Analysis
-
max time kernel
110s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 01:50
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Executes dropped EXE 3 IoCs
Processes:
0exploit.exe0exploit.exe0exploit.exepid process 4056 0exploit.exe 3016 0exploit.exe 3364 0exploit.exe -
Suspicious use of SetThreadContext 3 IoCs
Processes:
0exploit.exe0exploit.exe0exploit.exedescription pid process target process PID 4056 set thread context of 5008 4056 0exploit.exe RegAsm.exe PID 3016 set thread context of 4996 3016 0exploit.exe RegAsm.exe PID 3364 set thread context of 4112 3364 0exploit.exe RegAsm.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 3380 msedge.exe 3380 msedge.exe 2824 msedge.exe 2824 msedge.exe 4828 msedge.exe 4828 msedge.exe 4664 identity_helper.exe 4664 identity_helper.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 3784 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
7zFM.exe7zG.exedescription pid process Token: SeRestorePrivilege 3784 7zFM.exe Token: 35 3784 7zFM.exe Token: SeRestorePrivilege 2096 7zG.exe Token: 35 2096 7zG.exe Token: SeSecurityPrivilege 2096 7zG.exe Token: SeSecurityPrivilege 2096 7zG.exe -
Suspicious use of FindShellTrayWindow 43 IoCs
Processes:
msedge.exe7zFM.exe7zG.exepid process 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 3784 7zFM.exe 2096 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe 2824 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2824 wrote to memory of 1124 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 1124 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4900 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 3380 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 3380 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe PID 2824 wrote to memory of 4728 2824 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://href.li/?https://0exploit.fun/Updater/0exploit.7z1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea71646f8,0x7ffea7164708,0x7ffea71647182⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3480 /prefetch:82⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:82⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵PID:1644
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\0exploit.7z"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 /prefetch:22⤵PID:3536
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2724
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2592
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4588
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\0exploit\" -spe -an -ai#7zMap16593:76:7zEvent235731⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2096
-
C:\Users\Admin\Downloads\0exploit\0exploit.exe"C:\Users\Admin\Downloads\0exploit\0exploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4056 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4672
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:5008
-
-
C:\Users\Admin\Downloads\0exploit\0exploit.exe"C:\Users\Admin\Downloads\0exploit\0exploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3016 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4996
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:668
-
-
C:\Users\Admin\Downloads\0exploit\0exploit.exe"C:\Users\Admin\Downloads\0exploit\0exploit.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3364 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4112
-
-
C:\Users\Admin\Downloads\0exploit\0exploit.exe"C:\Users\Admin\Downloads\0exploit\0exploit.exe"1⤵PID:3636
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:1460
-
-
C:\Users\Admin\Downloads\0exploit\0exploit.exe"C:\Users\Admin\Downloads\0exploit\0exploit.exe"1⤵PID:5104
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4580
-
-
C:\Users\Admin\Downloads\0exploit\0exploit.exe"C:\Users\Admin\Downloads\0exploit\0exploit.exe"1⤵PID:2512
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2248
-
-
C:\Users\Admin\Downloads\0exploit\0exploit.exe"C:\Users\Admin\Downloads\0exploit\0exploit.exe"1⤵PID:4448
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:1068
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42B
MD584cfdb4b995b1dbf543b26b86c863adc
SHA1d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce
-
Filesize
152B
MD5360dd5debf8bf7b89c4d88d29e38446c
SHA165afff8c78aeb12c577a523cb77cd58d401b0f82
SHA2563d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA5120ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542
-
Filesize
152B
MD56fbbaffc5a50295d007ab405b0885ab5
SHA1518e87df81db1dded184c3e4e3f129cca15baba1
SHA256b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
245B
MD548fdace4fc6ef5af263c76b79f3091bd
SHA1fd17305331072baa53a8c9c05ee0b5776fd7192b
SHA256ec091a337bf1ebd5b07ca50c6fe0738237d54707a5282c5009fbb0be223e2002
SHA512f916ffd849d8ccc0eedc16d8e63839d5ffec9b503ab5a5b4caae31060d229d0a59aee8578a4c537c000e849f188213832c66c2f3ca06de9c8d53df323436913e
-
Filesize
6KB
MD55324c06b1f6760984171e7824f613ed0
SHA1a5962ff0869d5f540970226ef3334241f0223224
SHA256840ebb0103a5eb3bcd9c421f9e5c90867a32d54d84db0ef9b826864c577c8d6c
SHA512d664f08a8771c02704cab177c22d7627a9e9e7cd71e5321c6ced57696281fc571c80c5e7586f9bc81d9b2c787352141b520a16c76c00f0326880e0d48533f94b
-
Filesize
6KB
MD5f658f077cbfc7e84112b3ee5d3075b6b
SHA146c9dfe1e4ee017f6828259e8a83a79591a97394
SHA2561c99e98f28cbcfa5a0fcd7c18ba9674740ffdb038cff88ac8055a3f1df2a1a52
SHA5128bf4a205098dafa6ebc73a8fb967cded9ba09f9ebc78629d11bdb6a93aa091e6d211cdc85b6ea7fece171e8b663e714ac99865b39e927a0e78b18ec0d0b3d397
-
Filesize
7KB
MD5ad814ebed3d0f632a3490e30a1871ad6
SHA10e584650f713479460d615071812f4e4fe19ddfb
SHA2567af2ef372a4ba570ca0d80b6247e25dc0f0828e51797a491eff11b58a9016637
SHA5124247cefd74b080d272f39c4954b7e062c762126f45ac8583cde66e2bae57a0791788d132735d8dc649d1a0235997ece3c9308205ef22bd5070f8a6a774302525
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a45c4ee25ed4dd86fe000c0b36965e30
SHA1cd0c41d93c46f2c34f3fd26e8020e1640fe29126
SHA256971480b9a39b8b899fa3e9647bb2c34f9b6b72138e3bdfeb0f79d769fe111811
SHA512b5db65b5efd832481babe53ad86592a07ad3a3b44a1da947d4ea7a218d7821638773b6929a0daf5ef267f39bcf01fb1c200a142d4d345fc5b936006ebadc0ede
-
Filesize
11KB
MD52c7c4cd1716988b29016c6dec16868d6
SHA167a460a6d0c1d264075053ce598c7c128bcfef78
SHA256f5e846648c3d58673c092939b18f391c27861aff3c98bc3189ee279cb09e6e65
SHA512dedeead707e7ee7b9fdab1f745774b4ad32fb036cb3a530c368b7fcc735589b3383e12218165c3225de04c337b03bdb256f8d6b5901e14a6aa91df4b453a9f76
-
Filesize
11KB
MD5da1f7ef9f4b7a08b78ec1a2ed720b74e
SHA12698d5e597b558e995840ad7fb44c4785813d59c
SHA256aa7fe6aaa18bea4f1f26ddce486375082080086b880e40d006ab415e23e8d063
SHA512bcf2e5730f5c50bf0c1d7380e26b33362f86119293566cccc6b8eb3c86a6dd83030ffd2c926cce8cc6829789a65b18a568a3483db82465b2528427458705b243
-
Filesize
9.0MB
MD5d04ef6691a882add382565e1b6e341a9
SHA172123a207a12c859014d0e85e1845dc32409bf90
SHA256c999b310d22f497d38482ba2ebdf75be4dd1ffa05850209e64595a3f3b7256ac
SHA512e9d7f2d7d0ec7e080d3b0ee2bc11bc96d421a07a7e7a25dd5cad020c387ddc365fb0cdefaaab30087213050c0a290600b574b9f8cbd5737e9d5d40148851d4bd
-
Filesize
146KB
MD5d022256db72a3693ce07e0f6e923e20f
SHA1fe1e078ffc5a37f01a4fc41fff23c4db8d0d812d
SHA2563183f04245138a1f53ccddad1daa8f06fa0d53b917405b0f62d456c24b906ca5
SHA5121ea7265e65a7ff17dea743223a084376bf9371631c3a9e708c4e8614594047809c6ddbc89d6439057efa94c5791ccfbe27af857b0fc129f6bf6b46b3ca183220
-
Filesize
287KB
MD5e2d901375c2c6503a5ccb0a96961c115
SHA1be81f4f1702cb53aa0f6aab87c1a81e88fbf375d
SHA256199f821fff590ddc62f05b998760a390e86eab2a3818406c2a2841ec4cf20814
SHA5121a0079ef41bd7853868e52f49204de88ba6a621267edc0bd7de1eae28afce3fd0652f252d4db9ec9d909c706373a1342c552d04fcddd81e257c07fb70f6c593a
-
Filesize
37KB
MD5beb1c175630254d4a10efc757fe0d44d
SHA176ac5a47ce72cd1a7a66134dc6178acc1de191d5
SHA256b99a07a5c58e7b8e49747e2bbd184574c93ec2dbca9f40cf42e0092749f3832f
SHA512b4c2dcc741c1a69763eeeedf88fe2c3f054ca5d8964928a5b99497f84eb33353ea37966cec2fab0e4ead987776227c1ee5efd8e3c5e9e246899b302689f7849c
-
Filesize
75KB
MD56438e5ee1ad2577bc3d7885aaa313959
SHA18f9ec9115993c84324301eb2dbded022be8ed45e
SHA2569fba006f1f64212cee216811e492cde631b46ba9b30dc091c4928165f5c52b8c
SHA512667e5442b5389f3996737391e78f79377ad6ff832969a93edcd64444bd64b73e2521b38da578f64152b81a767487bc544f776fef5badb4e30855697069791780
-
Filesize
1.3MB
MD5d4be7cf98d602f320ad4a8459e553e57
SHA1ed424d2695e9539176eb6512afbc88bef20c47df
SHA25647827940d60426daa0c5a6bd41359d3defc01f22f843df4ff46c1493ed3dc6e7
SHA512d6df740717d8fcc4ba3178ee6af825da1bc11ef8400f37aff87d8f539cda15b0fa5f5546f2a0f88a99cd579b3c19c970082db613455cc713b81da1f15a40ea84
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e