Malware Analysis Report

2024-12-07 15:39

Sample ID 241113-x83e2sxmdx
Target Krnl_8.10.8_x64_en-US.msi
SHA256 76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c
Tags
discovery execution persistence privilege_escalation evasion phishing trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c

Threat Level: Likely malicious

The file Krnl_8.10.8_x64_en-US.msi was found to be: Likely malicious.

Malicious Activity Summary

discovery execution persistence privilege_escalation evasion phishing trojan

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

A potential corporate email address has been identified in the URL: httpswww.youtube.com@WeAreDevsExploitscbrd1

A potential corporate email address has been identified in the URL: httpswww.youtube.com@Omnidevcbrd1

Downloads MZ/PE file

Network Share Discovery

Event Triggered Execution: Image File Execution Options Injection

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Checks installed software on the system

Drops file in Windows directory

Drops file in Program Files directory

Checks system information in the registry

Loads dropped DLL

Executes dropped EXE

System Network Configuration Discovery: Internet Connection Discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Event Triggered Execution: Installer Packages

Checks whether UAC is enabled

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

System policy modification

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 19:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 19:32

Reported

2024-11-13 19:33

Platform

win7-20240708-en

Max time kernel

33s

Max time network

17s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Krnl_8.10.8_x64_en-US.msi

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\JJSploit\resources\luascripts\general\aimbot.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\animations\dab.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\magnetizeto.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\JJSploit.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\beesim\autodig.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\animations\energizegui.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\tptool.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\infinitejump.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\animations\jumpland.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\fly.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\animations\levitate.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\jailbreak\policeesp.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\jailbreak\removewalls.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\teleportto.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\animations\walkthrough.lua C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\JJSploit\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\noclip.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\Uninstall JJSploit.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\jailbreak\walkspeed.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\multidimensionalcharacter.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\chattroll.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\jailbreak\criminalesp.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\god.lua C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f770c9e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f770c9e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f770c9f.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSID88.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f770ca1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f770c9f.ipi C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\MainProgram C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\PackageCode = "6BA04691B11BD7E458FA5475B2122A24" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\ProductIcon = "C:\\Windows\\Installer\\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\\ProductIcon" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\ProductName = "JJSploit" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\ShortcutsFeature = "MainProgram" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Language = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Version = "134873096" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\Environment = "MainProgram" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\245D33D32B2D33F43AD9DCF4073D44E2\External C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\PackageName = "Krnl_8.10.8_x64_en-US.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Products\245D33D32B2D33F43AD9DCF4073D44E2\SourceList C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Krnl_8.10.8_x64_en-US.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DB3CB66E5E3215D50FAD63FC22058512 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005C8" "000000000000005C"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\MSIEF7D.tmp

MD5 cfbb8568bd3711a97e6124c56fcfa8d9
SHA1 d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57
SHA256 7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc
SHA512 860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

\Program Files\JJSploit\JJSploit.exe

MD5 d0d04bc3cb9e341925f36736c7730dc5
SHA1 c958e77cd69768e3753835dbfcb66a903b373c21
SHA256 bc360c4a540aad33bcd8a358566bb4e0844ca36138ef36fb5dd8084d36517495
SHA512 2f04c151d57826a89b52f82c6b8c4ae5c0a45b83556c9aa6c45aa520f312d1a0edd2bb36c90c94b5a4967ea1b498634c4673828ef4afbdb63ab0e9d76609b31a

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

MD5 772f9a5209a2808dc748b4499f4a4bae
SHA1 48cdc0d6e6da6ff14bf950d23854543176a6dab6
SHA256 080cfdd91d8a08dbcc2dfe6d10fd397ffa1dc1eba64d767ed3d12fca0ebe742b
SHA512 910790234834c19668002ab0ef4d166713ed2e15480021f39d012f0967b68ab5687e80bb9a444cadc4c8e6fb88dc2a7f87fc47c5498c8c64d01733155339739d

memory/2944-59-0x000000001B6F0000-0x000000001B9D2000-memory.dmp

memory/2944-60-0x0000000001D10000-0x0000000001D18000-memory.dmp

C:\Windows\Installer\f770c9e.msi

MD5 b837d10b9a71425dbf3d62b2cc59f447
SHA1 85c9ba3331f7eb432c28365b0d1f36a201373a72
SHA256 76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c
SHA512 f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 19:32

Reported

2024-11-13 19:34

Platform

win10v2004-20241007-en

Max time kernel

131s

Max time network

130s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Krnl_8.10.8_x64_en-US.msi

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

A potential corporate email address has been identified in the URL: httpswww.youtube.com@Omnidevcbrd1

phishing

A potential corporate email address has been identified in the URL: httpswww.youtube.com@WeAreDevsExploitscbrd1

phishing

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\JJSploit\JJSploit.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Network Share Discovery

discovery

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\JJSploit\resources\luascripts\general\chattroll.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\msedge_wer.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\edge_feedback\camera_mf_trace.wprp C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\is.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\mr.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\tptool.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\teleportto.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\BHO\ie_to_edge_bho.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\dxcompiler.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\msedge_elf.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\lo.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ru.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\edge_game_assist\EdgeGameAssist.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ar.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\lt.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\msedge.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_sr-Cyrl-BA.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\pt-PT.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files\MsEdgeCrashpad\throttle_store.dat C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\gu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Mu\Fingerprinting C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Trust Protection Lists\Sigma\Social C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lo.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\oneauth.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\win10\identity_helper.Sparse.Dev.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\BHO\ie_to_edge_bho.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\pt-BR.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\te.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\BHO\ie_to_edge_bho_64.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files\JJSploit\Uninstall JJSploit.lnk C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\el.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\eu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Mu\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\kk.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\fi.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\nn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\or.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Trust Protection Lists\Mu\Other C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\jailbreak\removewalls.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\JJSploit\resources\luascripts\general\noclip.lua C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ur.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_mk.dll C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Trust Protection Lists\Mu\Content C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\bn-IN.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\vulkan-1.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\bg.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\kn.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\eventlog_provider.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\ms.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Locales\gl.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Trust Protection Lists\Sigma\Advertising C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\Locales\ur.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\EBWebView\x86\EmbeddedBrowserWebView.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\identity_proxy\win10\identity_helper.Sparse.Beta.msix C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\telclient.dll C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\pwahelper.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{3D33D542-D2B2-4F33-A39D-CD4F70D3442E} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID87E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57d795.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57d793.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57d793.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{3D33D542-D2B2-4F33-A39D-CD4F70D3442E}\ProductIcon C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A

Browser Information Discovery

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\JJSploit\JJSploit.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001a73a27760024bf60000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001a73a2770000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001a73a277000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1a73a277000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001a73a27700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760000353220115" C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ = "IAppCommandWeb" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\ = "Microsoft Edge Update Broker Class Factory" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher.1.0\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\1B5BE67603097495AB20AEE6179D01CA\245D33D32B2D33F43AD9DCF4073D44E2 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E}\InprocHandler32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods\ = "17" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassSvc\ = "Microsoft Edge Update Legacy On Demand" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\Elevation\Enabled = "1" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\ = "{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.31\\MicrosoftEdgeUpdateOnDemand.exe\"" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods\ = "11" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\Elevation C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ = "IRegistrationUpdateHook" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ = "ICoCreateAsync" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID\ = "MicrosoftEdgeUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C76C02A1-BCDF-4632-88E6-55698920001E}\InprocHandler32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ProxyStubClsid32\ = "{35725228-BF11-429E-B5B8-ED0F2BCABF82}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{35725228-BF11-429E-B5B8-ED0F2BCABF82}\ = "PSFactoryBuffer" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine.1.0\CLSID\ = "{B5977F34-9264-4AC3-9B31-1224827FF6E8}" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\JJSploit\JJSploit.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2912 wrote to memory of 1088 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 1088 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 1088 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2912 wrote to memory of 1848 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2912 wrote to memory of 1848 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2912 wrote to memory of 2796 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2912 wrote to memory of 2796 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2796 wrote to memory of 4028 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 2796 wrote to memory of 4028 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 2796 wrote to memory of 4028 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
PID 4028 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe
PID 4028 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe
PID 4028 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1020 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1432 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1432 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1432 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1432 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1432 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 1432 wrote to memory of 1032 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe
PID 2928 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 3744 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2928 wrote to memory of 1812 N/A C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2012 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2012 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2012 wrote to memory of 5116 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2012 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe
PID 2012 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe
PID 1848 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe
PID 1848 wrote to memory of 1880 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe
PID 1880 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe
PID 1880 wrote to memory of 4976 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe
PID 2012 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2012 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 2012 wrote to memory of 2260 N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
PID 1088 wrote to memory of 2212 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\JJSploit\JJSploit.exe
PID 1088 wrote to memory of 2212 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\JJSploit\JJSploit.exe
PID 2212 wrote to memory of 3632 N/A C:\Program Files\JJSploit\JJSploit.exe C:\Windows\system32\cmd.exe
PID 2212 wrote to memory of 3632 N/A C:\Program Files\JJSploit\JJSploit.exe C:\Windows\system32\cmd.exe
PID 2212 wrote to memory of 404 N/A C:\Program Files\JJSploit\JJSploit.exe C:\Windows\system32\cmd.exe
PID 2212 wrote to memory of 404 N/A C:\Program Files\JJSploit\JJSploit.exe C:\Windows\system32\cmd.exe
PID 2212 wrote to memory of 3768 N/A C:\Program Files\JJSploit\JJSploit.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 2212 wrote to memory of 3768 N/A C:\Program Files\JJSploit\JJSploit.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 3768 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 3768 wrote to memory of 4832 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 3632 wrote to memory of 4140 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3632 wrote to memory of 4140 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 1484 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 404 wrote to memory of 1484 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1484 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1484 wrote to memory of 2644 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4140 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4140 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3768 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 3768 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe
PID 3768 wrote to memory of 2532 N/A C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Krnl_8.10.8_x64_en-US.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8D8BCB8C5DAAE776F05BA49BF802E44E C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

"C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe" /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.31\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ1NjNGOEUtQzQyNS00MzQzLTkxM0EtMDZENTU0MzJFMkU2fSIgdXNlcmlkPSJ7MjU0RTJBNUYtM0U1Qy00MUJELTg4RDEtRDk3NkQzRjc2OTc2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0MjdBMThDNi00RTZCLTQ3MDUtQTZCNy0zNkVCNDlBQTVFRUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iIi8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjMxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDEyMTg4NDI1IiBpbnN0YWxsX3RpbWVfbXM9IjQyMiIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{2D563F8E-C425-4343-913A-06D55432E2E6}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ1NjNGOEUtQzQyNS00MzQzLTkxM0EtMDZENTU0MzJFMkU2fSIgdXNlcmlkPSJ7MjU0RTJBNUYtM0U1Qy00MUJELTg4RDEtRDk3NkQzRjc2OTc2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RUEyQjM3NDUtMUE4Ri00RDY2LTk5ODEtQUEyODYzM0I4NzM1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O2xoVmkxMlFjazZTbDB1VTFPQjZZMTUyOWJSNmJzZXk0K2N1N2RIeHM2Y2s9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzNyIgaW5zdGFsbGRhdGV0aW1lPSIxNzI4MjkzNDAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNzI3NjYwNzU2NjEwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAxNzUwMTAzNCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\MicrosoftEdge_X64_130.0.2849.80.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B35FD895-CEED-44E3-ACF7-C9254475D49C}\EDGEMITMP_27579.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=130.0.2849.80 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff61bf5d730,0x7ff61bf5d73c,0x7ff61bf5d748

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkQ1NjNGOEUtQzQyNS00MzQzLTkxM0EtMDZENTU0MzJFMkU2fSIgdXNlcmlkPSJ7MjU0RTJBNUYtM0U1Qy00MUJELTg4RDEtRDk3NkQzRjc2OTc2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFRjZBMjUxMi1GRDUwLTRFMjgtOTM3OC0wRkIwNThGNTYwNjB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMwLjAuMjg0OS44MCIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAzNzU5MDAzOCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUwMzc3NDYyNDIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjc1NDM0MzQ2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8yN2NiNzI5ZC1mZjk0LTRkMzQtYWFlNC0zMzg1ZmEwOWM0NGM_UDE9MTczMjEzMTE3MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1lUEJZRVNENU0yWTZWS3VhOVJ5WVVCaWJTeTBDU2gyOU1XbTBoZFV1YkR5SDA4QlYlMmY1QXFpcSUyZiUyYkdVTHlneFN5ZGFNUm55Z2ZYUzdyM2tNd0FDR2haUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3NTA3NjkyMCIgdG90YWw9IjE3NTA3NjkyMCIgZG93bmxvYWRfdGltZV9tcz0iMTczNDciLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mjc1NzQ2NjUxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI5MDEyMTkzMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTU2Mzc1ODgyMyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE0NzciIGRvd25sb2FkX3RpbWVfbXM9IjIzNzY5IiBkb3dubG9hZGVkPSIxNzUwNzY5MjAiIHRvdGFsPSIxNzUwNzY5MjAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI3MzY0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files\JJSploit\JJSploit.exe

"C:\Program Files\JJSploit\JJSploit.exe"

C:\Windows\system32\cmd.exe

"cmd" /C start https://www.youtube.com/@Omnidev_

C:\Windows\system32\cmd.exe

"cmd" /C start https://www.youtube.com/@WeAreDevsExploits

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2212.4768.4286807592672222627

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=130.0.6723.117 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=130.0.2849.80 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7fff0b874dc0,0x7fff0b874dcc,0x7fff0b874dd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff0d1246f8,0x7fff0d124708,0x7fff0d124718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff0d1246f8,0x7fff0d124708,0x7fff0d124718

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1768,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=1948,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:3

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2372,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe

"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.80\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=JJSploit.exe --webview-exe-version=8.10.8 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3520,i,13722793780059443049,9483041556040517820,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,3427166860983953304,15490939996814249372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,3427166860983953304,15490939996814249372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3408 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f0 0x324

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,10880802233864196730,18126556412415136122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 msedge.sf.dl.delivery.mp.microsoft.com udp
US 152.199.21.175:443 msedge.sf.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
US 52.252.28.242:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 242.28.252.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
GB 2.18.190.81:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 82.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 forum.wearedevs.net udp
US 8.8.8.8:53 forum.wearedevs.net udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 172.67.71.2:443 forum.wearedevs.net udp
US 172.67.71.2:443 forum.wearedevs.net tcp
US 172.67.71.2:443 forum.wearedevs.net tcp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.179.238:443 consent.youtube.com tcp
GB 142.250.179.238:443 consent.youtube.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 232.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
N/A 127.0.0.1:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 consent.youtube.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
BE 66.102.1.84:443 accounts.google.com udp
US 8.8.8.8:443 dns.google udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 84.1.102.66.in-addr.arpa udp
GB 142.250.200.14:443 youtube.com tcp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 216.58.201.97:443 yt3.googleusercontent.com tcp
GB 216.58.201.97:443 yt3.googleusercontent.com tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.187.246:443 i.ytimg.com udp
US 104.21.67.56:443 udp
US 8.8.8.8:53 56.67.21.104.in-addr.arpa udp
US 104.26.6.147:443 forum.wearedevs.net udp
US 8.8.8.8:53 147.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 bitware32.github.io udp
US 104.26.7.147:443 forum.wearedevs.net udp
US 185.199.109.153:443 bitware32.github.io tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 147.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 153.109.199.185.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 35.190.80.1:443 tcp
US 35.190.80.1:443 udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\MSIAE80.tmp

MD5 cfbb8568bd3711a97e6124c56fcfa8d9
SHA1 d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57
SHA256 7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc
SHA512 860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

\??\Volume{77a2731a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{14722d2a-75b2-46cb-ae4e-7f508da42dd8}_OnDiskSnapshotProp

MD5 be90f9dcba4c4ce79ba7613b22a9b3db
SHA1 c07a0360df05569459f7ca2621b47c3212f71716
SHA256 6dbd435403fb905cc362e655f197a3b1f5a5c6912006f83038d6b4443260539d
SHA512 eda2d3ccd29729b8df44b23e5f17e8a348bf99a53ce5e1560b6129264d8001e43218c41ae87eb1c3a283503434b15da85d97d184ab6e562e59c1dd29c810e4bc

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk~RFe57d9c6.TMP

MD5 a9c93d23550c8ee84f27e1b5b6f5d50a
SHA1 ae5dff8999485f7b64cb2cbec7a4b618b7fefa24
SHA256 433abf862c97f70a1e2fee52fa6f47c10cc03eea64984aa76e9ec21035e2c258
SHA512 e89a73297431f1bee41226a306f0e518c057f19ef3d195fe4a560324a152e8caf725a766ec6704770f466c699672df7a482d9ca64b0774df52603f1c37ce73ea

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

MD5 2c9f704e046f08697e2b88078a38a51e
SHA1 32a6528499056132db33cb808128286077950f23
SHA256 1b46a5ac1fe01805f97886d0efc6db37532e4acb23268f0358e571ee3c596d31
SHA512 af9e93346f714dd71a8a44ea0489812ec1943233f2082fe82d73955b241c2018252fe4e09bcb03a02128761a1882c6d3def11f553add97f82fc9d11f16ed7a2c

C:\Program Files\JJSploit\JJSploit.exe

MD5 d0d04bc3cb9e341925f36736c7730dc5
SHA1 c958e77cd69768e3753835dbfcb66a903b373c21
SHA256 bc360c4a540aad33bcd8a358566bb4e0844ca36138ef36fb5dd8084d36517495
SHA512 2f04c151d57826a89b52f82c6b8c4ae5c0a45b83556c9aa6c45aa520f312d1a0edd2bb36c90c94b5a4967ea1b498634c4673828ef4afbdb63ab0e9d76609b31a

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 d3539d92577e606595ea92b9ce958549
SHA1 6c449fc3523681913e7f5025317ee7dd13c8217a
SHA256 f31372cfa08479f5a40fbc9df985b39238c81333bef28d7eef50330f62d01d45
SHA512 737f9b3216c0d6666187ff63efe7ff75c12fc0d52146d95d0652f08f71d049c6e555bcf3da10a6145e70e47db81c44daee1d25dd6382b897eeceff75711dd100

memory/2796-67-0x000001CA2CE50000-0x000001CA2CE72000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_igqki1f5.0wy.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

MD5 431a51d6443439e7c3063c36e18e87d6
SHA1 5d704eb554c78f13b7a07c90e14d65f74b590e3a
SHA256 726732c59f91424e8fb9280c1e773e1db72c8607ad110113bc62c67c452154a6
SHA512 495d60ad05d1fadb2abd827d778fe94132e5bfc2ae5355e03f2551cd7a879acf50cc0526990e4ccde93bf4eff65f07953035b93cc435f743001f21b017cbfdfd

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdate.exe

MD5 35a79bd6de650d2c0988674344bf698b
SHA1 a0635c38472f8cc0641ceb39c148383619d221dd
SHA256 a79a81da2b8dcbe39609a9e1b4e8c81ae0bc54195c0c854b77bebe7bfa7f10c1
SHA512 afe33d38785afe489845654ba1c3ed6648b36b1ebe5f98b3d5d4bf24eba3af9bb6676af5a79d2ec570bf2b4b6ae40d14fc3d4b872c5d4577aea40f6d1a26c0cf

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdate.dll

MD5 39ac5a029f87748e964491b97936d890
SHA1 24777aad794a13d0e7381fc6f32f0e1bcdb1ba80
SHA256 ba861524fe648ccb47b7ac57421bb07a6231a7aab5eaea332548511cce6185bc
SHA512 2ecb9b208846f84cd37f37d2100f26358d6c37128efc4010b2e7efc10202dc37b621d0c0138a8b76b23d968da324c685a41b44f4ae30cbbe243581f1904e14c6

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_en.dll

MD5 894b6ea4b49fa390bd70167a75f3ff7b
SHA1 4f834ef6567d02f28390d63c8ca9fd3c735b2140
SHA256 a8dc2b1e32d8d3d2c321c469eed3329f7661f4fc71d14696f97106b5aa6c532a
SHA512 9b4fcbd07dc7f65c34575aaabb7a517198739f7268133f084b101edf99f0b96387f3f0248de1be5252b2466db0bc59036d40e3990d4264bfab89aa01aace7ea6

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdateCore.exe

MD5 dd30f3ff486b830211df62d20348f86f
SHA1 08c7d7407dee7ed20b50e8f1a2cb1b08a9282dbf
SHA256 9d57bdc8b97e75f8a04b93a1657dfd18d4e2f68607783c9bca42140233978fa7
SHA512 af3b48ced7018c7edeabdfa998e51356d57c2d7a846c76629fed0ff2e5db8db79041184c58a5a67a10ec627f53af8e3c80bbffacaecf5dae6d989cecb82e72e4

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe

MD5 c55b37823a672c86bc19099633640eab
SHA1 da5e15d773c794f8b21195e7ad012e0ed1bceb72
SHA256 3df9cd2fecf10e65be13d4b61ca0a9185845f2cb04b872adeaf41ca46af39aa0
SHA512 1252c3fde4aa4ce239103e8df7224afce093a2cbe539bd40347601980a314ea3326ea6ce4c1ebc845c125845969ad65ebca319b9df35a809ef871bad14aaf33d

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\NOTICE.TXT

MD5 6dd5bf0743f2366a0bdd37e302783bcd
SHA1 e5ff6e044c40c02b1fc78304804fe1f993fed2e6
SHA256 91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5
SHA512 f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_as.dll

MD5 16b0c8a664626da016a95fb46fdc9c0e
SHA1 c674b635cd8927511825847f3d86a5562b4155d7
SHA256 b059fc9713d3a41e9a83f0d61f8cce29546d3759def0a7b8e162a13915e51255
SHA512 ec39269fbd9e510d10d665c86b8a8161208b74f919e4fd128e365144d71f2b59d3c48c50b8f017b1d30c711ee4f63668f843539957b4643d2a488c9e17290e75

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ca-Es-VALENCIA.dll

MD5 afdafc9f56401b662f42cef830d92b38
SHA1 b56966370ec07cd676e35d93fad001e0f6b3fb8a
SHA256 03d7a1c0d8810df4b908fcc40c8491df0e3ce19db8ee22e6be79d02fd9df8f72
SHA512 884f9cd99785ea91c5c8e26200bbf0b010ff278b52c5ac590cb73712321a9cdb645e5448bf4cf62622cdb06543b8de4a8e6956a2f6b6677c0b9befb35589d8b0

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fi.dll

MD5 7f47c9b9bc9488754579935209291c55
SHA1 470e590c6f5263a44b95abbd6d0c158fae326d21
SHA256 f0d8c44d909aed479b3e770b556eb3792c0d3ce247defff953a4dd9f7ce4cc75
SHA512 6f81ddd06f6a1c796bbf21143737bfeed8f9ca0ace82a4de00ccf79d7288586376439e0564f1cb128e5e585eaba122d406af8c3a6e3969efdadfe0cf65c3ed4b

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lt.dll

MD5 883f3e1c963322852aa6ce7177ba11fd
SHA1 3da37835cb54a847e3fa2edec45c4589e2c31561
SHA256 c3e3bd953b1035bcb34db9077c41643a503aafeecf99afbc92c9e4326bc6fea5
SHA512 52e7eae669ce211be72ed62cddd43f926c8d581a28a5efc167d1bb9c7f132f40a000cec02c91cd81604ca9f1cbb61952a9da8d09044703a49309a4faf2ff2f25

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lv.dll

MD5 0edaf7aa97694524c60369256b17c9f8
SHA1 48a81d2c180b9dbb970dfc381b204c3e0bf11532
SHA256 74b7ff57e79ee2685709678d55a4b4b414f3fdf77ab1783c0ded0196a126c0fe
SHA512 de1ec10ba23b7f76dae78b6a98a3eee6df1eea424aa9a4800b70ee7b185e5c6a0dd30d0dc950bf7b37a9c07fd7614652258cdccd64413c49647b42351e02e90e

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lo.dll

MD5 b0973b4e4407ea116a723bd7c39c1d45
SHA1 011e9126cf2fd3db3f0f810dc1d8e60891ef0695
SHA256 36e1ea95cd9663137ae49504980e00fbb311023c8f5f6f40f3cfe14a14ff183a
SHA512 574eb8426f774a7ccf860b4f0e324a2cc32581c9aecb834aa25c5f62946d15ef781a9f32feea8cd44e352d4878f3f6b8f097635bddb9df3bf2a443fecd0946e5

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_lb.dll

MD5 9c7c3dec8769f8b33aab63a15f642d81
SHA1 41ab17373c388d005b6d39c3ffc9fd5aac1a75cb
SHA256 c088700c358cfad6bd692233e450b8f4836a30a457c7b047e67681c10aecf2f7
SHA512 86923405fdcb2ebbf9a2dff24847d55bf1cf39550f475b1268e7edf279269e317c09b638b06e29f4d30ba59fd606f4ab5787f7d09da5ae3c5572ad41f3b3fac8

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_kok.dll

MD5 f97d285a3ba35b1395d9868e15bce4f1
SHA1 154dfcb8646bdb02b618dddf8a0dc1cbdab2269a
SHA256 33506ad10fafd8a767afcdd93cab2d91999b4e6468771379d944ff4758c2f5e4
SHA512 bae3152e85cc5e8f96299e7d45be8a85e47ea1119fd4d8d2bcb038ce293dab6820e35bcfffc03c9596b95e716e40711c47682f0c71e308755dc71b4c20c57628

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ko.dll

MD5 6c3abddca78cb3ba9f724bad9fed6165
SHA1 3114daf9295215bbeed0f4bb4e282b46ec1c74ae
SHA256 d47e586aacfa638aab5d681d8b4ce0b42f9d698e213817554b9d42441191d548
SHA512 b37b7c8d7d24ead85389ce445536ef4a68c43e2a55508801ab00e9bee2c2ef428d07eb30b62228d647508dc4f6b0d78b1b8edc25052eff0ec5a9ec87fdbcba1d

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_kn.dll

MD5 1ee9fe48904cb43a9147bf16823b16f1
SHA1 19fd9c0a2a1d919340eefca7956bd84df467b737
SHA256 a65da5bd18d6ac28c45cd11f56f8b868af98e42a69def6199d61235f6fa3d71d
SHA512 b556dff94243eeeb8dfe2c185c67ba7359877b8c0161f8fbe9a37a7e7591b0c8242a0be09255b616ac4f5560a728f1780cf6971c826ee6214a1b28c16551bffc

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_km.dll

MD5 5ef433fe15a877e530ba0a044486f200
SHA1 db1deb37392e001353f5a098d8686a17fc156b40
SHA256 896549adb3d1a38d95e743490cf6f551cac876fa1afc4b07f8eb30ad4d853502
SHA512 97839850a49a09cbc416ba1e8e9570adfcacbfccb70903cf597ad8781c7c3d11fd07e2598dccb7e88da7617e44ca99c62dfb3404c0c2a467641d1a6dcd7e8e64

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_kk.dll

MD5 d9b956ec540d8b1e528d88d8c5e5fdaa
SHA1 bb967aeba493d9ac0b3889f7bbf9136614080331
SHA256 cf008a24b53f2d62516a2944b77fd9be17a4778c0ba1b83a09ef7e83c3cf3901
SHA512 d6d6171c95c07ddef12bc40a5fda756ed3870a06ff2434bdd7abe02407720bff01fab5eb1bafeb7d4b9b661fc364c39de4a9eab01ef39c6bdce6de58ce4c1a06

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ka.dll

MD5 67eb1378381ad4d1a450bd26fe51f5e3
SHA1 ae0655d07a4d0b049ed258de646199f9004963ce
SHA256 b2ecba67a708b9fc75fc4574b72218f64517dea1aeb5ac26400ac554903cccf9
SHA512 1da5356bee3e18f9033b81927368eefb8f7a0742f7f02be9ddf0f3f309d9d4f1ceeb640acac341e504d54c0d0939f1da2bac27645adf404ed2ac48a2846a919d

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ja.dll

MD5 0ff69dde83bf61a768bc63870d687747
SHA1 622714cb8eac68b79021800f28f5874aa23176b5
SHA256 3a3a4d24498f0f533a5f5e4f1364e7e2a1f348dac95f649951131185c64d7bc7
SHA512 e1300b6f2dd5df3385c06fb43de5aa246f3f1da942e26b86023663e07b12104f0e74b2749d4ef2dd60cabfc8eadfe5f131a8bb5ba8fffd6374f9cd4635b4bc53

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_iw.dll

MD5 d92167a825c73bd6246483bfa1787c8c
SHA1 0a96d89226f1e694275922e5e2640bca3d7e7020
SHA256 d477fce0f7fbbe9cf86dbfb724e28c617c8c7c5bea664974593fbf0c032e8019
SHA512 12401ac374d3050f9540a3df6fae71ff8466ed3df2bf007b52eaddfea0d549601b5756477c141fd596bd19367ad30a607160957a8ad1818ff34e6da4125e530e

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_it.dll

MD5 0da1fde56fc0bf63e17a891e99f559f1
SHA1 131d18d7329be3ff21c78a3921b88e910a3d5a68
SHA256 ba936fcce39c889a3cb41569f18019d99429a13e7dbd909d9d26e540ea650dec
SHA512 67aa088ea8c01b11874537ae59c150645b61072e4f2134719e833ca0c4c3cab835cb9c51bff97582280870227d99cfb72f3a0d2069f2a9a86a7f7dbaf29ad2d2

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_is.dll

MD5 28064f47523b575c20fc85733cddf487
SHA1 0c5583888be256c8e09a396e333ad158b5f87553
SHA256 0752855a2e2a69e0f969af6c31102db513dbc390583f07d5df60746721ada58a
SHA512 d96656335024e0228a18148de4d27f354fdc90b62f977042ac20199714ef50bad271a83547d6c6823ec03422a9b598828fdc3b0f1ae81c760a57a2d1f2a543b7

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_id.dll

MD5 c80c6530280315158443cd04f89e9169
SHA1 fb87a9ff3696f0acceee6c8f1e4fb40795a8ae7d
SHA256 52957587efb4d995597541656f38e0edcd4545acfd92e3b81cc72578839021de
SHA512 bee22709e362ade03cf385c9b09d321923cc17a9e7c227fef7717da7405ea7bcc63e6f18b5e3e18e9dc19d5b0d9d4cb32c8548d9f16803959eb13b1189df9815

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_hu.dll

MD5 df2764d7bf9bbc6d4e96301c928566b5
SHA1 1f9adfed63fff6cd144515e8a7fbf8c4131d2f65
SHA256 3dcf3b4acc066674418e30239406abf59b85f9a00ba2a0aa7ca33036caee6514
SHA512 8c1eec6d813fe2266f0e03ce72f504f355f720e0112527fd411abd5e7fea05dd4bfa3ee9a878c882c16e8cd30224727eabc5ab38bd85cf146b21547ade988391

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_hr.dll

MD5 ca9abf92edc001d3c0cea4c926bd004c
SHA1 740513a325a5c15376f4b1aea402e9c54155ab33
SHA256 d6d9e064773b121fbf224252ef6c7d64f239d6b5013c119738a8240cc047e346
SHA512 7171143ee05b0e03bc936fbd98d3a37c3763bc244ffd8ae85e3229b85e13ec6262c3111b93b3a067f3d82f5fa6b6f691438c0e148efd14606cdf5a850e474a7c

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_hi.dll

MD5 274c267b7ee544d36698b2db119a6929
SHA1 27377267ddc09060254033c4aa9916a60a254956
SHA256 ac843711f010925cfdd60c396baafc3ead08584ed4b1b3df57b0c975cefd039f
SHA512 f9073912e9c314efe60f36dd9b2bdb4b1475aadde18e82bec971c447293a4f8dce46abe625bb9cec4dc48280fce3cf3d8175054b70b4e440e89a8c072f4a505a

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_gu.dll

MD5 bb4a1f9374f1c3e0cbc4788a3ce1d4c5
SHA1 30667d6dbaa689db9a08b42acacdf68435dac46e
SHA256 bdbd0882aba924075c40de48fcbbe951ea6a937c0b85541fd6f1fa5701b8e655
SHA512 d0a5260ae123d4698e2f62fdcf97a73aa038b69b200508948185bb5de5f5edb50d6859c9e6e21e84145ceebc144882d0ed5723ce1486e805c26737358ae77504

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_gl.dll

MD5 31276d0895baff6976c94c549efbb47d
SHA1 4f0fe790cecc28823e6359fb3b78dde13cc17681
SHA256 d3bf99db747f3e6a2d541ecab380244c0a33ceef8655383d54e2daff37dc9a88
SHA512 413958104046b85772d4a32550ae3a7a3a50eb66dc35966554123bd9dd15fc7a76fa7511f6d2ac666d8a205a9b58042f68e2322189c2b34d372db6b180b70da8

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_gd.dll

MD5 d64f47e1971f1e9faba211ca984e550c
SHA1 6f4de57c6f174dd778788b138a9b25cf4725258b
SHA256 75fd1c674a460dcdafbbc1429a4c30c9ac28e58527c6f0797c3706012ec19e00
SHA512 722c9f1e5d27d6ac678ca13aa648aa22aaf1121b835fad5209ce3e482471724cf4920390f51c8df2d31c66898def51ad76b0c119f4de831011b56afead2fef7e

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ga.dll

MD5 3ca8dfe9af49bdde95188002ebd5f227
SHA1 d18d7af889c4d03ea417c09bc56069f3f697c547
SHA256 6577e1a60f0fa340dcb70dcf625c877fc9502d122744782708ede0c53ceb56a5
SHA512 a61ba9baa6d0116b769c4add55aefc99a360bf85be7986ab099a424ff7a39ccee18d946128e74e39283629b52aa14821f36fe338c0e17de29694fff5138590be

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fr-CA.dll

MD5 08b6c8f26644370c6dcbee63e4abf884
SHA1 e4981733831c4d31715cad1749545d21dc29acf2
SHA256 916b52a362fddae79461d1d07ff01fd3bb4f7b8916b263d62572a8ad420946d8
SHA512 31f074e494a372a1b961fa9c053b561bae9e52182866a538a734b7589cad550a42b1d88649262a7d265226288084e5ba65e9e1d6d32ffd9292258a9f65e236a5

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fr.dll

MD5 cf3ff14718b5e6125b956d6d9e897196
SHA1 041de2587e03f6c52dba60e9d2459ce33b263eb9
SHA256 d75ece04e40e34beaaf50cce0fef63e52918b5939c9c267fbfd1e6cdcb2a82fa
SHA512 551ed975b1afdc75f464bb742c30f239f9d18aa99bf9140ec0620c938629868b38a952041288244b6e2387748c16546a8fe55a664a9903577b8e484856583ac4

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fil.dll

MD5 20134024ed75deda002dc0839b352f84
SHA1 e67bbd13a320d2b4413b283e165385c44a65ea0d
SHA256 425e0834cb73365cf78a233a5b139e1897961e5225e9cc92ab365b3efbe30d76
SHA512 7dbab9a85d852546ab8c30b3452ab8b200874eb3aac0c862bdaf5c90cc882cec11de536851693f8f115706448e3323c66affbdd7e65257395baf24a0208dc537

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_fa.dll

MD5 ba417f44f7564f1aca70cca9166f3f44
SHA1 d8f064e25038e0076bffcd1a694b58063b7268d7
SHA256 56632098f623cbb58fadddc5c7a889fbc91954f661078501e62517709b8ba703
SHA512 c35ba956e92a2298268bb6ee7a753d6b7f94bdec96118c834f028a0fa45f18b67302b0e20a26d948d1720b04461d3074ae30003bb9028790d9d2d63cb80f4467

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_eu.dll

MD5 ed883bbd9e4b3de4db68e356707f3e67
SHA1 e03dde660c15a614442552f8c4d2cc5dd8425fc1
SHA256 168eb27052a559561af3ed650bc170eb471e53f05b9065f0e229672d040ae1c7
SHA512 ae48fe344b2644380e56a95d98aeb0ffeff7ddf0c914f5d14ef518a4d40bb090fee9a7fd30f7178524bcdec1a2d8fc870b4b40d5d8437e3f2577320262236126

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_es-419.dll

MD5 bcafbabbfc8f810220b2ebdbb8a76d19
SHA1 58703c8355f996f2ce8ae5fd1ce4dc29318fd414
SHA256 7fef9c85b5d7dadf344ff39d82794ed252066cceb2b6531be2a45ee3d84844b7
SHA512 b02820c3088ceae9ebf19ede77e3a406483a3dc13c030860d3818e6e8a163e9f54293fd058ec9575c196d12f1465211ab7feff145faf684be6a8cc251d1c0d71

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_et.dll

MD5 6b03eb5b302e72727977f2431ea7f30d
SHA1 ac5cab93d3c28e46f92d2719638c739c680cc452
SHA256 b5b51fe000e0e0ce42e8dbaf4b8343a5411e2e99440726c747196a02ed736137
SHA512 362e94f79b7726b277cc90c5158d3cc5a0a890bf32e11707f9901233414b3ff22816df78276afa67f0122fc7d6fc2d09dbb1fd8602e3a01f807f93b9423bb463

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_en-GB.dll

MD5 39dc20ae50a0e2ba9c55dda91256b3cc
SHA1 464139f11db3fd6ae77502b183c4b59f581d6c7a
SHA256 e1891a155be133e6dd82cab3f9437bb7f047f0f80689ca724ca4d1d90d1fef14
SHA512 08b8e19528ff007b904f55872935e0de9e06e7cbcb3f3ed751264e3e20a740b477b55c818bf2b0ed213c4ed9cbaba0c8953c19f427be3e8ab8f50c9c86a74bf4

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_es.dll

MD5 3ccb8eab53a0b4c93507bf2adff6ced5
SHA1 25fa2435e97bd0e1cf986a882ce33e68f961c139
SHA256 8bcbd325374a8cc5c1c7ea774382515316473c200baec86a65ae21073fae33b0
SHA512 4f443ded84d74e150a0be3c32edc734ca01298817933a7b1f0e5c5cd93f26987f051c4c306848301e688b9334d134a12bcdcc0ceabe1fcaaca5c4d307c697bfd

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_el.dll

MD5 09cf47260852ff7b2c91c65d127b9314
SHA1 b3d362f3d08f81bd1b719a1c94b54f5f9c9610da
SHA256 eb4344676280f83e6023ddc604ffa42e96eb46e765a216fbc5ecbe49ddb3c920
SHA512 114a21296d8e7e054906139102617e6cd6008337a0877053721553cfed10183f54f890c8071b1cea17bd0b2535589af7aafe5bd1d161886ad7363f89919d7300

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_de.dll

MD5 ce66ef1a806c21949b75055f81cac760
SHA1 3719e4af114a3c0baceb133d152a02bc6a1fb9f8
SHA256 23f5414d554b96db0b93c7dbe27939d294b8061e56c19ab74d59fe9135e81c8f
SHA512 04d9575c866ac28db490a291be3da41f884d3ceadbc9b7077776ea7deb1819277aadcf9c9e1b5afede3e90bafbcb00e6ef0840166228d153be7e8d8d53975593

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_da.dll

MD5 19a7aee0daf68fdc1a24e3228a8bf439
SHA1 1fc6ce227a11245787c80f3932e2c311de2d44bb
SHA256 409cce12be8b7a86313bd1d9e3c6d9154cf0c5735db61d94852a128a746dab99
SHA512 0051119311316d29dbc13ace84c24283aa2eaf1d46459c81ba7b31cc6178b43165618fd7bec17de698b1431ef2b33be179c2c8b1537c1000aadf849e2c888c84

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_cy.dll

MD5 11b92ae8fe94c784480d465a37935766
SHA1 f4ead29d4b20c57bb0e4d16a7488784f61a25972
SHA256 571b0cf8b0383e33393b8b8fa79d1632688ffc2bdde794fff62c85f5e1a3f161
SHA512 b636dec2e1d48916d0c83d2fe45eb24d826c027455cf22ec78e013166e59fbdb4780ebe69de3ab4b5730dae03652d253890917f53fc835aa73f9f75b01dc4f23

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_cs.dll

MD5 8eff4531519a4b768005b9411d4a5f9c
SHA1 59b354e3f32f0a0da8755c27b903803994f4aa31
SHA256 2e9a230a8b8a7fa437a28e2115ebf01178f3209fc0d61eb90160f49c11a16cb0
SHA512 4426ae1e2937e1f6c7364d2f437aeb83d834f9997d28cb1ffb07fe1c448dd954083aa822ff439c886249a387823a23245640a0425dd8c42b75b73912733f11ee

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ca.dll

MD5 15ee7526536790bf77317975896542f9
SHA1 365bc54203b490daa0e24a1c9813d5d99c9de720
SHA256 5e2349af6e02da1c5d18f1b3235fc5099229d2d99e1c5cf2713c21472c151f8e
SHA512 475fd9c0879c8cbc418a66441e3dc026fca983327a95763eddd1537c1f44fdf272d212c69e1b06aad55d91c68379a2beafb2908659d58a61c740731a7d047406

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bs.dll

MD5 5e06d311c2e24b94f378c4d3b3deb260
SHA1 ef7df63f63746eb197c21694ebb21cfb86c0b2b8
SHA256 d2052450e3a3272b302d80af9f2c46b766153267100bc902dcf03a78ec609b65
SHA512 8d73b5265735aa19116cf41bb8d2bdacde5b22b286a56af58068f9579b631b044c155e625f6e1fda12e505f621f245faebe126c2557dd2ec873d7d980f8ba552

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bn-IN.dll

MD5 1e038b27661b303e15a39a55305e86bb
SHA1 35b48fe72d50406063f9145fea64c57f205f0084
SHA256 385665137d0dfee16ed8ef2da5ce28d826d210eb2bde1fa4ef13dac50e4b5364
SHA512 13fcfde6923b38acc2cfa530087d13725a2cabdd2e771d503f4d2f5cff93e8744f142e235dd484244d920d80cb3e7cecbbd731b473f6e509edb39159c51e9465

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bn.dll

MD5 9afe531b6472cf9eb66028e9638584bb
SHA1 6212292867bd59fe376e79988c07f4db8ad26cdc
SHA256 383754fc147dc6ef5f1edd14b60bab6bebf32639dfea718aaa64b2b65ac98812
SHA512 352bec509ccd3ad15a274ddd3ccea43b76eaed885b0e7722235abd95aab8fec1c645722765d76865c1b32ed422a10e6666f220e3abcc5a24268ba94c5cc6b8d8

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_bg.dll

MD5 4b23c7229eb43740744cfbf48c4242ca
SHA1 4938dcf6239e14db53c8f085d3c477905a9986af
SHA256 a7527b867ebc222114b679b2ac542cdc46a75f8bc24e5ca8b7ebc17b7a2963c2
SHA512 4bd8ed0ecacd3f2c69dcd0789ab8ee10dcfd6144b019dd8858c2234bebddfe42c83037fb8e2f934f3320f58796683bed5ab050ba897ba1fa409b6df60f02ec53

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_az.dll

MD5 bf510bb9b7639af7da969f77620b480f
SHA1 17a6693a5d6aea1f3fa6f34abc46daf558cac645
SHA256 2507da222cf6c6dd608da9b569f89f8e11c47b6e16134c767cdc23b7c1f56bd3
SHA512 6cebe80005cb7759ee4fd8dd9ca41bdd073c01e969e1ebe03cb07616921e50516974019faacc2f9dcaaccdc0044eaae57a6a94f3a4a4ce044a781cd8091478a7

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_ar.dll

MD5 b4c28669b9d4e56b094af6062f4db065
SHA1 4c492c03138c8a796cf0673866892b9e0c2073ec
SHA256 7fe494dd265f99f330b153ef69c51c0541016755ca1876788f7f0ede78f9cedb
SHA512 35941ab6f2dcf5f60824d172f75f9f7b8b93e65c7bd8bc441fc32e49cbb414a68d65a02e3479b096f728b2a34d3e85dfd868e8bf95ff9b1a57d10adc3da0022a

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_am.dll

MD5 1903bc250fc269e79c9f7aada2979aff
SHA1 efbf76b1259217c02c138078c56f36b2cb8543ab
SHA256 228fa3e2fcacc78111a8152d6862de2302c024e81cc8b5e3f16e31caf96cfd04
SHA512 9db527c2e26ef691c089f5d1d010298e0f47e2e0420fba03ed18c7c2793b92c5860240b214b5233dddbc150413a2649e9cf4823239b9831930c2804b143ab538

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\msedgeupdateres_af.dll

MD5 2a9524cf8afae49394379d9d9be69206
SHA1 e43d4146f8abebbb30831fbd39a39846bfb7eeef
SHA256 e5a08731963e681b6386c4e85c16bc98452ebc13c4a7de3ff6979125c609d5f0
SHA512 a0111589960cbdcb10b55c17aa82555e44f0f0f173ebad09de6364881138cb35280596f1de6d86b31044427445575630c22079c3585e34729ce461599b8979b1

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\MicrosoftEdgeComRegisterShellARM64.exe

MD5 1723c5e707061e59d769c492a95d5083
SHA1 3b535b7a0df2f7a4ab5e531956dad9892adfb5e9
SHA256 e97ab6dc0ed865aa8606f5c113fd62170341d1a3d63d5618f233aea969ec49ab
SHA512 a4e3bd9ec331a27338c123a9a3ae23619fc5a5b80fc9aea38d23d3b82ca015f47669e0f3e1a6f98e7f464e6bc21e92723a04f72805e45e0dfc81540a2d299a8a

C:\Program Files (x86)\Microsoft\Temp\EUF25F.tmp\EdgeUpdate.dat

MD5 369bbc37cff290adb8963dc5e518b9b8
SHA1 de0ef569f7ef55032e4b18d3a03542cc2bbac191
SHA256 3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3
SHA512 4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 8bfd96969293b604ca9fe8e8e49da54a
SHA1 7ba4fcca8fd51e33405c85d83029132a7bb6c693
SHA256 945f757e38550e5f2600de36f45d631d02aee365828e6e997e0816edbd9945e4
SHA512 a8100ca539542075096c027e054cfea7388fa11ec540e7627dbd2d30a3f6d36229952917c0897574267d4c239d84b7ba21e5ca268cd9da89d94cf5cb92f2be3a

memory/2928-265-0x0000000000D10000-0x0000000000D45000-memory.dmp

memory/2928-266-0x00000000744A0000-0x00000000746C6000-memory.dmp

C:\Program Files\MsEdgeCrashpad\settings.dat

MD5 a720f227a8a405b4198e426e3e800002
SHA1 50da523b1936171806feec847e50ae38c86976d6
SHA256 34deba71fabfbcf739476570ce05d57b0bada27d9a66e299065de1b8d95e33b8
SHA512 530245a483470e8fb38ef87184747273a2b64243f2f0c49edd109c9422d75beae6f90d17a37fa237fab9f4e413262ad714a49d9ece43179424440f2cbe056145

C:\Program Files (x86)\Microsoft\EdgeCore\130.0.2849.80\Installer\setup.exe

MD5 b621cf9d3506d2cd18dc516d9570cd9c
SHA1 f90ed12727015e78f07692cbcd9e3c0999a03c3a
SHA256 64050839b4a6f27d896e1194e902a2f7a3c1cab0ef864b558ab77f1be25145d6
SHA512 167c73cf457689f8ba031015c1e411545550f602919c35aff6fd4d602bd591d34e8c12887a946902b798bf4cf98aadfce3c2de810bf16c7c24a216bfd8abec19

memory/2928-312-0x00000000744A0000-0x00000000746C6000-memory.dmp

memory/2928-320-0x0000000000D10000-0x0000000000D45000-memory.dmp

C:\Config.Msi\e57d794.rbs

MD5 5e0efa02f4affed28ebe0d611740e72a
SHA1 70ade7488503785df881ff50895938537d5b926f
SHA256 1bc389c3d592e3360dc6146dfccf0d79ac79af33c1a72a5a4749d6c9d7d692fa
SHA512 bb3092207617ae73f02877b47ef240c1dec6848423dd97d10548993630c68760535ad65ef06890f6225b5be3472f9947f9d3a9443ac4906a7d8a3c27c3be2789

C:\Windows\Installer\e57d793.msi

MD5 b837d10b9a71425dbf3d62b2cc59f447
SHA1 85c9ba3331f7eb432c28365b0d1f36a201373a72
SHA256 76c83d1bebd6b01bab76d9a94f223e1a3cf20f2040b8d58a12625074e2936f7c
SHA512 f20999d19c470941c85912725d6f89c5073d475572ece92ce5b8e5425cdf012950f230c353870d86469ab6658bdc504abbb41260cb676f109551860433bcb405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 34d2c4f40f47672ecdf6f66fea242f4a
SHA1 4bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256 b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA512 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

memory/2532-364-0x00007FFF2B0E0000-0x00007FFF2B0E1000-memory.dmp

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

MD5 5859c3010de3a49c2c9728334ebc3881
SHA1 4a120e8c39205ce315b2922d8ef38efc071bf765
SHA256 9627b8fe28ead58a2af6f7c3393cb8803be73c584c7e48d5da1f29900f15a14b
SHA512 8449052b7be01842ee1f63bb10fa98252c13f3262a0ddc942f0900008d7dee917649e9ed62c7bd0979c89decf8653a5c72b4043cd669f8054629c1ecbb71c10b

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe58ed68.TMP

MD5 393519f1af9e55ae986dd20d25b60f0c
SHA1 6bd11249576c1fa107834b19a1da33491bbefb3b
SHA256 4ae5bc5a53c1e265a4f940b7e69182cf3956a0c5a1946b30cfbb9ce435e46ea6
SHA512 2d0607ee04c39666a6632a9c1837c1245fd18a7c83eb9359106d9b4d32a1a71f12198dcdc4f5f673a0a217b034ff0bfab6609dd21a5ddaa6ff4ceda7c9014993

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

MD5 2a44be72d76173e8ca5de5b2832f5f62
SHA1 0d55389b0b781f5b0045adf92956127bb47cdd2f
SHA256 4abdded1bf32d347017a65524f82e845e2e62bab72283a12e5e999f0fe3a251e
SHA512 b549b2b2454fe37e62d36d65cfd7d5fc9739af48182a26e71fc5430a2df0ee94874833923168a7247da3e97dce5151ed1e219c69fde76e054f8b7993fdcd0012

memory/636-412-0x00007FFF2A920000-0x00007FFF2A921000-memory.dmp

memory/2896-414-0x00007FFF2B0E0000-0x00007FFF2B0E1000-memory.dmp

memory/636-411-0x00007FFF2A1D0000-0x00007FFF2A1D1000-memory.dmp

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

MD5 68cb44ce8cc9dc1c58f4181850d4d2b9
SHA1 d5f3acc52dfbb4ce3cafbb1d248849a99321e049
SHA256 9d1038b8775c34b130d84c936009c66ba7b08925b24b4e7936273f4cb3572655
SHA512 edb1e44f9bb2393d4d7c5e29fee2be599d5064f669a1754702cc6dd1cf2eaaa51c2ed3b2693534bddb22127cb46a15a3ce2310005bf132356e876fc0d22d9bd8

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

MD5 9f050b208324270e5d8b602cbe2f4f0f
SHA1 a8d29b9e7be559b86f7d300e5628059ee46a429a
SHA256 e8abead14e4690e67190a3c7ad3d1b7f125c373d5996c39d8acc9efe4fa36420
SHA512 e07724eb5d2de2945cfbca1ae4c799714759c228bbbcd03fe0e3a9e9008e62bf3ff715b6a9568d04e29af5639996044a2b8380428495b993ddb6e28ceac875af

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8749e21d9d0a17dac32d5aa2027f7a75
SHA1 a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512 c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnGraphiteCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\DawnWebGPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 66bbbd24ffee5d8fd929497a3613adff
SHA1 67b89e61db3bdc1785d75eced20289220a492ed7
SHA256 597a84c92b8f399363d0f1f9496918eb63fa2f75db409d7620bae10a99842546
SHA512 8b9c8f6447e4b86edaa2e9c9033d42f81170738f607018078d757ab619f3feab375c39529488b8ca6af5afd89c554d102f35d0f92bbe8b0768414864cd14c15e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fd2f2ede-f4cb-4375-aac1-5f5c4e879f59.tmp

MD5 ab695889a0e3dd5be06ab5455102c58c
SHA1 eba802712cf66f375f75061ec9c0dfa05d20fc50
SHA256 71efc4b342f564524892c59570a6368f52dea21d3ba1456e6b74ba7fd2a0caf1
SHA512 d5bf233dda7c2c78f5761fe0a385276e6d7bc2cb2d52ce1238c7bf086d103b3c3ece7b192a9aca781a220e42808f220555aec299ea1c2dd9304769466a6d20ab

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 38cb25da4566a73002658b27e2f97b15
SHA1 b41152a29f89066fcc459ee64b87ed8e7822f2f7
SHA256 807064fd5dfedd85798e0f3f3bd81fefa45f270d89ad7464f35832aea60169d0
SHA512 60a1ca7c1213e89942956bfffd5ab97f4bea1ebc5e3ecf88c25038ff433a30f954a134fd936f9b414dc0bf2dfe933789116c32bbca22ba448a37a800889e1171

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2c209ee4c5e9bb55bec9f5d2bd8b72b7
SHA1 e9ae158285d76bdb262a71ede02d096559f04a10
SHA256 3ffc5acfc4cd846586523bc7bbe1be253cf78f7b37f3db15a53ac3727fb9f2b7
SHA512 3d6c1552fd104fb9f77f3c1f91432f42b775f73a68331e4262a77d568e1b7b30db4d32ce1a8c1c83e8c62aef831c5a284a5a9a0dcbbcddbf7920ee6044f4b20f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c3a6601dc57145d86ea3debd0c0eb41d
SHA1 b0e115572f0d78ad62097ff524b88df9894e502a
SHA256 e7f50392e563c997b36c9c9964e32ee471c28da1d0fd5f925d2f4f3ea2932d7d
SHA512 7e4b2cf6866d72660ee93357ad7b7af97cfceb82cf095936498e74af17a659e74ea33e2370284ab57929fee74c99b4835e2626d4848d0ea78dfd30d28411e161

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d391e8c-9615-47fe-bb16-7bd267b16d63\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

MD5 3e6d1ee734f2c59a262b7928dd130a93
SHA1 a9efdb569a4341a39e82d77e2970db8f4f7db98b
SHA256 8f6fc1dab6a5484c10bc4ad011799a60c9d9db068ec288c9e081f9d4b64f42a1
SHA512 5f6ad7599acb74f19db7f67e8f9d6a02fee5bc7ef6d3d81f3399d269492d0356914a08c03f6404d01ce7a8a31fbbbb0aa9235ea352ac728be4cd6c69d070808c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d3142dc10d5d272cd79bd4c3bdc19be1
SHA1 3b96cf4237ccad4639f415f00d073cded13b1812
SHA256 6ec24190c4dbe378357c19020f9b485788f5bee5738d9aa957b3370d6f97abc3
SHA512 1aac8cb06b49ebbf1079ad01e715ecdbdd964bc140374461ed8aaf2d9bc71cec7fc58dd6031767d0f8a359ac1d653b64193b88ec5a04b64b957dcd18762802e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3d5c8fb89b3f98799daa8bf88f519cd
SHA1 ca5677efc5805c011f74913b3a518531f8d57574
SHA256 338cd9ac3926374c30e8348aea83353c96b392fdd9d0d53a2bbf55f562841566
SHA512 2c22c24196e39599f993903222b94104c1478879b7e88e3d404db72451e7016c58e1f4c347605631376c278402ee74a4c759a155c480bd2e1b9691a2a335fbe5

C:\Users\Admin\Documents\jjsploit\db.json

MD5 41dea3a16884a8a050f599c1b3d3dbf5
SHA1 0d1893892dd3a5211b8dc4b66efae5d3f2c82689
SHA256 e14fda8dd813d96cdeb51cff4e4a5c8dc636b72b7fb075902d88ab587bf19466
SHA512 2c2a88c7d0fa9f32893449d5d8ae0d148793974c0e9f979be1221dce3b7c86a0bc02f3575bd5d2010e0fad20fb9730f707cdddd99fa922b8de67d9f1e7529cb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 126209c01e309a403f255570e284226b
SHA1 ada1467fe34912f6b7efed0bdb9a5c601b029983
SHA256 f5f55b6067eb7d6a31b5da83ea7a22a06b0e8ed8a95be9636442998faa933623
SHA512 4ff66f37516eb2075af27462eb583e6b60208c2c15dbe56f540b495aaa41e5ef71e7aa3c3e5ddcf49350903a1fbbebd224b34b0acb10a4cfea11f14f90e5868e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 26d17376ab0fa49c93986b388b7313e4
SHA1 acb7bd40823a59b223782f934ecdebb1bb8db01b
SHA256 f5f04f49070da4283d4e9a0764bbd537a2f4f79e1e4b5c597220030809b70d12
SHA512 4058fee807e2801ca0975acc12a6c7dd268517377efe577791669b4f00131d29429be1b2082a062c20077aacdc17419ae4a5a579fbbc583bed1b28fbf11a134f

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5954bd.TMP

MD5 5be0b68aa7a6fdb052d748d8a5f4a1f6
SHA1 50d2a2b7c661accc7a3565869c5778d3fe0294c9
SHA256 b2107b7022e498d329a6e82ece5f8d18c2970ea956e922849eb8233fcfc053f7
SHA512 8346f5b0bb8e9dc5abdb6516cf9f787b6f3bbc93f2eca24b76658db2097dcfc814c2b1db861c3d34a9507a01d1dcf67185d19cce61777146d0d4cfc4626906e8

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

MD5 59f8b399cab2e48eb4ea8297ad3acb51
SHA1 6bb456362cd3c01db51ae4985e9acfd453e94708
SHA256 c66685cf2fde83578433ef7ffaa565d434c3b7aa79a8cf0c7078d11262143d69
SHA512 a094f48a5eff3e5210144d6b2682574b805e0b3751988263afc1ea201d53a7b32c0dd701917325071dd284d6b5c26188f74b1233cdfbb9b9ad9acb3d4e0d2219

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

MD5 249ee7bbcfb24af4250518247fe29f66
SHA1 ac93f6495513d64fc486d5bf687fa5f4f1f705e5
SHA256 57da0d74c199c14b7c546b9c131e1b04d430fa32f89854d243176a4f5f3bbf49
SHA512 ac2cd0d840048f726df2ad7b933d060c6009852e79db0594f7da24990549ac7557d3f1e8083c758fe022b1bd3e626beba51bbd447ed5a4e2ab424adcd68c4601

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe5957cb.TMP

MD5 b754daa297859dc54c556ee9786419cc
SHA1 1276c915833a5216abb2c20a8e3e38d98311bbe5
SHA256 0bb44854f7b070b2d4d963372d4966fe6bd58ac5e65ef1a9e76e967f9f80391d
SHA512 aebb35859c566a3ae92613e4da52b91608b61d3b5818bc18644b01f35e163a5facb76d1ddef47c1eeb64051b0eed9558449a87cc91e21f7369e7fc52d72d9138

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fcf7d849b9ed5b93a6f09f60cbf6eea4
SHA1 5d42be50e02627ee641f4de32843f7288f8b1246
SHA256 246b2d5506f0220ae8bd57f589d41a1c89de5f24ba1d3995b1691147fc87aa01
SHA512 00dc6c6ab32f7aaa1a9533dd1132f040cb04b276e5756c7dbb77a471a62689f60cd20038ac439a85afe322ae4d830678d6ee66e30432d78abee691f5fe0c5ea2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595a0d.TMP

MD5 a8065c693d45bef8301aeb703e4d1959
SHA1 96649a3dd8d519bed7284299ab64b843d0b24b79
SHA256 0b053f220e25b574e5f9f8c72fa0948358c409f94321ef66aede55b762abc950
SHA512 65c785f4974032ab9240059981cf2bbed1feb86e1307f5ef89510a0c8a349b0636a0578861461f8d6d4a9f50cd4361cab6a371f0411526a9957df8e561be9e07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b8a00d3-637f-44b5-bcb5-ddd3f63ad534\index-dir\the-real-index

MD5 a796b39e5841408f4bccc1968d19f0c8
SHA1 67f1ea9df364503d54e5b1f4164f5f92d92fb2bc
SHA256 b41e9e851c1530bca766af0e3660ac21269cd8c8f6e4d8590342f6b914949762
SHA512 8661138e8c1d535250ff79694142fff83bd3df1ce81b41907b30f6feb2ae8d02419095577801180c1da3faefea1991c5b8e9870c688d746f4a6c99c630d956a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1b8a00d3-637f-44b5-bcb5-ddd3f63ad534\index-dir\the-real-index~RFe596817.TMP

MD5 13ee7bf693b79ae20dd4a84fe197de4c
SHA1 35043429d38d3dfbcd9eed40cc0a29303a5d50b1
SHA256 8d89ec619ab2ea6a8dde65fc31606307267d64d979e648fabec55208875e5a3b
SHA512 e6105b19e4a43a3aed019401766882dbf107f7661ac7eda4a9212f81d579733eda29736b0fb4cc75cfb050a3a1d07dc20dd2356465710b9fca07c83621dba3b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c375936875a89d10fa541816cc544f5e
SHA1 0e78fd63fd49a6e89bb40cd610ea2786c6637fe2
SHA256 a5f93c3b95c2510d9ce51b4ff295b191c6b269973a201ecf70c4e7ecef1a9326
SHA512 c7b38d35fae3216e32a103d0449547e9c8e6cb22e0877e85a9650377232c9f02a84e15624d5e9a686bce7165b86fa4c75e2708c33bdcd5b642a7ecbdc72a429c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 42e104fe43605e0574be95debb4660a7
SHA1 b2b65b19501a03c72ecbc40a9f144f24dffe30d7
SHA256 d36894c4df13542554d14476c54df66af8c5b83b9156b947a7ec12ae6d9438d2
SHA512 e98441b2e177515630fe35b7a7b688e6b52dcda849ada7b29dbc7426a667df07b08938100e3a6cd45dc7cf62a2b95c7671e09d724a93fe3d7b6784753e7d043e

C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\c8902b69-6b31-47b0-b486-4be0583d6797.tmp

MD5 1a7c5bdb4c4acac333f42260485ee634
SHA1 ca4f70c3f68bc0a8e70a2ae02fdad3ee263cf416
SHA256 b2990e49b1f296dbe4da9777345ea7b62493b8b9e73e96bf5ed6f2065f523a70
SHA512 19bdf40254ba4abb56ad37373f3c5b421c310d06aa15497c97d793b0ca8653db2f58a9c721e8d07f6feab7ca71aa0ca08eb92a50df8f47a7914ab8379537b414