciIGRvd25sb2FkX3RpbWVfbXM9IjIzNzY5IiBkb3dubG9hZGVkPSIxNzUwNzY5MjAiIHRvdGFsPSIxNzUwNzY5MjAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI3MzY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Program Files\JJSploit\JJSploit.exe
"C:\Program Files\JJSploit\JJSploit.exe"
C:\Windows\system32\cmd.exe
"cmd" /C start https://www.youtube.com/@Omnidev_
C:\Windows\system32\cmd.exe
"cmd" /C start https://www.youtube.com/@WeAreDevsExploits
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2212.4768.4286807592672222627
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=130.0.2849.80 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7fff0b874dc0,0x7fff0b874dcc,0x7fff0b874dd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff0d1246f8,0x7fff0d124708,0x7fff0d124718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff0d1246f8,0x7fff0d124708,0x7fff0d124718
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1768,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1948,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2372,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3520,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3427166860983953304,15490939996814249372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3427166860983953304,15490939996814249372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3408 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x324
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 52.252.28.242:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 242.28.252.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.81:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 82.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | forum.wearedevs.net | udp |
| US | 8.8.8.8:53 | forum.wearedevs.net | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| US | 172.67.71.2:443 | forum.wearedevs.net | udp |
| US | 172.67.71.2:443 | forum.wearedevs.net | tcp |
| US | 172.67.71.2:443 | forum.wearedevs.net | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.179.238:443 | consent.youtube.com | tcp |
| GB | 142.250.179.238:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 178.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | 84.1.102.66.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | yt3.googleusercontent.com | tcp |
| GB | 216.58.201.97:443 | yt3.googleusercontent.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | udp |
| US | 104.21.67.56:443 | udp | |
| US | 8.8.8.8:53 | 56.67.21.104.in-addr.arpa | udp |
| US | 104.26.6.147:443 | forum.wearedevs.net | udp |
| US | 8.8.8.8:53 | 147.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bitware32.github.io | udp |
| US | 104.26.7.147:443 | forum.wearedevs.net | udp |
| US | 185.199.109.153:443 | bitware32.github.io | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 147.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.109.199.185.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 35.190.80.1:443 | tcp | |
| US | 35.190.80.1:443 | udp | |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\MSIAE80.tmp
| MD5 | cfbb8568bd3711a97e6124c56fcfa8d9 |
| SHA1 | d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57 |
| SHA256 | 7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc |
| SHA512 | 860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04 |
\??\Volume{77a2731a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{14722d2a-75b2-46cb-ae4e-7f508da42dd8}_OnDiskSnapshotProp
| MD5 | be90f9dcba4c4ce79ba7613b22a9b3db |
| SHA1 | c07a0360df05569459f7ca2621b47c3212f71716 |
| SHA256 | 6dbd435403fb905cc362e655f197a3b1f5a5c6912006f83038d6b4443260539d |
| SHA512 | eda2d3ccd29729b8df44b23e5f17e8a348bf99a53ce5e1560b6129264d8001e43218c41ae87eb1c3a283503434b15da85d97d184ab6e562e59c1dd29c810e4bc |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk~RFe57d9c6.TMP
| MD5 | a9c93d23550c8ee84f27e1b5b6f5d50a |
| SHA1 | ae5dff8999485f7b64cb2cbec7a4b618b7fefa24 |
| SHA256 | 433abf862c97f70a1e2fee52fa6f47c10cc03eea64984aa76e9ec21035e2c258 |
| SHA512 | e89a73297431f1bee41226a306f0e518c057f19ef3d195fe4a560324a152e8caf725a766ec6704770f466c699672df7a482d9ca64b0774df52603f1c37ce73ea |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk
| MD5 | 2c9f704e046f08697e2b88078a38a51e |
| SHA1 | 32a6528499056132db33cb808128286077950f23 |
| SHA256 | 1b46a5ac1fe01805f97886d0efc6db37532e4acb23268f0358e571ee3c596d31 |
| SHA512 | af9e93346f714dd71a8a44ea0489812ec1943233f2082fe82d73955b241c2018252fe4e09bcb03a02128761a1882c6d3def11f553add97f82fc9d11f16ed7a2c |
C:\Program Files\JJSploit\JJSploit.exe
| MD5 | d0d04bc3cb9e341925f36736c7730dc5 |
| SHA1 | c958e77cd69768e3753835dbfcb66a903b373c21 |
| SHA256 | bc360c4a540aad33bcd8a358566bb4e0844ca36138ef36fb5dd8084d36517495 |
| SHA512 | 2f04c151d57826a89b52f82c6b8c4ae5c0a45b83556c9aa6c45aa520f312d1a0edd2bb36c90c94b5a4967ea1b498634c4673828ef4afbdb63ab0e9d76609b31a |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | d3539d92577e606595ea92b9ce958549 |
| SHA1 | 6c449fc3523681913e7f5025317ee7dd13c8217a |
| SHA256 | f31372cfa08479f5a40fbc9df985b39238c81333bef28d7eef50330f62d01d45 |
| SHA512 | 737f9b3216c0d6666187ff63efe7ff75c12fc0d52146d95d0652f08f71d049c6e555bcf3da10a6145e70e47db81c44daee1d25dd6382b897eeceff75711dd100 |
memory/2796-67-0x000001CA2CE50000-0x000001CA2CE72000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_igqki1f5.0wy.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
| MD5 | 431a51d6443439e7c3063c36e18e87d6 |
| SHA1 | 5d704eb554c78f13b7a07c90e14d65f74b590e3a |
| SHA256 | 726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6 |
| SHA512 | 495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe
| MD5 | 35a79bd6de650d2c0988674344bf698b |
| SHA1 | a0635c38472f8cc0641ceb39c148383619d221dd |
| SHA256 | a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1 |
| SHA512 | afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdate.dll
| MD5 | 39ac5a029f87748e964491b97936d890 |
| SHA1 | 24777aad794a13d0e7381fc6f32f0e1bcdb1ba80 |
| SHA256 | ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc |
| SHA512 | 2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_en.dll
| MD5 | 894b6ea4b49fa390bd70167a75f3ff7b |
| SHA1 | 4f834ef6567d02f28390d63c8ca9fd3c735b2140 |
| SHA256 | a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a |
| SHA512 | 9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdateCore.exe
| MD5 | dd30f3ff486b830211df62d20348f86f |
| SHA1 | 08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf |
| SHA256 | 9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7 |
| SHA512 | af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | c55b37823a672c86bc19099633640eab |
| SHA1 | da5e15d773c794f8b21195e7ad012e0ed1bceb72 |
| SHA256 | 3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0 |
| SHA512 | 1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\NOTICE.TXT
| MD5 | 6dd5bf0743f2366a0bdd37e302783bcd |
| SHA1 | e5ff6e044c40c02b1fc78304804fe1f993fed2e6 |
| SHA256 | 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5 |
| SHA512 | f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_as.dll
| MD5 | 16b0c8a664626da016a95fb46fdc9c0e |
| SHA1 | c674b635cd8927511825847f3d86a5562b4155d7 |
| SHA256 | b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255 |
| SHA512 | ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
| MD5 | afdafc9f56401b662f42cef830d92b38 |
| SHA1 | b56966370ec07cd676e35d93fad001e0f6b3fb8a |
| SHA256 | 03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72 |
| SHA512 | 884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fi.dll
| MD5 | 7f47c9b9bc9488754579935209291c55 |
| SHA1 | 470e590c6f5263a44b95abbd6d0c158fae326d21 |
| SHA256 | f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75 |
| SHA512 | 6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lt.dll
| MD5 | 883f3e1c963322852aa6ce7177ba11fd |
| SHA1 | 3da37835cb54a847e3fa2edec45c4589e2c31561 |
| SHA256 | c3e3bd953b1035bcb34db9077c41643a503aafeecf99afbc92c9e4326bc6fea5 |
| SHA512 | 52e7eae669ce211be72ed62cddd43f926c8d581a28a5efc167d1bb9c7f132f40a000cec02c91cd81604ca9f1cbb61952a9da8d09044703a49309a4faf2ff2f25 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lv.dll
| MD5 | 0edaf7aa97694524c60369256b17c9f8 |
| SHA1 | 48a81d2c180b9dbb970dfc381b204c3e0bf11532 |
| SHA256 | 74b7ff57e79ee2685709678d55a4b4b414f3fdf77ab1783c0ded0196a126c0fe |
| SHA512 | de1ec10ba23b7f76dae78b6a98a3eee6df1eea424aa9a4800b70ee7b185e5c6a0dd30d0dc950bf7b37a9c07fd7614652258cdccd64413c49647b42351e02e90e |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lo.dll
| MD5 | b0973b4e4407ea116a723bd7c39c1d45 |
| SHA1 | 011e9126cf2fd3db3f0f810dc1d8e60891ef0695 |
| SHA256 | 36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a |
| SHA512 | 574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lb.dll
| MD5 | 9c7c3dec8769f8b33aab63a15f642d81 |
| SHA1 | 41ab17373c388d005b6d39c3ffc9fd5aac1a75cb |
| SHA256 | c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7 |
| SHA512 | 86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_kok.dll
| MD5 | f97d285a3ba35b1395d9868e15bce4f1 |
| SHA1 | 154dfcb8646bdb02b618dddf8a0dc1cbdab2269a |
| SHA256 | 33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4 |
| SHA512 | bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ko.dll
| MD5 | 6c3abddca78cb3ba9f724bad9fed6165 |
| SHA1 | 3114daf9295215bbeed0f4bb4e282b46ec1c74ae |
| SHA256 | d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548 |
| SHA512 | b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_kn.dll
| MD5 | 1ee9fe48904cb43a9147bf16823b16f1 |
| SHA1 | 19fd9c0a2a1d919340eefca7956bd84df467b737 |
| SHA256 | a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d |
| SHA512 | b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_km.dll
| MD5 | 5ef433fe15a877e530ba0a044486f200 |
| SHA1 | db1deb37392e001353f5a098d8686a17fc156b40 |
| SHA256 | 896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502 |
| SHA512 | 97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_kk.dll
| MD5 | d9b956ec540d8b1e528d88d8c5e5fdaa |
| SHA1 | bb967aeba493d9ac0b3889f7bbf9136614080331 |
| SHA256 | cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901 |
| SHA512 | d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ka.dll
| MD5 | 67eb1378381ad4d1a450bd26fe51f5e3 |
| SHA1 | ae0655d07a4d0b049ed258de646199f9004963ce |
| SHA256 | b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9 |
| SHA512 | 1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ja.dll
| MD5 | 0ff69dde83bf61a768bc63870d687747 |
| SHA1 | 622714cb8eac68b79021800f28f5874aa23176b5 |
| SHA256 | 3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7 |
| SHA512 | e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_iw.dll
| MD5 | d92167a825c73bd6246483bfa1787c8c |
| SHA1 | 0a96d89226f1e694275922e5e2640bca3d7e7020 |
| SHA256 | d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019 |
| SHA512 | 12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_it.dll
| MD5 | 0da1fde56fc0bf63e17a891e99f559f1 |
| SHA1 | 131d18d7329be3ff21c78a3921b88e910a3d5a68 |
| SHA256 | ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec |
| SHA512 | 67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_is.dll
| MD5 | 28064f47523b575c20fc85733cddf487 |
| SHA1 | 0c5583888be256c8e09a396e333ad158b5f87553 |
| SHA256 | 0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a |
| SHA512 | d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_id.dll
| MD5 | c80c6530280315158443cd04f89e9169 |
| SHA1 | fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d |
| SHA256 | 52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de |
| SHA512 | bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_hu.dll
| MD5 | df2764d7bf9bbc6d4e96301c928566b5 |
| SHA1 | 1f9adfed63fff6cd144515e8a7fbf8c4131d2f65 |
| SHA256 | 3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514 |
| SHA512 | 8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_hr.dll
| MD5 | ca9abf92edc001d3c0cea4c926bd004c |
| SHA1 | 740513a325a5c15376f4b1aea402e9c54155ab33 |
| SHA256 | d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346 |
| SHA512 | 7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_hi.dll
| MD5 | 274c267b7ee544d36698b2db119a6929 |
| SHA1 | 27377267ddc09060254033c4aa9916a60a254956 |
| SHA256 | ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f |
| SHA512 | f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_gu.dll
| MD5 | bb4a1f9374f1c3e0cbc4788a3ce1d4c5 |
| SHA1 | 30667d6dbaa689db9a08b42acacdf68435dac46e |
| SHA256 | bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655 |
| SHA512 | d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_gl.dll
| MD5 | 31276d0895baff6976c94c549efbb47d |
| SHA1 | 4f0fe790cecc28823e6359fb3b78dde13cc17681 |
| SHA256 | d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88 |
| SHA512 | 413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_gd.dll
| MD5 | d64f47e1971f1e9faba211ca984e550c |
| SHA1 | 6f4de57c6f174dd778788b138a9b25cf4725258b |
| SHA256 | 75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00 |
| SHA512 | 722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ga.dll
| MD5 | 3ca8dfe9af49bdde95188002ebd5f227 |
| SHA1 | d18d7af889c4d03ea417c09bc56069f3f697c547 |
| SHA256 | 6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5 |
| SHA512 | a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fr-CA.dll
| MD5 | 08b6c8f26644370c6dcbee63e4abf884 |
| SHA1 | e4981733831c4d31715cad1749545d21dc29acf2 |
| SHA256 | 916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8 |
| SHA512 | 31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fr.dll
| MD5 | cf3ff14718b5e6125b956d6d9e897196 |
| SHA1 | 041de2587e03f6c52dba60e9d2459ce33b263eb9 |
| SHA256 | d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa |
| SHA512 | 551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fil.dll
| MD5 | 20134024ed75deda002dc0839b352f84 |
| SHA1 | e67bbd13a320d2b4413b283e165385c44a65ea0d |
| SHA256 | 425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76 |
| SHA512 | 7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fa.dll
| MD5 | ba417f44f7564f1aca70cca9166f3f44 |
| SHA1 | d8f064e25038e0076bffcd1a694b58063b7268d7 |
| SHA256 | 56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703 |
| SHA512 | c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_eu.dll
| MD5 | ed883bbd9e4b3de4db68e356707f3e67 |
| SHA1 | e03dde660c15a614442552f8c4d2cc5dd8425fc1 |
| SHA256 | 168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7 |
| SHA512 | ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_es-419.dll
| MD5 | bcafbabbfc8f810220b2ebdbb8a76d19 |
| SHA1 | 58703c8355f996f2ce8ae5fd1ce4dc29318fd414 |
| SHA256 | 7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7 |
| SHA512 | b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_et.dll
| MD5 | 6b03eb5b302e72727977f2431ea7f30d |
| SHA1 | ac5cab93d3c28e46f92d2719638c739c680cc452 |
| SHA256 | b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137 |
| SHA512 | 362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_en-GB.dll
| MD5 | 39dc20ae50a0e2ba9c55dda91256b3cc |
| SHA1 | 464139f11db3fd6ae77502b183c4b59f581d6c7a |
| SHA256 | e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14 |
| SHA512 | 08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_es.dll
| MD5 | 3ccb8eab53a0b4c93507bf2adff6ced5 |
| SHA1 | 25fa2435e97bd0e1cf986a882ce33e68f961c139 |
| SHA256 | 8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0 |
| SHA512 | 4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_el.dll
| MD5 | 09cf47260852ff7b2c91c65d127b9314 |
| SHA1 | b3d362f3d08f81bd1b719a1c94b54f5f9c9610da |
| SHA256 | eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920 |
| SHA512 | 114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_de.dll
| MD5 | ce66ef1a806c21949b75055f81cac760 |
| SHA1 | 3719e4af114a3c0baceb133d152a02bc6a1fb9f8 |
| SHA256 | 23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f |
| SHA512 | 04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_da.dll
| MD5 | 19a7aee0daf68fdc1a24e3228a8bf439 |
| SHA1 | 1fc6ce227a11245787c80f3932e2c311de2d44bb |
| SHA256 | 409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99 |
| SHA512 | 0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_cy.dll
| MD5 | 11b92ae8fe94c784480d465a37935766 |
| SHA1 | f4ead29d4b20c57bb0e4d16a7488784f61a25972 |
| SHA256 | 571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161 |
| SHA512 | b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_cs.dll
| MD5 | 8eff4531519a4b768005b9411d4a5f9c |
| SHA1 | 59b354e3f32f0a0da8755c27b903803994f4aa31 |
| SHA256 | 2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0 |
| SHA512 | 4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ca.dll
| MD5 | 15ee7526536790bf77317975896542f9 |
| SHA1 | 365bc54203b490daa0e24a1c9813d5d99c9de720 |
| SHA256 | 5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e |
| SHA512 | 475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bs.dll
| MD5 | 5e06d311c2e24b94f378c4d3b3deb260 |
| SHA1 | ef7df63f63746eb197c21694ebb21cfb86c0b2b8 |
| SHA256 | d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65 |
| SHA512 | 8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bn-IN.dll
| MD5 | 1e038b27661b303e15a39a55305e86bb |
| SHA1 | 35b48fe72d50406063f9145fea64c57f205f0084 |
| SHA256 | 385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364 |
| SHA512 | 13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bn.dll
| MD5 | 9afe531b6472cf9eb66028e9638584bb |
| SHA1 | 6212292867bd59fe376e79988c07f4db8ad26cdc |
| SHA256 | 383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812 |
| SHA512 | 352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bg.dll
| MD5 | 4b23c7229eb43740744cfbf48c4242ca |
| SHA1 | 4938dcf6239e14db53c8f085d3c477905a9986af |
| SHA256 | a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2 |
| SHA512 | 4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_az.dll
| MD5 | bf510bb9b7639af7da969f77620b480f |
| SHA1 | 17a6693a5d6aea1f3fa6f34abc46daf558cac645 |
| SHA256 | 2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3 |
| SHA512 | 6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ar.dll
| MD5 | b4c28669b9d4e56b094af6062f4db065 |
| SHA1 | 4c492c03138c8a796cf0673866892b9e0c2073ec |
| SHA256 | 7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb |
| SHA512 | 35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_am.dll
| MD5 | 1903bc250fc269e79c9f7aada2979aff |
| SHA1 | efbf76b1259217c02c138078c56f36b2cb8543ab |
| SHA256 | 228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04 |
| SHA512 | 9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_af.dll
| MD5 | 2a9524cf8afae49394379d9d9be69206 |
| SHA1 | e43d4146f8abebbb30831fbd39a39846bfb7eeef |
| SHA256 | e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0 |
| SHA512 | a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1 |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | 1723c5e707061e59d769c492a95d5083 |
| SHA1 | 3b535b7a0df2f7a4ab5e531956dad9892adfb5e9 |
| SHA256 | e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab |
| SHA512 | a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a |
C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\EdgeUpdate.dat
| MD5 | 369bbc37cff290adb8963dc5e518b9b8 |
| SHA1 | de0ef569f7ef55032e4b18d3a03542cc2bbac191 |
| SHA256 | 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3 |
| SHA512 | 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 8bfd96969293b604ca9fe8e8e49da54a |
| SHA1 | 7ba4fcca8fd51e33405c85d83029132a7bb6c693 |
| SHA256 | 945f757e38550e5f2600de36f45d631d02aee365828e6e997e0816edbd9945e4 |
| SHA512 | a8100ca539542075096c027e054cfea7388fa11ec540e7627dbd2d30a3f6d36229952917c0897574267d4c239d84b7ba21e5ca268cd9da89d94cf5cb92f2be3a |
memory/2928-265-0x0000000000D10000-0x0000000000D45000-memory.dmp
memory/2928-266-0x00000000744A0000-0x00000000746C6000-memory.dmp
C:\Program Files\MsEdgeCrashpad\settings.dat
| MD5 | a720f227a8a405b4198e426e3e800002 |
| SHA1 | 50da523b1936171806feec847e50ae38c86976d6 |
| SHA256 | 34deba71fabfbcf739476570ce05d57b0bada27d9a66e299065de1b8d95e33b8 |
| SHA512 | 530245a483470e8fb38ef87184747273a2b64243f2f0c49edd109c9422d75beae6f90d17a37fa237fab9f4e413262ad714a49d9ece43179424440f2cbe056145 |
C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe
| MD5 | b621cf9d3506d2cd18dc516d9570cd9c |
| SHA1 | f90ed12727015e78f07692cbcd9e3c0999a03c3a |
| SHA256 | 64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6 |
| SHA512 | 167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19 |
memory/2928-312-0x00000000744A0000-0x00000000746C6000-memory.dmp
memory/2928-320-0x0000000000D10000-0x0000000000D45000-memory.dmp
C:\Config.Msi\e57d794.rbs
| MD5 | 5e0efa02f4affed28ebe0d611740e72a |
| SHA1 | 70ade7488503785df881ff50895938537d5b926f |
| SHA256 | 1bc389c3d592e3360dc6146dfccf0d79ac79af33c1a72a5a4749d6c9d7d692fa |
| SHA512 | bb3092207617ae73f02877b47ef240c1dec6848423dd97d10548993630c68760535ad65ef06890f6225b5be3472f9947f9d3a9443ac4906a7d8a3c27c3be2789 |
C:\Windows\Installer\e57d793.msi
| MD5 | b837d10b9a71425dbf3d62b2cc59f447 |
| SHA1 | 85c9ba3331f7eb432c28365b0d1f36a201373a72 |
| SHA256 | 76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c |
| SHA512 | f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
memory/2532-364-0x00007FFF2B0E0000-0x00007FFF2B0E1000-memory.dmp
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State
| MD5 | 5859c3010de3a49c2c9728334ebc3881 |
| SHA1 | 4a120e8c39205ce315b2922d8ef38efc071bf765 |
| SHA256 | 9627b8fe28ead58a2af6f7c3393cb8803be73c584c7e48d5da1f29900f15a14b |
| SHA512 | 8449052b7be01842ee1f63bb10fa98252c13f3262a0ddc942f0900008d7dee917649e9ed62c7bd0979c89decf8653a5c72b4043cd669f8054629c1ecbb71c10b |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe58ed68.TMP
| MD5 | 393519f1af9e55ae986dd20d25b60f0c |
| SHA1 | 6bd11249576c1fa107834b19a1da33491bbefb3b |
| SHA256 | 4ae5bc5a53c1e265a4f940b7e69182cf3956a0c5a1946b30cfbb9ce435e46ea6 |
| SHA512 | 2d0607ee04c39666a6632a9c1837c1245fd18a7c83eb9359106d9b4d32a1a71f12198dcdc4f5f673a0a217b034ff0bfab6609dd21a5ddaa6ff4ceda7c9014993 |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State
| MD5 | 2a44be72d76173e8ca5de5b2832f5f62 |
| SHA1 | 0d55389b0b781f5b0045adf92956127bb47cdd2f |
| SHA256 | 4abdded1bf32d347017a65524f82e845e2e62bab72283a12e5e999f0fe3a251e |
| SHA512 | b549b2b2454fe37e62d36d65cfd7d5fc9739af48182a26e71fc5430a2df0ee94874833923168a7247da3e97dce5151ed1e219c69fde76e054f8b7993fdcd0012 |
memory/636-412-0x00007FFF2A920000-0x00007FFF2A921000-memory.dmp
memory/2896-414-0x00007FFF2B0E0000-0x00007FFF2B0E1000-memory.dmp
memory/636-411-0x00007FFF2A1D0000-0x00007FFF2A1D1000-memory.dmp
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State
| MD5 | 68cb44ce8cc9dc1c58f4181850d4d2b9 |
| SHA1 | d5f3acc52dfbb4ce3cafbb1d248849a99321e049 |
| SHA256 | 9d1038b8775c34b130d84c936009c66ba7b08925b24b4e7936273f4cb3572655 |
| SHA512 | edb1e44f9bb2393d4d7c5e29fee2be599d5064f669a1754702cc6dd1cf2eaaa51c2ed3b2693534bddb22127cb46a15a3ce2310005bf132356e876fc0d22d9bd8 |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat
| MD5 | 9f050b208324270e5d8b602cbe2f4f0f |
| SHA1 | a8d29b9e7be559b86f7d300e5628059ee46a429a |
| SHA256 | e8abead14e4690e67190a3c7ad3d1b7f125c373d5996c39d8acc9efe4fa36420 |
| SHA512 | e07724eb5d2de2945cfbca1ae4c799714759c228bbbcd03fe0e3a9e9008e62bf3ff715b6a9568d04e29af5639996044a2b8380428495b993ddb6e28ceac875af |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnGraphiteCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 66bbbd24ffee5d8fd929497a3613adff |
| SHA1 | 67b89e61db3bdc1785d75eced20289220a492ed7 |
| SHA256 | 597a84c92b8f399363d0f1f9496918eb63fa2f75db409d7620bae10a99842546 |
| SHA512 | 8b9c8f6447e4b86edaa2e9c9033d42f81170738f607018078d757ab619f3feab375c39529488b8ca6af5afd89c554d102f35d0f92bbe8b0768414864cd14c15e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fd2f2ede-f4cb-4375-aac1-5f5c4e879f59.tmp
| MD5 | ab695889a0e3dd5be06ab5455102c58c |
| SHA1 | eba802712cf66f375f75061ec9c0dfa05d20fc50 |
| SHA256 | 71efc4b342f564524892c59570a6368f52dea21d3ba1456e6b74ba7fd2a0caf1 |
| SHA512 | d5bf233dda7c2c78f5761fe0a385276e6d7bc2cb2d52ce1238c7bf086d103b3c3ece7b192a9aca781a220e42808f220555aec299ea1c2dd9304769466a6d20ab |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 38cb25da4566a73002658b27e2f97b15 |
| SHA1 | b41152a29f89066fcc459ee64b87ed8e7822f2f7 |
| SHA256 | 807064fd5dfedd85798e0f3f3bd81fefa45f270d89ad7464f35832aea60169d0 |
| SHA512 | 60a1ca7c1213e89942956bfffd5ab97f4bea1ebc5e3ecf88c25038ff433a30f954a134fd936f9b414dc0bf2dfe933789116c32bbca22ba448a37a800889e1171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2c209ee4c5e9bb55bec9f5d2bd8b72b7 |
| SHA1 | e9ae158285d76bdb262a71ede02d096559f04a10 |
| SHA256 | 3ffc5acfc4cd846586523bc7bbe1be253cf78f7b37f3db15a53ac3727fb9f2b7 |
| SHA512 | 3d6c1552fd104fb9f77f3c1f91432f42b775f73a68331e4262a77d568e1b7b30db4d32ce1a8c1c83e8c62aef831c5a284a5a9a0dcbbcddbf7920ee6044f4b20f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c3a6601dc57145d86ea3debd0c0eb41d |
| SHA1 | b0e115572f0d78ad62097ff524b88df9894e502a |
| SHA256 | e7f50392e563c997b36c9c9964e32ee471c28da1d0fd5f925d2f4f3ea2932d7d |
| SHA512 | 7e4b2cf6866d72660ee93357ad7b7af97cfceb82cf095936498e74af17a659e74ea33e2370284ab57929fee74c99b4835e2626d4848d0ea78dfd30d28411e161 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d391e8c-9615-47fe-bb16-7bd267b16d63\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State
| MD5 | 3e6d1ee734f2c59a262b7928dd130a93 |
| SHA1 | a9efdb569a4341a39e82d77e2970db8f4f7db98b |
| SHA256 | 8f6fc1dab6a5484c10bc4ad011799a60c9d9db068ec288c9e081f9d4b64f42a1 |
| SHA512 | 5f6ad7599acb74f19db7f67e8f9d6a02fee5bc7ef6d3d81f3399d269492d0356914a08c03f6404d01ce7a8a31fbbbb0aa9235ea352ac728be4cd6c69d070808c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d3142dc10d5d272cd79bd4c3bdc19be1 |
| SHA1 | 3b96cf4237ccad4639f415f00d073cded13b1812 |
| SHA256 | 6ec24190c4dbe378357c19020f9b485788f5bee5738d9aa957b3370d6f97abc3 |
| SHA512 | 1aac8cb06b49ebbf1079ad01e715ecdbdd964bc140374461ed8aaf2d9bc71cec7fc58dd6031767d0f8a359ac1d653b64193b88ec5a04b64b957dcd18762802e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3d5c8fb89b3f98799daa8bf88f519cd |
| SHA1 | ca5677efc5805c011f74913b3a518531f8d57574 |
| SHA256 | 338cd9ac3926374c30e8348aea83353c96b392fdd9d0d53a2bbf55f562841566 |
| SHA512 | 2c22c24196e39599f993903222b94104c1478879b7e88e3d404db72451e7016c58e1f4c347605631376c278402ee74a4c759a155c480bd2e1b9691a2a335fbe5 |
C:\Users\Admin\Documents\jjsploit\db.json
| MD5 | 41dea3a16884a8a050f599c1b3d3dbf5 |
| SHA1 | 0d1893892dd3a5211b8dc4b66efae5d3f2c82689 |
| SHA256 | e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466 |
| SHA512 | 2c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 126209c01e309a403f255570e284226b |
| SHA1 | ada1467fe34912f6b7efed0bdb9a5c601b029983 |
| SHA256 | f5f55b6067eb7d6a31b5da83ea7a22a06b0e8ed8a95be9636442998faa933623 |
| SHA512 | 4ff66f37516eb2075af27462eb583e6b60208c2c15dbe56f540b495aaa41e5ef71e7aa3c3e5ddcf49350903a1fbbebd224b34b0acb10a4cfea11f14f90e5868e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 26d17376ab0fa49c93986b388b7313e4 |
| SHA1 | acb7bd40823a59b223782f934ecdebb1bb8db01b |
| SHA256 | f5f04f49070da4283d4e9a0764bbd537a2f4f79e1e4b5c597220030809b70d12 |
| SHA512 | 4058fee807e2801ca0975acc12a6c7dd268517377efe577791669b4f00131d29429be1b2082a062c20077aacdc17419ae4a5a579fbbc583bed1b28fbf11a134f |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5954bd.TMP
| MD5 | 5be0b68aa7a6fdb052d748d8a5f4a1f6 |
| SHA1 | 50d2a2b7c661accc7a3565869c5778d3fe0294c9 |
| SHA256 | b2107b7022e498d329a6e82ece5f8d18c2970ea956e922849eb8233fcfc053f7 |
| SHA512 | 8346f5b0bb8e9dc5abdb6516cf9f787b6f3bbc93f2eca24b76658db2097dcfc814c2b1db861c3d34a9507a01d1dcf67185d19cce61777146d0d4cfc4626906e8 |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 59f8b399cab2e48eb4ea8297ad3acb51 |
| SHA1 | 6bb456362cd3c01db51ae4985e9acfd453e94708 |
| SHA256 | c66685cf2fde83578433ef7ffaa565d434c3b7aa79a8cf0c7078d11262143d69 |
| SHA512 | a094f48a5eff3e5210144d6b2682574b805e0b3751988263afc1ea201d53a7b32c0dd701917325071dd284d6b5c26188f74b1233cdfbb9b9ad9acb3d4e0d2219 |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity
| MD5 | 249ee7bbcfb24af4250518247fe29f66 |
| SHA1 | ac93f6495513d64fc486d5bf687fa5f4f1f705e5 |
| SHA256 | 57da0d74c199c14b7c546b9c131e1b04d430fa32f89854d243176a4f5f3bbf49 |
| SHA512 | ac2cd0d840048f726df2ad7b933d060c6009852e79db0594f7da24990549ac7557d3f1e8083c758fe022b1bd3e626beba51bbd447ed5a4e2ab424adcd68c4601 |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe5957cb.TMP
| MD5 | b754daa297859dc54c556ee9786419cc |
| SHA1 | 1276c915833a5216abb2c20a8e3e38d98311bbe5 |
| SHA256 | 0bb44854f7b070b2d4d963372d4966fe6bd58ac5e65ef1a9e76e967f9f80391d |
| SHA512 | aebb35859c566a3ae92613e4da52b91608b61d3b5818bc18644b01f35e163a5facb76d1ddef47c1eeb64051b0eed9558449a87cc91e21f7369e7fc52d72d9138 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fcf7d849b9ed5b93a6f09f60cbf6eea4 |
| SHA1 | 5d42be50e02627ee641f4de32843f7288f8b1246 |
| SHA256 | 246b2d5506f0220ae8bd57f589d41a1c89de5f24ba1d3995b1691147fc87aa01 |
| SHA512 | 00dc6c6ab32f7aaa1a9533dd1132f040cb04b276e5756c7dbb77a471a62689f60cd20038ac439a85afe322ae4d830678d6ee66e30432d78abee691f5fe0c5ea2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595a0d.TMP
| MD5 | a8065c693d45bef8301aeb703e4d1959 |
| SHA1 | 96649a3dd8d519bed7284299ab64b843d0b24b79 |
| SHA256 | 0b053f220e25b574e5f9f8c72fa0948358c409f94321ef66aede55b762abc950 |
| SHA512 | 65c785f4974032ab9240059981cf2bbed1feb86e1307f5ef89510a0c8a349b0636a0578861461f8d6d4a9f50cd4361cab6a371f0411526a9957df8e561be9e07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b8a00d3-637f-44b5-bcb5-ddd3f63ad534\index-dir\the-real-index
| MD5 | a796b39e5841408f4bccc1968d19f0c8 |
| SHA1 | 67f1ea9df364503d54e5b1f4164f5f92d92fb2bc |
| SHA256 | b41e9e851c1530bca766af0e3660ac21269cd8c8f6e4d8590342f6b914949762 |
| SHA512 | 8661138e8c1d535250ff79694142fff83bd3df1ce81b41907b30f6feb2ae8d02419095577801180c1da3faefea1991c5b8e9870c688d746f4a6c99c630d956a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b8a00d3-637f-44b5-bcb5-ddd3f63ad534\index-dir\the-real-index~RFe596817.TMP
| MD5 | 13ee7bf693b79ae20dd4a84fe197de4c |
| SHA1 | 35043429d38d3dfbcd9eed40cc0a29303a5d50b1 |
| SHA256 | 8d89ec619ab2ea6a8dde65fc31606307267d64d979e648fabec55208875e5a3b |
| SHA512 | e6105b19e4a43a3aed019401766882dbf107f7661ac7eda4a9212f81d579733eda29736b0fb4cc75cfb050a3a1d07dc20dd2356465710b9fca07c83621dba3b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c375936875a89d10fa541816cc544f5e |
| SHA1 | 0e78fd63fd49a6e89bb40cd610ea2786c6637fe2 |
| SHA256 | a5f93c3b95c2510d9ce51b4ff295b191c6b269973a201ecf70c4e7ecef1a9326 |
| SHA512 | c7b38d35fae3216e32a103d0449547e9c8e6cb22e0877e85a9650377232c9f02a84e15624d5e9a686bce7165b86fa4c75e2708c33bdcd5b642a7ecbdc72a429c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 42e104fe43605e0574be95debb4660a7 |
| SHA1 | b2b65b19501a03c72ecbc40a9f144f24dffe30d7 |
| SHA256 | d36894c4df13542554d14476c54df66af8c5b83b9156b947a7ec12ae6d9438d2 |
| SHA512 | e98441b2e177515630fe35b7a7b688e6b52dcda849ada7b29dbc7426a667df07b08938100e3a6cd45dc7cf62a2b95c7671e09d724a93fe3d7b6784753e7d043e |
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\c8902b69-6b31-47b0-b486-4be0583d6797.tmp
| MD5 | 1a7c5bdb4c4acac333f42260485ee634 |
| SHA1 | ca4f70c3f68bc0a8e70a2ae02fdad3ee263cf416 |
| SHA256 | b2990e49b1f296dbe4da9777345ea7b62493b8b9e73e96bf5ed6f2065f523a70 |
| SHA512 | 19bdf40254ba4abb56ad37373f3c5b421c310d06aa15497c97d793b0ca8653db2f58a9c721e8d07f6feab7ca71aa0ca08eb92a50df8f47a7914ab8379537b414 |