Malware Analysis Report

2024-11-13 14:05

Sample ID 240225-ywzztsbg51
Target GENP4.2.exe
SHA256 4e756fe5adb15ac6a8fff1a1c468e1335cdafd085fc749c177b3ad792a289cf5
Tags
lumma stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e756fe5adb15ac6a8fff1a1c468e1335cdafd085fc749c177b3ad792a289cf5

Threat Level: Known bad

The file GENP4.2.exe was found to be: Known bad.

Malicious Activity Summary

lumma stealer

Lumma Stealer

Suspicious use of SetThreadContext

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-02-25 20:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-25 20:08

Reported

2024-02-25 20:13

Platform

win7-20240221-en

Max time kernel

118s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe

"C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe"

Network

N/A

Files

memory/2240-0-0x000000013FEB0000-0x0000000140EB0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-25 20:08

Reported

2024-02-25 20:13

Platform

win10v2004-20240221-en

Max time kernel

148s

Max time network

171s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe"

Signatures

Lumma Stealer

stealer lumma

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4064 set thread context of 2020 N/A C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3538781373-1545967067-4263767959-1000\{3CF36928-744B-49BE-BEB0-01A8E944A78F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe

"C:\Users\Admin\AppData\Local\Temp\GENP4.2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2f4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Adobe GenP 4.0.rar"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5289386384020744971,17881217244590626380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5504 /prefetch:2

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap30870:118:7zEvent9617 -ad -saa -- "C:\GENP4.2.exe"

Network

Country Destination Domain Proto
GB 2.23.92.203:443 www.bing.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
GB 2.23.92.203:443 www.bing.com tcp
US 8.8.8.8:53 203.92.23.2.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.23.92.203:443 r.bing.com tcp
GB 2.23.92.203:443 r.bing.com tcp
GB 2.23.92.203:443 r.bing.com tcp
GB 2.23.92.203:443 r.bing.com tcp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
SE 20.190.181.5:443 login.microsoftonline.com tcp
US 8.8.8.8:53 5.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
US 204.79.197.200:443 www2.bing.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.69.194.173.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-hgn7rn7k.googlevideo.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
GB 142.250.187.238:443 suggestqueries-clients6.youtube.com tcp
US 8.8.8.8:53 200.130.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
GB 142.250.187.238:443 suggestqueries-clients6.youtube.com udp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
FR 172.217.130.200:443 rr3---sn-hgn7rn7k.googlevideo.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 142.250.180.14:443 consent.youtube.com tcp
GB 142.250.187.214:443 i.ytimg.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 172.217.16.225:443 yt3.ggpht.com udp
US 8.8.8.8:53 i4.ytimg.com udp
GB 142.250.178.14:443 i4.ytimg.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 rr5---sn-1gi7znek.googlevideo.com udp
CH 74.125.108.202:443 rr5---sn-1gi7znek.googlevideo.com tcp
CH 74.125.108.202:443 rr5---sn-1gi7znek.googlevideo.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
CH 74.125.108.202:443 rr5---sn-1gi7znek.googlevideo.com udp
US 8.8.8.8:53 legatorypluralishrtw.shop udp
US 104.21.89.105:443 legatorypluralishrtw.shop tcp
US 8.8.8.8:53 202.108.125.74.in-addr.arpa udp
US 8.8.8.8:53 105.89.21.104.in-addr.arpa udp
US 8.8.8.8:53 chocolatedepressofw.fun udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 prescriptionstorageag.fun udp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 172.67.202.191:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 associationokeo.shop udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.42:443 jnn-pa.googleapis.com tcp
GB 142.250.200.42:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 191.202.67.172.in-addr.arpa udp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.113.74:80 www.mediafire.com tcp
US 104.16.113.74:80 www.mediafire.com tcp
US 104.16.113.74:443 www.mediafire.com tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 172.217.16.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 74.113.16.104.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 18.239.190.22:443 cdn.amplitude.com tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.190.239.18.in-addr.arpa udp
US 8.8.8.8:53 110.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 34.212.72.103:443 api.amplitude.com tcp
US 8.8.8.8:53 103.72.212.34.in-addr.arpa udp
US 8.8.8.8:53 179.113.50.184.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.134.106:443 aefd.nelreports.net tcp
GB 88.221.134.106:443 aefd.nelreports.net tcp
GB 88.221.134.106:443 aefd.nelreports.net udp
US 8.8.8.8:53 106.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 172.217.16.238:443 translate.google.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.187.202:443 translate.googleapis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.206.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
BE 74.125.206.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.187.202:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
GB 172.217.16.238:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 172.64.129.8:443 www.ezojs.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 104.19.215.37:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 download2328.mediafire.com udp
US 199.91.155.69:443 download2328.mediafire.com tcp
US 199.91.155.69:443 download2328.mediafire.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 8.129.64.172.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
US 8.8.8.8:53 4.192.64.172.in-addr.arpa udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 34.120.63.153:443 prebid.media.net tcp
DE 52.58.203.207:443 btlr.sharethrough.com tcp
DE 52.58.203.207:443 btlr.sharethrough.com tcp
DE 52.58.203.207:443 btlr.sharethrough.com tcp
DE 52.58.203.207:443 btlr.sharethrough.com tcp
DE 52.58.203.207:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 18.239.208.102:443 tags.crwdcntrl.net tcp
DE 35.157.214.172:443 tlx.3lift.com tcp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 108.128.158.24:443 bcp.crwdcntrl.net tcp
IE 34.246.36.174:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 69.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 207.203.58.52.in-addr.arpa udp
US 8.8.8.8:53 102.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 172.214.157.35.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.19.215.37:80 otnolatrnup.com tcp
US 104.19.215.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
US 18.239.208.114:443 woreppercomming.com tcp
US 8.8.8.8:53 24.158.128.108.in-addr.arpa udp
US 8.8.8.8:53 174.36.246.34.in-addr.arpa udp
US 8.8.8.8:53 www.ovardu.com udp
US 172.67.174.4:443 www.ovardu.com tcp
US 8.8.8.8:53 114.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 4.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 contextual.media.net udp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
GB 104.78.176.27:443 contextual.media.net tcp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 bad89fe691b9e773aa5ce654891306e4.safeframe.googlesyndication.com udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 27.176.78.104.in-addr.arpa udp
GB 216.58.204.65:443 bad89fe691b9e773aa5ce654891306e4.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 18.239.209.27:443 cdn.prod.uidapi.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 id5-sync.com udp
US 34.120.135.53:443 oajs.openx.net tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
DE 162.19.138.119:443 id5-sync.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 34.120.135.53:443 oajs.openx.net udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 27.209.239.18.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
GB 142.250.180.1:443 cdn.ampproject.org udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 172.217.169.38:443 s0.2mdn.net tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.169.38:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 142.250.187.194:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 38.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
NL 185.235.87.222:443 gem.gbc.criteo.com tcp
FR 185.235.86.34:443 ag.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
GB 142.250.187.194:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 222.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 34.86.235.185.in-addr.arpa udp
GB 142.250.187.202:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
GB 142.250.200.2:443 ade.googlesyndication.com udp
GB 88.221.134.106:443 aefd.nelreports.net udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.200.2:443 ade.googlesyndication.com udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp
CH 74.125.108.202:443 rr5---sn-1gi7znek.googlevideo.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp

Files

memory/4064-2-0x00007FF6DD7B0000-0x00007FF6DE7B0000-memory.dmp

memory/2020-8-0x00000000003A0000-0x00000000003E9000-memory.dmp

memory/2020-10-0x00000000003A0000-0x00000000003E9000-memory.dmp

memory/2020-12-0x00000000003A0000-0x00000000003E9000-memory.dmp

memory/2020-14-0x0000000000790000-0x00000000007C2000-memory.dmp

memory/2020-15-0x0000000000790000-0x00000000007C2000-memory.dmp

memory/2020-17-0x0000000000790000-0x00000000007C2000-memory.dmp

memory/2020-18-0x0000000000790000-0x00000000007C2000-memory.dmp

memory/2020-16-0x0000000000790000-0x00000000007C2000-memory.dmp

memory/2020-11-0x00000000003A0000-0x00000000003E9000-memory.dmp

memory/2020-21-0x00000000003A0000-0x00000000003E9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zE067A6DC9\GENP4.2.exe

MD5 1a2feab2577d727f99f8e91a7a7831c9
SHA1 82de2cb03dd8e6b9133a9b8bf5de817ae8c16ee1
SHA256 41148340722c1a691512d42b3fda513f579ee2d17a79e638ac0da4ed4c890287
SHA512 6a220cbaf6798b5302039fc959d48897117a036bfe0b7804479bb332922acc19282e169cacb295e7d4fda71e0b4732ceed726089c4e07b63f9ae4122f9ba578a