URL:

https://www.mediafire.com/file/a727jt1vzuw550e/!Ǵe𝔱-Set_𝓤p--4456__Pǎ$w0ɾD#!!.zip/file

Full analysis: https://app.any.run/tasks/1894eeab-9897-4da4-a42e-62a1aacf5df8
Verdict: Malicious activity
Threats:

Lumma is an information stealer, developed using the C programming language. It is offered for sale as a malware-as-a-service, with several plans available. It usually targets cryptocurrency wallets, login credentials, and other sensitive information on a compromised system. The malicious software regularly gets updates that improve and expand its functionality, making it a serious stealer threat.

Malware Trends Tracker     >>>
Analysis date: January 10, 2025, 01:40:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
autoit
lumma
stealer
Indicators:
MD5:

95F299B21CB0423790B64BA752A1A42B

SHA1:

5570C63C93B68E3E551DF53AEC0BA9181C31C847

SHA256:

751922B255D8BC2A8EBF7C34AC4870E1A1FC2EB18AF5A88F4764280C6B50C39B

SSDEEP:

3:N8DSLw3eGUo7FlgCVR6V7jX9riVd6G9:2OLw3eGVlgC+VVGD6y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Set-up.exe (PID: 1556)
      • Set-up.exe (PID: 7472)

    • LUMMA mutex has been found

      • Pan.com (PID: 1448)

    • LUMMA has been detected (SURICATA)

      • Pan.com (PID: 1448)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 7524)

    • Changes powershell execution policy (Bypass)

      • Pan.com (PID: 1448)

  • SUSPICIOUS

    • Application launched itself

      • WinRAR.exe (PID: 4164)
      • cmd.exe (PID: 7100)
      • cmd.exe (PID: 7916)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 5244)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 4164)
      • WinRAR.exe (PID: 5244)
      • Set-up.exe (PID: 1556)
      • Set-up.exe (PID: 7472)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 5244)

    • Executing commands from ".cmd" file

      • Set-up.exe (PID: 1556)
      • Set-up.exe (PID: 7472)

    • Starts CMD.EXE for commands execution

      • Set-up.exe (PID: 1556)
      • cmd.exe (PID: 7100)
      • Set-up.exe (PID: 7472)
      • cmd.exe (PID: 7916)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 7100)
      • cmd.exe (PID: 7916)

    • Get information on the list of running processes

      • cmd.exe (PID: 7100)
      • cmd.exe (PID: 7916)

    • The executable file from the user directory is run by the CMD process

      • Pan.com (PID: 1448)
      • Pan.com (PID: 7180)

    • Starts the AutoIt3 executable file

      • cmd.exe (PID: 7100)
      • cmd.exe (PID: 7916)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7100)
      • cmd.exe (PID: 7916)

    • Manipulates environment variables

      • powershell.exe (PID: 7524)

    • Starts POWERSHELL.EXE for commands execution

      • Pan.com (PID: 1448)

    • Possibly malicious use of IEX has been detected

      • Pan.com (PID: 1448)

    • Found IP address in command line

      • powershell.exe (PID: 7524)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 7524)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 7524)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 8156)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 4164)
      • WinRAR.exe (PID: 5244)
      • msedge.exe (PID: 1740)
      • Set-up.exe (PID: 1556)
      • Set-up.exe (PID: 7472)

    • Reads the computer name

      • identity_helper.exe (PID: 8156)
      • Pan.com (PID: 1448)
      • Set-up.exe (PID: 7472)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 3688)

    • Checks supported languages

      • Set-up.exe (PID: 1556)
      • identity_helper.exe (PID: 8156)
      • Pan.com (PID: 1448)
      • Set-up.exe (PID: 7472)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5244)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 5244)

    • Creates files or folders in the user directory

      • Set-up.exe (PID: 1556)
      • extrac32.exe (PID: 7316)
      • Set-up.exe (PID: 7472)

    • Application launched itself

      • msedge.exe (PID: 3688)

    • Creates a new folder

      • cmd.exe (PID: 1864)
      • cmd.exe (PID: 4504)

    • Reads the software policy settings

      • Pan.com (PID: 1448)

    • Manual execution by a user

      • Set-up.exe (PID: 7472)

    • Process checks computer location settings

      • Set-up.exe (PID: 7472)

    • Create files in a temporary directory

      • powershell.exe (PID: 7524)

    • Reads security settings of Internet Explorer

      • powershell.exe (PID: 7524)

    • Disables trace logs

      • powershell.exe (PID: 7524)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 7524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
203
Monitored processes
71
Malicious processes
8
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs winrar.exe set-up.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs findstr.exe no specs tasklist.exe no specs findstr.exe no specs cmd.exe no specs extrac32.exe no specs findstr.exe no specs cmd.exe no specs cmd.exe no specs #LUMMA pan.com choice.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs set-up.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs findstr.exe no specs powershell.exe no specs conhost.exe no specs tasklist.exe no specs findstr.exe no specs cmd.exe no specs extrac32.exe no specs findstr.exe no specs cmd.exe no specs cmd.exe no specs pan.com no specs choice.exe no specs msedge.exe no specs msedge.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7624 --field-trial-handle=2304,i,15918076998330175796,510242300004039786,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
836choice /d y /t 5C:\Windows\SysWOW64\choice.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Offers the user a choice
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\choice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1448Pan.com R C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\442542\Pan.com
cmd.exe
User:
admin
Company:
AutoIt Team
Integrity Level:
MEDIUM
Description:
AutoIt v3 Script (Beta)
Exit code:
0
Version:
3, 3, 15, 5
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\inetcache\442542\pan.com
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\psapi.dll
c:\windows\syswow64\user32.dll
1556"C:\Users\admin\AppData\Local\Temp\Rar$EXb5244.7218\Set-up.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb5244.7218\Set-up.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb5244.7218\set-up.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1740"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7252 --field-trial-handle=2304,i,15918076998330175796,510242300004039786,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1864cmd /c md 442542C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
2088findstr /V "fight" Incentive C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=1496 --field-trial-handle=2304,i,15918076998330175796,510242300004039786,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2212\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
16 326
Read events
16 274
Write events
52
Delete events
0

Modification events

(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3688) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
682D9877E6892F00
(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459434
Operation:writeName:WindowTabManagerFileMappingId
Value:
{A9A48A1A-F679-4936-BDBA-E3D79F490099}
(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459434
Operation:writeName:WindowTabManagerFileMappingId
Value:
{93D4CF28-86BD-4851-874D-F2F8DDD0A2BA}
(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459434
Operation:writeName:WindowTabManagerFileMappingId
Value:
{4595DC84-DC5D-461D-82FE-873595FA27F4}
(PID) Process:(3688) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
753CA177E6892F00
(PID) Process:(3688) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459434
Operation:writeName:WindowTabManagerFileMappingId
Value:
{958BA46B-E2BE-4327-8DC0-D8969FC2EF99}
Executable files
29
Suspicious files
287
Text files
166
Unknown types
3

Dropped files

PID
Process
Filename
Type
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1354ab.TMP
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1354ab.TMP
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1354bb.TMP
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1354ca.TMP
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1354ca.TMP
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
3688msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
92
DNS requests
99
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6796
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4308
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
23.216.77.20:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4308
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.216.77.20:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.155:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6488
msedge.exe
104.17.150.117:443
www.mediafire.com
shared
3688
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.216.77.20
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.186.78
whitelisted
www.bing.com
  • 104.126.37.155
  • 104.126.37.153
  • 104.126.37.123
  • 104.126.37.171
  • 104.126.37.129
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
www.mediafire.com
  • 104.17.150.117
  • 104.17.151.117
shared

Threats

PID
Process
Class
Message
6488
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
6488
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
6488
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
6488
msedge.exe
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
1448
Pan.com
A Network Trojan was detected
STEALER [ANY.RUN] Lumma Stealer TLS Connection
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.mediafire.com/file/a727jt1vzuw550e/!Ǵe𝔱-Set_𝓤p--4456__Pǎ$w0ɾD#!!.zip/file