Analysis Overview
Threat Level: Known bad
The file https://href.li/?https://0exploit.fun/Updater/0exploit.7z was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Suspicious use of SetThreadContext
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 01:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 01:50
Reported
2024-02-25 01:52
Platform
win10v2004-20240221-en
Max time kernel
110s
Max time network
130s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\0exploit\0exploit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\0exploit\0exploit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\0exploit\0exploit.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4056 set thread context of 5008 | N/A | C:\Users\Admin\Downloads\0exploit\0exploit.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3016 set thread context of 4996 | N/A | C:\Users\Admin\Downloads\0exploit\0exploit.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 3364 set thread context of 4112 | N/A | C:\Users\Admin\Downloads\0exploit\0exploit.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://href.li/?https://0exploit.fun/Updater/0exploit.7z
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea71646f8,0x7ffea7164708,0x7ffea7164718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\0exploit.7z"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\0exploit\" -spe -an -ai#7zMap16593:76:7zEvent23573
C:\Users\Admin\Downloads\0exploit\0exploit.exe
"C:\Users\Admin\Downloads\0exploit\0exploit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\0exploit\0exploit.exe
"C:\Users\Admin\Downloads\0exploit\0exploit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\0exploit\0exploit.exe
"C:\Users\Admin\Downloads\0exploit\0exploit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\0exploit\0exploit.exe
"C:\Users\Admin\Downloads\0exploit\0exploit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\0exploit\0exploit.exe
"C:\Users\Admin\Downloads\0exploit\0exploit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\0exploit\0exploit.exe
"C:\Users\Admin\Downloads\0exploit\0exploit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\0exploit\0exploit.exe
"C:\Users\Admin\Downloads\0exploit\0exploit.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1956646420237494347,4158102679049956118,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | href.li | udp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 8.8.8.8:53 | 26.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 0exploit.fun | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 104.21.70.228:443 | 0exploit.fun | tcp |
| US | 104.21.70.228:443 | 0exploit.fun | tcp |
| US | 104.21.70.228:443 | 0exploit.fun | tcp |
| US | 8.8.8.8:53 | 228.70.21.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 8.8.8.8:53 | 191.202.67.172.in-addr.arpa | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6fbbaffc5a50295d007ab405b0885ab5 |
| SHA1 | 518e87df81db1dded184c3e4e3f129cca15baba1 |
| SHA256 | b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6 |
| SHA512 | 011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b |
\??\pipe\LOCAL\crashpad_2824_DTZQVVLCRTWOQNED
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 360dd5debf8bf7b89c4d88d29e38446c |
| SHA1 | 65afff8c78aeb12c577a523cb77cd58d401b0f82 |
| SHA256 | 3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef |
| SHA512 | 0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5324c06b1f6760984171e7824f613ed0 |
| SHA1 | a5962ff0869d5f540970226ef3334241f0223224 |
| SHA256 | 840ebb0103a5eb3bcd9c421f9e5c90867a32d54d84db0ef9b826864c577c8d6c |
| SHA512 | d664f08a8771c02704cab177c22d7627a9e9e7cd71e5321c6ced57696281fc571c80c5e7586f9bc81d9b2c787352141b520a16c76c00f0326880e0d48533f94b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2c7c4cd1716988b29016c6dec16868d6 |
| SHA1 | 67a460a6d0c1d264075053ce598c7c128bcfef78 |
| SHA256 | f5e846648c3d58673c092939b18f391c27861aff3c98bc3189ee279cb09e6e65 |
| SHA512 | dedeead707e7ee7b9fdab1f745774b4ad32fb036cb3a530c368b7fcc735589b3383e12218165c3225de04c337b03bdb256f8d6b5901e14a6aa91df4b453a9f76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f658f077cbfc7e84112b3ee5d3075b6b |
| SHA1 | 46c9dfe1e4ee017f6828259e8a83a79591a97394 |
| SHA256 | 1c99e98f28cbcfa5a0fcd7c18ba9674740ffdb038cff88ac8055a3f1df2a1a52 |
| SHA512 | 8bf4a205098dafa6ebc73a8fb967cded9ba09f9ebc78629d11bdb6a93aa091e6d211cdc85b6ea7fece171e8b663e714ac99865b39e927a0e78b18ec0d0b3d397 |
C:\Users\Admin\Downloads\Unconfirmed 857357.crdownload
| MD5 | d4be7cf98d602f320ad4a8459e553e57 |
| SHA1 | ed424d2695e9539176eb6512afbc88bef20c47df |
| SHA256 | 47827940d60426daa0c5a6bd41359d3defc01f22f843df4ff46c1493ed3dc6e7 |
| SHA512 | d6df740717d8fcc4ba3178ee6af825da1bc11ef8400f37aff87d8f539cda15b0fa5f5546f2a0f88a99cd579b3c19c970082db613455cc713b81da1f15a40ea84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\Downloads\0exploit.7z
| MD5 | d04ef6691a882add382565e1b6e341a9 |
| SHA1 | 72123a207a12c859014d0e85e1845dc32409bf90 |
| SHA256 | c999b310d22f497d38482ba2ebdf75be4dd1ffa05850209e64595a3f3b7256ac |
| SHA512 | e9d7f2d7d0ec7e080d3b0ee2bc11bc96d421a07a7e7a25dd5cad020c387ddc365fb0cdefaaab30087213050c0a290600b574b9f8cbd5737e9d5d40148851d4bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a45c4ee25ed4dd86fe000c0b36965e30 |
| SHA1 | cd0c41d93c46f2c34f3fd26e8020e1640fe29126 |
| SHA256 | 971480b9a39b8b899fa3e9647bb2c34f9b6b72138e3bdfeb0f79d769fe111811 |
| SHA512 | b5db65b5efd832481babe53ad86592a07ad3a3b44a1da947d4ea7a218d7821638773b6929a0daf5ef267f39bcf01fb1c200a142d4d345fc5b936006ebadc0ede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | da1f7ef9f4b7a08b78ec1a2ed720b74e |
| SHA1 | 2698d5e597b558e995840ad7fb44c4785813d59c |
| SHA256 | aa7fe6aaa18bea4f1f26ddce486375082080086b880e40d006ab415e23e8d063 |
| SHA512 | bcf2e5730f5c50bf0c1d7380e26b33362f86119293566cccc6b8eb3c86a6dd83030ffd2c926cce8cc6829789a65b18a568a3483db82465b2528427458705b243 |
C:\Users\Admin\Downloads\0exploit\0exploit.exe
| MD5 | d022256db72a3693ce07e0f6e923e20f |
| SHA1 | fe1e078ffc5a37f01a4fc41fff23c4db8d0d812d |
| SHA256 | 3183f04245138a1f53ccddad1daa8f06fa0d53b917405b0f62d456c24b906ca5 |
| SHA512 | 1ea7265e65a7ff17dea743223a084376bf9371631c3a9e708c4e8614594047809c6ddbc89d6439057efa94c5791ccfbe27af857b0fc129f6bf6b46b3ca183220 |
C:\Users\Admin\Downloads\0exploit\0exploit.exe
| MD5 | e2d901375c2c6503a5ccb0a96961c115 |
| SHA1 | be81f4f1702cb53aa0f6aab87c1a81e88fbf375d |
| SHA256 | 199f821fff590ddc62f05b998760a390e86eab2a3818406c2a2841ec4cf20814 |
| SHA512 | 1a0079ef41bd7853868e52f49204de88ba6a621267edc0bd7de1eae28afce3fd0652f252d4db9ec9d909c706373a1342c552d04fcddd81e257c07fb70f6c593a |
memory/4056-166-0x00000000746A0000-0x0000000074E50000-memory.dmp
memory/4056-167-0x0000000000BE0000-0x0000000000C2E000-memory.dmp
memory/5008-170-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4056-173-0x00000000746A0000-0x0000000074E50000-memory.dmp
memory/4056-174-0x0000000002FF0000-0x0000000004FF0000-memory.dmp
memory/5008-178-0x00000000011A0000-0x00000000011A1000-memory.dmp
memory/5008-177-0x0000000000400000-0x0000000000446000-memory.dmp
memory/5008-179-0x00000000011A0000-0x00000000011A1000-memory.dmp
memory/5008-176-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 48fdace4fc6ef5af263c76b79f3091bd |
| SHA1 | fd17305331072baa53a8c9c05ee0b5776fd7192b |
| SHA256 | ec091a337bf1ebd5b07ca50c6fe0738237d54707a5282c5009fbb0be223e2002 |
| SHA512 | f916ffd849d8ccc0eedc16d8e63839d5ffec9b503ab5a5b4caae31060d229d0a59aee8578a4c537c000e849f188213832c66c2f3ca06de9c8d53df323436913e |
memory/5008-189-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4056-190-0x0000000002FF0000-0x0000000004FF0000-memory.dmp
C:\Users\Admin\Downloads\0exploit\0exploit.exe
| MD5 | beb1c175630254d4a10efc757fe0d44d |
| SHA1 | 76ac5a47ce72cd1a7a66134dc6178acc1de191d5 |
| SHA256 | b99a07a5c58e7b8e49747e2bbd184574c93ec2dbca9f40cf42e0092749f3832f |
| SHA512 | b4c2dcc741c1a69763eeeedf88fe2c3f054ca5d8964928a5b99497f84eb33353ea37966cec2fab0e4ead987776227c1ee5efd8e3c5e9e246899b302689f7849c |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\0exploit.exe.log
| MD5 | 84cfdb4b995b1dbf543b26b86c863adc |
| SHA1 | d2f47764908bf30036cf8248b9ff5541e2711fa2 |
| SHA256 | d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b |
| SHA512 | 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce |
memory/3016-193-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/3016-200-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/3016-201-0x0000000002660000-0x0000000004660000-memory.dmp
memory/4996-202-0x0000000000B70000-0x0000000000BA2000-memory.dmp
memory/4996-203-0x0000000000B70000-0x0000000000BA2000-memory.dmp
memory/4996-204-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3364-208-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/3364-213-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/4112-215-0x0000000000B40000-0x0000000000B41000-memory.dmp
memory/3364-214-0x0000000002B30000-0x0000000004B30000-memory.dmp
memory/4112-216-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Users\Admin\Downloads\0exploit\0exploit.exe
| MD5 | 6438e5ee1ad2577bc3d7885aaa313959 |
| SHA1 | 8f9ec9115993c84324301eb2dbded022be8ed45e |
| SHA256 | 9fba006f1f64212cee216811e492cde631b46ba9b30dc091c4928165f5c52b8c |
| SHA512 | 667e5442b5389f3996737391e78f79377ad6ff832969a93edcd64444bd64b73e2521b38da578f64152b81a767487bc544f776fef5badb4e30855697069791780 |
memory/3636-220-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/3636-225-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/1460-227-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3016-226-0x0000000002660000-0x0000000004660000-memory.dmp
memory/5104-231-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/5104-236-0x0000000074740000-0x0000000074EF0000-memory.dmp
memory/4580-238-0x0000000000400000-0x0000000000446000-memory.dmp
memory/5104-237-0x0000000003060000-0x0000000005060000-memory.dmp
memory/2512-240-0x0000000074580000-0x0000000074D30000-memory.dmp
memory/3364-249-0x0000000002B30000-0x0000000004B30000-memory.dmp
memory/2512-248-0x0000000074580000-0x0000000074D30000-memory.dmp
memory/2248-250-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4448-253-0x0000000074490000-0x0000000074C40000-memory.dmp
memory/4448-258-0x0000000074490000-0x0000000074C40000-memory.dmp
memory/4448-259-0x0000000002C80000-0x0000000004C80000-memory.dmp
memory/1068-260-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad814ebed3d0f632a3490e30a1871ad6 |
| SHA1 | 0e584650f713479460d615071812f4e4fe19ddfb |
| SHA256 | 7af2ef372a4ba570ca0d80b6247e25dc0f0828e51797a491eff11b58a9016637 |
| SHA512 | 4247cefd74b080d272f39c4954b7e062c762126f45ac8583cde66e2bae57a0791788d132735d8dc649d1a0235997ece3c9308205ef22bd5070f8a6a774302525 |
memory/5104-351-0x0000000003060000-0x0000000005060000-memory.dmp