Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3JJSploit_8...up.exe
windows7-x64
7JJSploit_8...up.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3JJSploit.dll
windows7-x64
1JJSploit.dll
windows10-2004-x64
1JJSploit.exe
windows7-x64
1JJSploit.exe
windows10-2004-x64
3libcrypto-3-x64.dll
windows7-x64
1libcrypto-3-x64.dll
windows10-2004-x64
1libssl-3-x64.dll
windows7-x64
1libssl-3-x64.dll
windows10-2004-x64
1resources/...bot.js
windows7-x64
3resources/...bot.js
windows10-2004-x64
3resources/...lip.js
windows7-x64
3resources/...lip.js
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 14:26
Static task
static1
Behavioral task
behavioral1
Sample
JJSploit_8.4.0_x64-setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JJSploit_8.4.0_x64-setup.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
JJSploit.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
JJSploit.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
JJSploit.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
JJSploit.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
libcrypto-3-x64.dll
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
libcrypto-3-x64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
libssl-3-x64.dll
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
libssl-3-x64.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
resources/luascripts/general/aimbot.js
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
resources/luascripts/general/aimbot.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
resources/luascripts/general/noclip.js
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
resources/luascripts/general/noclip.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
uninstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsis_tauri_utils.dll
Resource
win10v2004-20240802-en
General
-
Target
JJSploit.exe
-
Size
10.4MB
-
MD5
cf1abbdf344fbd0d14934c620de5bb16
-
SHA1
d6646330f3be032a8a16945bb94a412c7d2b29a0
-
SHA256
d3178284048fd809f2cf63a96cca1af122722ab29768d71b6c1152a233490dad
-
SHA512
194ebb98531dfc41b9777724d98d81980454c4cd1fb08219285de0c3c3ac36c358af9937f890751490ff1fc3ed41205e04aa8851509334e75d36b16f150e89d7
-
SSDEEP
98304:vtxARZ0toLC0XbUMhemGs0ITIECwa99bUHpr8U7Y5T7RTGT8C4gCI3s7:vEEo/eGY9bUtP78RTC8ws7
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4108 msedge.exe 4108 msedge.exe 2920 msedge.exe 2920 msedge.exe 1324 msedge.exe 1324 msedge.exe 3280 identity_helper.exe 3280 identity_helper.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe 916 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1636 JJSploit.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1636 wrote to memory of 3208 1636 JJSploit.exe 84 PID 1636 wrote to memory of 3208 1636 JJSploit.exe 84 PID 1636 wrote to memory of 3708 1636 JJSploit.exe 85 PID 1636 wrote to memory of 3708 1636 JJSploit.exe 85 PID 3708 wrote to memory of 5084 3708 cmd.exe 86 PID 3708 wrote to memory of 5084 3708 cmd.exe 86 PID 3208 wrote to memory of 1324 3208 cmd.exe 87 PID 3208 wrote to memory of 1324 3208 cmd.exe 87 PID 1324 wrote to memory of 4196 1324 msedge.exe 89 PID 1324 wrote to memory of 4196 1324 msedge.exe 89 PID 5084 wrote to memory of 2432 5084 msedge.exe 90 PID 5084 wrote to memory of 2432 5084 msedge.exe 90 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 5056 1324 msedge.exe 91 PID 1324 wrote to memory of 4108 1324 msedge.exe 92 PID 1324 wrote to memory of 4108 1324 msedge.exe 92 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93 PID 5084 wrote to memory of 2780 5084 msedge.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"C:\Users\Admin\AppData\Local\Temp\JJSploit.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1636 -
C:\Windows\system32\cmd.exe"cmd" /C start https://www.youtube.com/@Omnidev_2⤵
- Suspicious use of WriteProcessMemory
PID:3208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Omnidev_3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff305346f8,0x7fff30534708,0x7fff305347184⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:24⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:84⤵PID:2636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:14⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:14⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:14⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:14⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:14⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:84⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:14⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:14⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:14⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:14⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12655583816230985113,5850915079292523194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:916
-
-
-
-
C:\Windows\system32\cmd.exe"cmd" /C start https://www.youtube.com/@WeAreDevsExploits2⤵
- Suspicious use of WriteProcessMemory
PID:3708 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@WeAreDevsExploits3⤵
- Suspicious use of WriteProcessMemory
PID:5084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff305346f8,0x7fff30534708,0x7fff305347184⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11213031339089786282,13327830710711216005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:24⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11213031339089786282,13327830710711216005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2920
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2068
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5efd6dd52295dbe997d9d39b0b16be6c7
SHA18cc08e8fe1ede89e640afe34956623db49c64c55
SHA2569a6b8fefb9eec21e2137f9040b0dd5c3aa5a7fc001b0bf32eb6b39273ed092c9
SHA512616636fd7a1dee57ea05afe618bec27bab075a512d7682e7f71162be0bc17fea8a03a352e4b80008657023db2746c8947a0e449405b250d750c35e70c2ba17b0
-
Filesize
1KB
MD5b6b5340eefc6d1b28ea1c47509556875
SHA1645e6d196f9cc41d8271ca0a53c6f3ca703ae5a7
SHA2566b6977b56699b8aa1dbbad902e1907bf3c6a7b80202ac3a6f18324046ac05e59
SHA5129ef7c40a5a0d91305e3753ca97d4db642b7f4aa0fec70b4e2c8c6018beabef2f884735fda6632634fa6b31d8b701d2f429f788849e4c41d6cef19b0b5493bf6c
-
Filesize
1KB
MD5c478304d6174e49d5a766378a635546a
SHA17a67e4fbe9ff001979d01f7ea6d8f020b03899e1
SHA2569c68fc219d0173b25bccf1b270228bee6a73cabf8b71d64a92f34929bb01877c
SHA5123ee16be936ece2260944e8910a7f7941082fb40e9b8b334af1e88ebc2c01360cfbd2adac0586db4b0e3cfb3fc5c6f6d00ac5f546f6b56e3045c81cedbef09d0c
-
Filesize
5KB
MD52fc6a0772d69afa8eb191e0a88b3220d
SHA1d046d8b3007104697f3a01aa7965549dd77d1f34
SHA2560879e91a32f98bef99e500207f45de73a82fb65dc8493df3f658f46a86ee22d9
SHA5121c4b8906633f6f2c5bb5eefcf3e45d34d472b948f7d9a1e7b58a6f41fa3ab8dfbc39a0b2919c3593168718f77cd93a76699483bb326207fbf870c92a3c3b25c8
-
Filesize
6KB
MD5c70a16f7e17e92e594fb8771853f3df5
SHA1ca428d61f8f2fac3cc617bd81567be276d21ac1a
SHA256691812fb749f3837a92a7310dc2c7ffef2b1e8e2eff93603bebefd3c8ac05ecd
SHA512996ea79f4aa95596b841a75546f0906606db70c399c36a4c80515727a2eaf8d53ffffe8c476c7bc8a4b124b5f1163ff7040d2d6c2d63f269e2c8e6d2cf1cfd2c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5a544bb0ff9fce96b3c5a56798467af62
SHA13d5ee5384701861d1e34b6a8f408a4f800ca0de1
SHA256ef1422d31ea9da95dcaec59a4d772873816a769694791b0a4498d50cba432a6f
SHA512f41eb7e7d6d534ddc00ced1573c6983da9a8abc6a53fca02bf5d1b1302c9e223cdaedaf75e5c581a5b41d6ad6a0b47494c26eca1c54ca52140277d6eaedba935
-
Filesize
10KB
MD59070c76b3a98f131c814f40d81df85a6
SHA1f19d44b73c2730f50e50fefc2d622ecc4c641852
SHA2561649747e53173d99db1dc56af87dd160f55a68dbb0c7bfa33de68f6d1b3c4336
SHA512a93274dcf547c9b355859e87c46a5c14e93c82b5f6cf867d608c314ce85badc0aec7ba29456cd8e20cc46809f26ac73f74bda40a46ac9c7eb6724040fc12b68f