Analysis Overview
Threat Level: Known bad
The file https://github.com/blowcrazynofex25/blowcrazynofex25/releases/download/latest/Git_softwares_v1_7_3.7z was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 22:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 22:16
Reported
2024-05-25 22:21
Platform
win10v2004-20240508-en
Max time kernel
262s
Max time network
267s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3152 set thread context of 3448 | N/A | C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| PID 3764 set thread context of 3376 | N/A | C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| PID 3692 set thread context of 3264 | N/A | C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| PID 4908 set thread context of 4544 | N/A | C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611490521234591" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{0BFFEA11-6BF9-4D51-97AA-6D013B045F26} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/blowcrazynofex25/blowcrazynofex25/releases/download/latest/Git_softwares_v1_7_3.7z
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4112,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4028,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5292,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5304,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=5996,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5764,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5952,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6684,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x238,0x23c,0x240,0x234,0x2b0,0x7fffde21ceb8,0x7fffde21cec4,0x7fffde21ced0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2376,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=3316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2364,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap4347:16:7zEvent21689 -ad -saa -- "C:\C_"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=560,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3504,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Git_softwares_v1_7_3\" -ad -an -ai#7zMap18623:100:7zEvent1663
C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe
"C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4816,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe
"C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4280,i,3837904801583237331,8921189896109351207,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:8
C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe
"C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe"
C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe
"C:\Users\Admin\Desktop\Git_softwares_v1_7_3\Setup_v1.7.3.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.201.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | corruptioncrackywosp.shop | udp |
| US | 104.21.92.10:443 | corruptioncrackywosp.shop | tcp |
| US | 8.8.8.8:53 | museumtespaceorsp.shop | udp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 8.8.8.8:53 | buttockdecarderwiso.shop | udp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 8.8.8.8:53 | 10.92.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | averageaattractiionsl.shop | udp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 8.8.8.8:53 | femininiespywageg.shop | udp |
| US | 172.67.141.63:443 | femininiespywageg.shop | tcp |
| US | 8.8.8.8:53 | employhabragaomlsp.shop | udp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 8.8.8.8:53 | stalfbaclcalorieeis.shop | udp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 8.8.8.8:53 | 187.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.62.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.85.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | civilianurinedtsraov.shop | udp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 8.8.8.8:53 | roomabolishsnifftwk.shop | udp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 8.8.8.8:53 | 197.3.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.197.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.55.21.104.in-addr.arpa | udp |
| US | 104.21.92.10:443 | corruptioncrackywosp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.141.63:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.92.10:443 | corruptioncrackywosp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.141.63:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
| US | 104.21.92.10:443 | corruptioncrackywosp.shop | tcp |
| US | 104.21.32.80:443 | museumtespaceorsp.shop | tcp |
| US | 172.67.218.187:443 | buttockdecarderwiso.shop | tcp |
| US | 104.21.62.60:443 | averageaattractiionsl.shop | tcp |
| US | 172.67.141.63:443 | femininiespywageg.shop | tcp |
| US | 104.21.85.81:443 | employhabragaomlsp.shop | tcp |
| US | 104.21.3.197:443 | stalfbaclcalorieeis.shop | tcp |
| US | 172.67.197.146:443 | civilianurinedtsraov.shop | tcp |
| US | 104.21.55.87:443 | roomabolishsnifftwk.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bb7a8ffed4852a1f4ab7942b4372e054 |
| SHA1 | 18731b92df7c9bb88d525fb5a1dfaa5d4ae8c340 |
| SHA256 | 02a6faa9e0ef6f2f09a756fb0d660817b1efa46c2ad8d0c735f213912a5948a5 |
| SHA512 | 2f461935443eeaf9728573f3bb033e6a0aeeb76300d8756cffef8e1a573c7741da2f81fe4bde8d0825d77bdff8d338d027bf75ef7578f043991973f17b8d3f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afc3d858b749b638a99f195b2670fc4d |
| SHA1 | 1fa599fefc045e180b4c02149ddb53ecbcdef8d2 |
| SHA256 | 9b003f3efe6c46ddc5437697c0f9ac890f5c79352137f229e166af796a5dbd84 |
| SHA512 | a7db801c847f615a42929b5d9a1202b323dba37b44195eacb65bd27f059791980f14140210ed5c0373cf3eac42c680ea90e5e21b356e299116d331f75c3d1098 |
\??\pipe\crashpad_1840_DENGQEJJBDVFTTIF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 0a315a33bc5bc7b25df7bfbeed825f9f |
| SHA1 | 2da9007a9fd976ccda61af32b650b853eac5711b |
| SHA256 | 0e342e9ab2171ab1b55f2febfc373488a3c40c28e00f898336a7f89f8b210349 |
| SHA512 | 7d51206e71ab50e1eb38954e97a0e7218515766f1165b9b340443284ce96f53b8ceda8a4bd40840702577ead6017214fe4ec9924af974db1be96f713a46c62ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5784950e07601d09e4a33e2b1fedbeec |
| SHA1 | 974267088da1f56b3a0ecb50ba9d3d3b9bb601e9 |
| SHA256 | 8cc072c32d736af32f31b64a305667515ab0deda4e45ba711c3b478d761db728 |
| SHA512 | 6af41ab57c45e0506afbe3de796eb0e2bb1ff9cdbea7507d771ff906f66253d90846a29be75f022d38cb5043732be7f8f4a0d64e606887fe244e46f04233021a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 13d546b81488e85a2b460cbcc40bbdbe |
| SHA1 | ed8d23568e8385888b2da522d731fb64fa2164da |
| SHA256 | a68cf875ef437a6be081fb0332c24a5ed2a3124566faacc5f7197e8f6300abc4 |
| SHA512 | 44aaa92cf8be62f88ac308fa00a744a60b68ec31a21784953f33cf5da613129cf11e160ab754d178d46a05fc850d5f936962c710aea0d68cfa60811232bdbf7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 259b9369be72de852cb0c2134ef66967 |
| SHA1 | 0467b260624e0ffe4a14ad65538effd7ca68c10d |
| SHA256 | c9bf6473746fa5655f53f0c76e5bf8f2b9d95d22fba95603673c3c7cf65e7d6e |
| SHA512 | 6ed321582d95b0890a13eb5996232f0c1c702dc8def6a8ffe62f7b627ccf15a7d93c8cacaa5e9c14b5e8f9c9ce404ab313c8ee1ebfcf6a99fdd576b5942f8b82 |
C:\Users\Admin\Downloads\Git_softwares_v1_7_3\KeyFile\1049\sharedmanagementobjects_keyfile.dll
| MD5 | 5e54cb9759d1a9416f51ac1e759bbccf |
| SHA1 | 1a033a7aae7c294967b1baba0b1e6673d4eeefc6 |
| SHA256 | f7e5cae32e2ec2c35346954bfb0b7352f9a697c08586e52494a71ef00e40d948 |
| SHA512 | 32dcca4432ec0d2a8ad35fe555f201fef828b2f467a2b95417b42ff5b5149aee39d626d244bc295dca8a00cd81ef33a20f9e681dd47eb6ee47932d5d8dd2c664 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | ddf4fb4d6709f2bf5ad31ee0135fcb44 |
| SHA1 | bd0f2dadaaa841849be7b67b85efd4bce0527d77 |
| SHA256 | 688096bd932e488805cccf71f3271f6d2c5067a4507ee46ed8f063bf551dd917 |
| SHA512 | 0335372c0ded3cbe5f546ec76af1d3f7d1ad6ce0343d5092af6266966fe8c7b414f93bcc02a8319c0fdeb5f8e6fc0b36a377625203b74f17baf91ebb0c8de7e8 |
C:\Users\Admin\Downloads\Git_softwares_v1_7_3\Setup_v1.7.3.exe
| MD5 | 72464ca47667df3dccdc606efec46c33 |
| SHA1 | 889a5e09e67518edbc60f494b326f077dfa42cb4 |
| SHA256 | 81a6a19974fb4f83ea650091e460b0aba2495df12466c91f479948c949472b2b |
| SHA512 | 0984a3a05471cc030a6ad1bc27a7a3c2ca9c49463037d1eb1db8c2ecf26109ae3be0b978fb9cfeafb91884d5586187bf6df266d287982fdc008e1084cd91d0e7 |
memory/3152-532-0x00000000007D0000-0x0000000000D70000-memory.dmp
memory/3152-533-0x0000000005800000-0x000000000589C000-memory.dmp
memory/3152-536-0x00000000056A0000-0x00000000056BA000-memory.dmp
memory/3152-537-0x00000000058A0000-0x0000000005A7E000-memory.dmp
memory/3152-538-0x0000000006BB0000-0x0000000006D42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
memory/3152-544-0x00000000051E0000-0x00000000051F0000-memory.dmp
memory/3448-545-0x0000000000400000-0x0000000000457000-memory.dmp
memory/3448-547-0x0000000000400000-0x0000000000457000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Setup_v1.7.3.exe.log
| MD5 | 31f411b47f298b2609b21b4d71079504 |
| SHA1 | bb5f1d6ad0debcb5c5c1a07ca10fd20525244b7f |
| SHA256 | 10615b0398a81a380c0503e04c052a43687a79206b37aa468e45cf453cd31296 |
| SHA512 | 8f5a601316ceecc23cb46e2b3b05bbe7ed3242d586316f69c13af593b1988ad44a47c761e016466aafa0ab69ef29377f92ec04440e50fa9ccd50b2f5aa933052 |