Malware Analysis Report

2025-06-16 07:26

Sample ID 240602-ffk7mabe8y
Target BloxstrapModded-v.2.44.exe
SHA256 e15dd2dbe65faa8c181cf1514e80cd64262215258a0e25b9b3f5bb439525c2d0
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e15dd2dbe65faa8c181cf1514e80cd64262215258a0e25b9b3f5bb439525c2d0

Threat Level: Shows suspicious behavior

The file BloxstrapModded-v.2.44.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:48

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:48

Reported

2024-06-02 04:49

Platform

win7-20240221-en

Max time kernel

31s

Max time network

21s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{70631C91-209B-11EF-A635-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2304 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
PID 2304 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
PID 2304 wrote to memory of 2948 N/A C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
PID 2948 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
PID 2948 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
PID 2948 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
PID 2948 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\Bloxstrap.exe
PID 2948 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\Bloxstrap.exe
PID 2948 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe C:\Users\Admin\AppData\Roaming\Bloxstrap.exe
PID 2596 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\Bloxstrap.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2596 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\Bloxstrap.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2596 wrote to memory of 2608 N/A C:\Users\Admin\AppData\Roaming\Bloxstrap.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2608 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2608 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2608 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2608 wrote to memory of 2772 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe

"C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe"

C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe

"C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe"

C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe

"C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe"

C:\Users\Admin\AppData\Roaming\Bloxstrap.exe

"C:\Users\Admin\AppData\Roaming\Bloxstrap.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.20&gui=true

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 aka.ms udp
GB 92.123.242.18:443 aka.ms tcp
GB 92.123.242.18:443 aka.ms tcp
GB 92.123.242.18:443 aka.ms tcp

Files

memory/2304-0-0x000007FEF5223000-0x000007FEF5224000-memory.dmp

memory/2304-1-0x0000000000F30000-0x000000000174E000-memory.dmp

C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe

MD5 c7317fde88040107d1275f241c2501f2
SHA1 1a59ee0f3fd658b62f0c031ce3a60d7cb2a7e366
SHA256 99452e83c11a91c6500e3f9aa0e069a419d29696d4df40d9ccc82d4961f12241
SHA512 ee68a4afe52358d6ab9476e050e5f990dacd6daf4e36bec1cc99dae8c73a0ea009381ac8184570fd0ecb277b6f791eba5f441b940a495233168335619b49283f

memory/2948-7-0x0000000000C60000-0x000000000147A000-memory.dmp

memory/2948-8-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

\Users\Admin\AppData\Roaming\Bloxstrap.exe

MD5 04f41a01edd9d478ce2d0a1f9d3441d2
SHA1 718d0fd7603863da984f3a7eaad8efd3f8dfda77
SHA256 7ec833edb7296e73f3da4c0bb14f5d343de49a2230eb1304be80dd0228478996
SHA512 4eb43b9b37cf485eb936000b4a7f8f07f56d3c2cb9a5ba0c80faa216d5c8bf458bf57d2016c07c3a703f49f7c2742594eab06f2df90b36adb9e0d5ac0787f739

memory/2948-16-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab364E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4B7B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d7db3470e2d0fb0626eff3061e9a5df
SHA1 ae121ae5816e1d8f709c91985dcd38510437f958
SHA256 a9d28b1107de0136dcb82f7ecb362f9b9db598b6b29c6d1d0bc2e6810c528b9d
SHA512 0eae2bef4b0691898c4402b34f4014f59cf6c5a78b75cb920a7695e0bf2f4c3d04c67aa2533c9fea3ea6afc37d2c2f132f6b2e466aeb2e3b2b326644ba11a480

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce232b6fef2699146fd84a9ae4908ee1
SHA1 0ed62515807f882472f639c34888c34da71aa6c9
SHA256 c2fda59e5f4982e895e134f3098e391ea965b57b22826bc77d0ae51ffbe46486
SHA512 c6810b6dc8a49bdee21f27bad3f680ce0500534bc5187a23cb99295d4009f8369eb421f383b8d2837c3429e955d3dcd813159143176208410ace93adea7a4367

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3329e96d810091d5b3607038361c2992
SHA1 f8e15906c904b4cbec9809cf667192e7710cef09
SHA256 038695efe796736a2c20e0182dfb5dda304df387ffea52c292b03b0281970b70
SHA512 618044919afe0fc2355ff9bccf79ded9f4a081e0bd02a3907687acb74b51d9fe36844ec5fad4daeb0b0acb867f585c4e9993ab8b9c2c541b38cc8b66c81cb7db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e33d1650cd68e196e7668ebf2b7c0ec1
SHA1 95a8c8f81900cc994d91ace65ab51415a8ccad0f
SHA256 78d0d3b20eea959bb63d272b8b522d0ee89dd1078c5b3c4debcedce56c5b43b6
SHA512 26074ad7bb1239af40670ae1f5e2139f2602f62cb5f5b8985a9b4ff579621e89b048f732a12d352267c5085e42c183217557a3ff339cc6b4891a1fd1608dc004

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9118e1154c3904a38d137076b1f220fc
SHA1 bd903ea952cca559e87687b0936ca0704a3941b2
SHA256 1f08e8ab8e2000c21d3cb423380de972e344e2b082b0a1d1bace1a4eeb62af2e
SHA512 cbcfe7b64198690727f89d7dceef4ef585c1b5ff07e6fe67228e4fd455376a5ca30e9a824880eed7391a183812d0880a0f3c08c85735cdb18b5e34d2803de466

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46ff97216540daa00d1be6fc9dea7eac
SHA1 4e7915674715e7f24d0e6f61ca12c345b7f6e56b
SHA256 6ed762ffe92dbb9ea66638035a005caafe102041cd20318d71e97613d02c011c
SHA512 a8775fdbda752cdee49a5524e33b2b24aeaf5b2da0149ae44e1f9524729ddb86bcd5e90ee36d37bcec3bc5aa809859b923e38f39d0b193f8dc779a4e0dd57be0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77080c28a607b4b54dc83bba0efa3511
SHA1 6ac30842cd2ae40ea707a34aa5c3ac0981561080
SHA256 9e43fa54f8c0c7b52dfd9c19367b8f5757f3b04b8b864b45d8485a8e760236b7
SHA512 60da8d23b10a819a26bd3f9858e1004929a3657ae967a5bd63cbdb085c316c4dea994ecb4b53abb717cf2f5f40d1726f9f57a16fb42350f3c09b5d2ff68c65b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f501af5126c784f0417f2aecfb72db4
SHA1 f574ece7c2c2557535ac5906930cd4b54a4c2fbb
SHA256 2a5414cc38af08d67cc1cfc9a2f5cfbcf292c4b8b4051882375352d8a186e919
SHA512 bbe91e12068bd8a4c7f3402d3b87abbaf5c223ae3720939a8dd2cc437a6868cc333a262daa741486f5388802cd15211ae2e733d4a0f6c0dcbd4ccb0acbaed340

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e34ea9ee4cfafde8cc3f0e06b8f9f79
SHA1 8077b0e9ccc8878f1b30d43d6cead7627b67bd11
SHA256 ee80b0a66a35f84c69e84c4ca3b04974c7e75c8125847b4a023321a249442f76
SHA512 fa5d816e1d0075fe979c5beaa689255386872d62704fddeb40d116d0a19f1bac4216fb8cd38c5c986ff8b8f2d8f9552ca055524ece7bb97bf2cab9d33c39d7e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8058bfda7926ee7274622efb12475526
SHA1 35a46a3a3d932a683afa88ea9988a99ec61e95fb
SHA256 50eb535da4ac64cb2defe98a01dca157a0edb2656e557eb994c3db7a9a6c9dc1
SHA512 1bbdeabc7a3ec3f89871c53e3b66530bd7a2fc07daeef28a7d6d469eeb4651391175a0d2d4f88559c185c55c3846582294890f36f9a3addd3d36a8bba5356fe2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:48

Reported

2024-06-02 04:49

Platform

win10v2004-20240508-en

Max time kernel

10s

Max time network

13s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Bloxstrap.exe N/A

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Bloxstrap.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe

"C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe"

C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe

"C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe"

C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe

"C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe"

C:\Users\Admin\AppData\Roaming\Bloxstrap.exe

"C:\Users\Admin\AppData\Roaming\Bloxstrap.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 34.107.221.82:443 detectportal.firefox.com tcp
US 8.8.8.8:53 82.221.107.34.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp

Files

memory/3432-0-0x00007FF8EDF53000-0x00007FF8EDF55000-memory.dmp

memory/3432-1-0x0000000000240000-0x0000000000A5E000-memory.dmp

C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe

MD5 c7317fde88040107d1275f241c2501f2
SHA1 1a59ee0f3fd658b62f0c031ce3a60d7cb2a7e366
SHA256 99452e83c11a91c6500e3f9aa0e069a419d29696d4df40d9ccc82d4961f12241
SHA512 ee68a4afe52358d6ab9476e050e5f990dacd6daf4e36bec1cc99dae8c73a0ea009381ac8184570fd0ecb277b6f791eba5f441b940a495233168335619b49283f

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BloxstrapModded-v.2.44.exe.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

memory/3588-15-0x0000000000CE0000-0x00000000014FA000-memory.dmp

memory/3588-16-0x00007FF8EDF50000-0x00007FF8EEA11000-memory.dmp

C:\Users\Admin\AppData\Roaming\Bloxstrap.exe

MD5 04f41a01edd9d478ce2d0a1f9d3441d2
SHA1 718d0fd7603863da984f3a7eaad8efd3f8dfda77
SHA256 7ec833edb7296e73f3da4c0bb14f5d343de49a2230eb1304be80dd0228478996
SHA512 4eb43b9b37cf485eb936000b4a7f8f07f56d3c2cb9a5ba0c80faa216d5c8bf458bf57d2016c07c3a703f49f7c2742594eab06f2df90b36adb9e0d5ac0787f739

memory/3588-29-0x00007FF8EDF50000-0x00007FF8EEA11000-memory.dmp