lumma | hxxps://github[.]com/ayhantunay/Project-Zomboid-Cheat

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ayhantunay/Project-Zomboid-Cheat

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 1 IoCs

pid	Process
4992	EtherHack.exe

Loads dropped DLL 1 IoCs

pid	Process
4992	EtherHack.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4992 set thread context of 3140	4992	EtherHack.exe	131

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EtherHack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
2692	msedge.exe
2692	msedge.exe
4988	identity_helper.exe
4988	identity_helper.exe
3040	msedge.exe
3040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeRestorePrivilege	2404	7zG.exe
Token: 35	2404	7zG.exe
Token: SeSecurityPrivilege	2404	7zG.exe
Token: SeSecurityPrivilege	2404	7zG.exe
Token: SeRestorePrivilege	4072	7zFM.exe
Token: 35	4072	7zFM.exe
Token: SeSecurityPrivilege	4072	7zFM.exe
Token: SeDebugPrivilege	2068	firefox.exe
Token: SeDebugPrivilege	2068	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
4804	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
3748	OpenWith.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe
2068	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2668	2692	msedge.exe	84
PID 2692 wrote to memory of 2668	2692	msedge.exe	84
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 3768	2692	msedge.exe	85
PID 2692 wrote to memory of 5108	2692	msedge.exe	86
PID 2692 wrote to memory of 5108	2692	msedge.exe	86
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87
PID 2692 wrote to memory of 2076	2692	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ayhantunay/Project-Zomboid-Cheat
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa388d46f8,0x7ffa388d4708,0x7ffa388d4718
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6664015139445803002,583411877928096728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4804

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PZBuildBeta\" -spe -an -ai#7zMap15796:84:7zEvent24378
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2404

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\PZBuildBeta.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4072

C:\Users\Admin\Downloads\EtherHack.exe
"C:\Users\Admin\Downloads\EtherHack.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4992
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3748
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\PZBuildBeta\Debug\Cracker.dll"
  2⤵
  PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\PZBuildBeta\Debug\Cracker.dll
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2068
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2edc66e-df83-4e59-aae3-fcf3edc0dac6} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" gpu
      4⤵
      PID:4520
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1168b4ce-5154-4141-88cd-a5a6aa8e11dc} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" socket
      4⤵
      PID:3992
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3348 -childID 1 -isForBrowser -prefsHandle 3340 -prefMapHandle 3336 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0298824c-f851-499f-b208-f5a52dc8bc95} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:1332
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1620 -childID 2 -isForBrowser -prefsHandle 2936 -prefMapHandle 3328 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b90001d5-9e5c-40b8-be3c-7e14f5b5c0d9} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:4032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4916 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4920 -prefMapHandle 4984 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2bf8ff5-1a7e-42db-8de1-124eb17c3fbb} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" utility
      4⤵
      Checks processor information in registry
      PID:1080
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 3 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e10ceacb-ebab-4376-b015-c55937f476b8} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:3516
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 4 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e290319-dc2a-4c35-b870-4fb9c7e6e6ce} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:4328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5828 -prefMapHandle 5832 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f71595b6-e40d-4b3b-8048-a1b5b092e09e} 2068 "\\.\pipe\gecko-crash-server-pipe.2068" tab
      4⤵
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a1aca28c18148caf203899c1321eb03b

SHA1
c3db9f05312396d052ddb546f23b8e2a2158e83f

SHA256
d5fb36418b1ec42f5b02075a0444d4051cdf18aa679760782784dfb9c9e5c12d

SHA512
0657e47de6b2ea94fdb5c609d0fe5df2cdcbae3fb405a5b5f555b527be81ce2bcf1d0482eceb9fac047ac2c51c3900db40ec5d2ac99748771ad9cf632b55736c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
cb2c9697111e87008354d236d31950de

SHA1
eb6d7e2156462d483ae9e8715da74e96fb7056d7

SHA256
56eb573349bb23d498705ea5ee72a995c8d064a214faa251347be97483352b66

SHA512
dc172f2670b50b84d72fdb0351cf0da29c62862fdb19076b06dfe4d6f9aeab7db2c4ba45842112f9b5264b8afabd0eafb6f590165d5f47e0c2a72f096d74cccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d15f2f2dedbf06895432d0da51a7b5d9

SHA1
d47349ab7967909aa7a731e611fb2d8497501bbc

SHA256
4510e98393fbde39f289d70f5461f7b68319320ff6397a81ffbe2ad5a568c382

SHA512
75c67d63827d7e964f25a79b040fc640b692b0960473f4eef66375ea8c77398d536949d24283eb4d65363f23b79e451f6a497cb0c64108cd6cad85043f6fa39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd89bfe344bc1abcdb83c5d48b2c5d1e

SHA1
048b34ab07ab9f9b5e057ec2ac1904d44eb66428

SHA256
7cb9eafaffeca03a95836f1464eb77a9102b158e3543895ed17d8232a3737f2d

SHA512
b663f0fc5bb5a03d358769a5faf1282ec76acd34694ecd7db65d93ca86d1939502fc4b6e3e9a2e61891c12777b9a56c6ce34c117e5765bde4b781b86a736766a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7583fb811d4c3be28289e9a0ef8a2415

SHA1
974a5546aece7673deb107a10959c38c27955302

SHA256
c12262e7c8e973e9b1f09a01ea3cf15846b707186de41dd1c5ff179c2bf94e77

SHA512
2647b2651f98bf781b573c66044ab85c07dc72c8bb2d6415e1420a3c7fad2b20c4b49c2af15f01a6d94525c76f48b343192ae6a525edefde781a76d22cc5c387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fff3da1a13bfd21385ac4e3d7a42abc1

SHA1
96c6dd046eb57b0327ed4697bbb179cc78aa0257

SHA256
42c9537c9e612d5073695baa20e0ca973d9002aa6a3e9dd3f9ab8376abcf4faf

SHA512
21f3ce57a64ea0a369776b98455bef17d6402c60eaad1ddb5e3a8e8d730fbe8769ceba965fe5ba4a81c77dc198ff01e2b8167d96ebffc6f82b72c44eccc9049a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d77407a33d7e81b36b38ea75bd0e192d

SHA1
d3d357f217b9262987678ebed98b05095fc66609

SHA256
a796a3b907e69788e64dd4127d89c32d6172bf06280484747c3de66f425f0f4a

SHA512
c7b21d94f8ea403a2c73f6f077d104c8e85a851922d49a515938465cb38dc5326e26161c7234e27cf900f9b67cc70f35202f03fcfdfd14297c8489642b8e1a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ee8fe29e13cd92c21582ad6ac0e8853

SHA1
8d3488df238cff1bd2ddf8d8a927ebb9bc7d34bf

SHA256
38c8f4430e339e182e90e1447fff1b007c87a6a36ae73069ecf0009c2d47ab8e

SHA512
4b1ee3d0aa5453d316174cdd2077732926c03fdf72ea264d8b2b7034c0db01ae000eab352c82d2548078641db9399ca858db82e7656fcf9005393ecb97aa5394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58078d.TMP

Filesize
1KB

MD5
b8225088e202c7bcf5a1d94555ba7482

SHA1
282e43821a13e9857a948987eda6a2c6d6423234

SHA256
3b4b31d116cd777418eff6983359abc34c615fe0557ceabe2be8905d353aa39b

SHA512
2482824e035c4d05bbf98e711472c8c4a17611b80fad67a8297f67fd25ab8ade146661907c7d2c2ee575cda26957273c3197f43004542eb5f1269d0e34801a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c13e7fdffa34d4e5cb95047250b8798

SHA1
33c2edc96b8d2581b64920e3aa5984d62589f546

SHA256
2adaa6bf4ccda97e53d348e2cf7841926c158f042df2a1f6f80782a736c8a629

SHA512
6472931420444656ad0fe4e65ad1748204d22b138a42ace46a6823353db8007468fcb6f4f2fdc82b5dffb1f51074e9fbdbe08ee87836f2efc09ebdcb66242253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4b473db0dabe386be9833ffa5672f5a

SHA1
c128a8a2baf3e9e07ddf12bbb89f8050c97e59e1

SHA256
f859c1f8bdaa70a94bed93c7659c4418340da1b715d3f2bad1c7cf75dd5671d9

SHA512
768c41b275f29714513857aaa9e5be7313bb0218fad6495260eb8bc757d00a24f64a1bac8a5b7fb1346cefa731d3e8ff60d0d6cc812e4d9cf007d42fa5095957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d5ec0c02-f5ee-47f1-a789-05bbf3813129.tmp

Filesize
10KB

MD5
21f0fc824fdd56e0bd1644a25ddfe2c1

SHA1
68a475be9b24f4e4207ca478b5ccc65899582f7a

SHA256
234d1af92d242e7dfe7cb8508332ae442aeb2b9ae463d23663ed0191f1bfec80

SHA512
ee67a2188d9b29991ca1b5ad80fcbbe0efe984288d3b8ea699adc0a20822d5d2581c16cc7eb1ff56fb84e443a918de71ed69bb7ec68aec80085cda97447a12eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
28KB

MD5
799131570f530020997db2c0714a9e1a

SHA1
b9d885485dfc8923a71f176fb5126534ed14907f

SHA256
ef5dbfcd28e44080c6de5f5db0e0552e26c4d810cd3dc72e50e74b199d43ed6a

SHA512
0dbbc4191cc712c58628e999913aa87e2e1859f4bfd1cd570e34358ddd30f15f6470d6ecb144017747b57c76738fc65cea7006baf87cfb95c1cefaac0f6dcaa0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
adb91fc46c01d27d9324b18961e5b1cf

SHA1
d2aa136bd7d993b2e205f62934f05044d61e5c46

SHA256
b48cc78521e220f50186cbfa4c356ca02fc3540f3ef24bd710d7222b1cfeeed6

SHA512
5c14c07e5c2ba89bcd07bf05158fafbaa4a0a2cf592ccd0f1f5b5f69b239e9fabf3e795a298aece7100f95ee5a531827ee1a1e912c7e6f7189ebf3cbd9d3be16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
8e11a2f743d935f3f0f8c71a78c3725e

SHA1
a7648dcff2b2c77c2333dee1e878de3e972daeec

SHA256
f003bb4fb2d90504ea9e9c288431e4eb9a269e7fe5ae3347a5589ac4eabeda25

SHA512
4629dd7673f1e3d9b821c19aa8284e64cd91cb8f1a2c3d967446a8840ec363eb23f1d0662ea2535535f732e43bda77824bb9647d591ce07eb8d64988fb05c2d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
c39e23e5d95110ff8b26622d1494799b

SHA1
530b0e4177ff57dddcf4d410d64dce42282c606d

SHA256
aa951b0cc231b47464cc89ea484f7bfbb9423cccf80982d538d7db9441f3b298

SHA512
088dc01877426fc3588551cb4ccd91e979135ff257392d0093b988903e889c523e33aaf22aa33c36fa7f8047127ebea567d00b16cacfcca95b9cd9b8f4f45db0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\27188c68-1d41-48f3-a835-904a201dc215

Filesize
982B

MD5
b23f03193369cffd272e6563a7e0fe02

SHA1
b5e42174fa2c4d4a2734495c00d2b13d46cc4ea4

SHA256
3bba39e873d9911cdbb1cd6ab979e8223f61cd5a45e5ca762912d31b03ae1cbc

SHA512
01d24c96cabdc50614f868a0a80659301331c03e977e6d0b65757af872a0ca036c30f41b499119579bb4107fb5ed028b286a6f90cad8f5ba86472d1b26763ead

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\36f22fa4-c076-4e34-a401-2ce2b0705561

Filesize
659B

MD5
82d895725ac41cdd587cf8d4a3a31997

SHA1
49688dd4646b3b853f8edb6d206538663ad76361

SHA256
67d6bf101bcc48aadcd0ec85398968b950ddc84ca6fe13f1abf4dab12a8840a6

SHA512
c5d804b13929e1c036341b6122b38f88d674ea3f899d55900e2398165c461fb488620efbdcb9433d0f6bd0ec90146eb2333d5180277a4f5a85543398338a4d44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
fb2a8d41b35395f87a7446b151a4e463

SHA1
c4d05f781b949f2bc830b37d22f912b37ec91651

SHA256
1601e7918b1addf866a73f397eea396248f2646ebc830fd5126145d8b45caf57

SHA512
86add34d6d935e4d7ab6d38e0aef254352203d57f47e9671301dc7ebccb4c0caf8681b27f9b3d648c35d069aa99f153b8c97d427b1541aa4e3797d41ace9e9d5

Download Submit
C:\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
460KB

MD5
465aaa74a942127edf718ff4dd375b67

SHA1
3c5b22974b24a109a92c8922a1861a1b9583468d

SHA256
6d2d49a819448ba3e7711c9ab99bee2e95cbd12ba9f46e75b39cdccfbb54f8f1

SHA512
fbb1e6574301e2a15a24fa2032de7e01a9aa50286244c0f66f9c8bc93ff18f7c30bbc1c56dbe4404e87f03c28586c42f7448974db047a5c45eea670b32fdc2ea

Download Submit
C:\Users\Admin\Downloads\EtherHack.exe

Filesize
519KB

MD5
d1c3e266a5099474819acbf7d7d02853

SHA1
99afda7975f56cadc20da5b58201f99a268074fb

SHA256
afd590716a507b81ae1f2495770e2677c53dffe26edae85e02055f45063eb865

SHA512
428f93d61812b9696c78dc97899536ef6c0419d6139ea3117f025528262d715eea08dd72b0cf40097e0bbb1ccae0e250d31d3ba6fc2cd984f75e4105716d682b

Download Submit
C:\Users\Admin\Downloads\PZBuildBeta.rar

Filesize
44.8MB

MD5
948bfaaba55ba2190273d95116a6908e

SHA1
13d0864804f64b8d9d98d176c1262a641110e29f

SHA256
4ffd379cb4e65ed04581499159f91f3b773e5fffb4f3389e2949616dda7a1e37

SHA512
974d67f401c0c19cf826e1421585a65e7dff66882bae42a5433506e0764b3d905543b34d0e2699b6f2114bb85e76d3bb05c71c5b7af1832b484bc9468f292fff

Download Submit
memory/3140-436-0x0000000000990000-0x00000000009FA000-memory.dmp

Filesize
424KB

Download
memory/3140-441-0x0000000000990000-0x00000000009FA000-memory.dmp

Filesize
424KB

Download
memory/3140-437-0x0000000000990000-0x00000000009FA000-memory.dmp

Filesize
424KB

Download
memory/4992-429-0x0000000000780000-0x0000000000808000-memory.dmp

Filesize
544KB

Download