URL:

https://pesktop.com/en/windows/glasswire_elite

Full analysis: https://app.any.run/tasks/cca7aaf5-d965-4a58-9f7d-f373a389cdcd
Verdict: Malicious activity
Threats:

Lumma is an information stealer, developed using the C programming language. It is offered for sale as a malware-as-a-service, with several plans available. It usually targets cryptocurrency wallets, login credentials, and other sensitive information on a compromised system. The malicious software regularly gets updates that improve and expand its functionality, making it a serious stealer threat.

Malware Trends Tracker     >>>
Analysis date: November 02, 2024, 04:45:24
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
themida
stealer
lumma
Indicators:
MD5:

7D304E1AD7462DA9F9FBBF92D1E4A5D0

SHA1:

2250312085B6F180E339BF60796C7DBD188AB7E0

SHA256:

8F38A4AAB10AC0C80DD36744686DA6F8F5D9BF91C3417566D706EA4E1AF5FF04

SSDEEP:

3:N8EiVLKKFSML8XJefUV:2E2LKKF/L8XJefUV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • GlassWireSetup_3.3.678.exe (PID: 4352)
      • net.exe (PID: 6448)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 7788)

    • Changes powershell execution policy (Bypass)

      • AutoIt3.exe (PID: 6500)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • GlassWireSetup_3.3.678.exe (PID: 4352)

    • Executable content was dropped or overwritten

      • GlassWireSetup_3.3.678.exe (PID: 4352)
      • vc_redist.x86.exe (PID: 6232)
      • vc_redist.x86.exe (PID: 7284)
      • rundll32.exe (PID: 8140)
      • Setup.exe (PID: 8152)
      • more.com (PID: 7460)
      • AutoIt3.exe (PID: 6500)

    • Starts a Microsoft application from unusual location

      • vc_redist.x86.exe (PID: 6232)
      • vc_redist.x86.exe (PID: 7284)

    • Process drops legitimate windows executable

      • vc_redist.x86.exe (PID: 6232)
      • WinRAR.exe (PID: 6792)
      • GlassWireSetup_3.3.678.exe (PID: 4352)

    • Drops a system driver (possible attempt to evade defenses)

      • GlassWireSetup_3.3.678.exe (PID: 4352)

    • Uses RUNDLL32.EXE to load library

      • GlassWireSetup_3.3.678.exe (PID: 4352)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • GlassWireSetup_3.3.678.exe (PID: 4352)
      • wevtutil.exe (PID: 4700)

    • Executes as Windows Service

      • GWCtlSrv.exe (PID: 6496)

    • Starts application with an unusual extension

      • Setup.exe (PID: 8152)

    • Node.exe was dropped

      • AutoIt3.exe (PID: 6500)

    • Starts itself from another location

      • AutoIt3.exe (PID: 6500)

    • The process executes Powershell scripts

      • AutoIt3.exe (PID: 6500)

    • Starts POWERSHELL.EXE for commands execution

      • AutoIt3.exe (PID: 6500)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 5328)

    • Manual execution by a user

      • WinRAR.exe (PID: 7800)
      • WinRAR.exe (PID: 2684)
      • GlassWireSetup_3.3.678.exe (PID: 1344)
      • GlassWireSetup_3.3.678.exe (PID: 4352)
      • WinRAR.exe (PID: 6792)
      • Setup.exe (PID: 8152)
      • Taskmgr.exe (PID: 7880)
      • Taskmgr.exe (PID: 6668)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7800)
      • chrome.exe (PID: 7396)
      • WinRAR.exe (PID: 6792)

    • Themida protector has been detected

      • GlassWireSetup_3.3.678.exe (PID: 4352)
      • GWIdlMon.exe (PID: 916)
      • GWCtlSrv.exe (PID: 6496)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
230
Monitored processes
80
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sppextcomobj.exe no specs slui.exe rundll32.exe no specs winrar.exe winrar.exe no specs glasswiresetup_3.3.678.exe no specs THREAT glasswiresetup_3.3.678.exe chrome.exe vc_redist.x86.exe vc_redist.x86.exe chrome.exe no specs chrome.exe no specs gwinstst.exe rundll32.exe runonce.exe no specs grpconv.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs gwctlsrv.exe no specs conhost.exe no specs gwctlsrv.exe no specs conhost.exe no specs chrome.exe no specs THREAT gwctlsrv.exe slui.exe no specs gwidlmon.exe no specs conhost.exe no specs winrar.exe chrome.exe no specs chrome.exe no specs THREAT gwidlmon.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs Copy/Move/Rename/Delete/Link Object no specs chrome.exe no specs setup.exe nc.exe no specs icacls.exe no specs conhost.exe no specs more.com conhost.exe no specs chrome.exe no specs autoit3.exe chrome.exe no specs taskmgr.exe no specs taskmgr.exe yez7l7b7ea02kqp9mp5ya0m.exe no specs powershell.exe no specs conhost.exe no specs comp.exe no specs conhost.exe no specs chrome.exe no specs autoit3.exe no specs gwidlmon.exe no specs conhost.exe no specs explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
764"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5328 --field-trial-handle=1900,i,9565522037400538390,4009902699980203155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
780\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
860C:\Users\admin\AppData\Roaming\Local\IRGQFYSAZDPSEYIFVHSO\nc.exeC:\Users\admin\AppData\Roaming\Local\IRGQFYSAZDPSEYIFVHSO\nc.exeSetup.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.3810.9
916"C:\Program Files (x86)\GlassWire/GWIdlMon.exe" --auth-cookie=3712385107 --server-port=20000C:\Program Files (x86)\GlassWire\GWIdlMon.exe
GWCtlSrv.exe
User:
admin
Company:
GlassWire
Integrity Level:
MEDIUM
Description:
GlassWire Computer Idle Monitor
Exit code:
1
Version:
3.3.678.0
1084\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewevtutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1196"C:\WINDOWS\system32\wevtutil.exe" im "C:\Users\admin\AppData\Local\Temp\nsfEB30.tmp\eventlog.man" /rf:"C:\Program Files (x86)\GlassWire\GWEventLog.dll" /mf:"C:\Program Files (x86)\GlassWire\GWEventLog.dll" /fromwow64C:\Windows\System32\wevtutil.exewevtutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Eventing Command Line Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\combase.dll
c:\windows\system32\sechost.dll
1344"C:\Users\admin\Downloads\GlassWire Elite 3.3.678 Multilingual [PeskTop.com]\GlassWire Elite 3.3.678 Multilingual [PeskTop.com]\GlassWireSetup_3.3.678.exe" C:\Users\admin\Downloads\GlassWire Elite 3.3.678 Multilingual [PeskTop.com]\GlassWire Elite 3.3.678 Multilingual [PeskTop.com]\GlassWireSetup_3.3.678.exeexplorer.exe
User:
admin
Company:
GlassWire
Integrity Level:
MEDIUM
Description:
GlassWire Setup
Exit code:
3221226540
Version:
3,3,678,0
Modules
Images
c:\users\admin\downloads\glasswire elite 3.3.678 multilingual [pesktop.com]\glasswire elite 3.3.678 multilingual [pesktop.com]\glasswiresetup_3.3.678.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1376\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5740 --field-trial-handle=1900,i,9565522037400538390,4009902699980203155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Total events
23 805
Read events
23 630
Write events
127
Delete events
48

Modification events

(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5328) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
(PID) Process:(5328) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Common\Rlz\Events\C
Operation:writeName:C1F
Value:
1
(PID) Process:(7980) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
010000000000000009408325E22CDB01
Executable files
77
Suspicious files
250
Text files
479
Unknown types
5

Dropped files

PID
Process
Filename
Type
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF8c06a.TMP
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF8c06a.TMP
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF8c07a.TMP
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF8c07a.TMP
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF8c07a.TMP
MD5:
SHA256:
5328chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
43
TCP/UDP connections
146
DNS requests
136
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6944
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2076
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7448
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
1204
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7448
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
7448
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
7448
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
7448
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1428
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4360
SearchApp.exe
2.23.209.140:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5328
chrome.exe
239.255.255.250:1900
whitelisted
6716
chrome.exe
172.67.69.186:443
pesktop.com
CLOUDFLARENET
US
suspicious
6716
chrome.exe
74.125.133.84:443
accounts.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 40.127.240.158
  • 51.124.78.146
whitelisted
www.bing.com
  • 2.23.209.140
  • 2.23.209.161
  • 2.23.209.177
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.158
  • 2.23.209.150
whitelisted
google.com
  • 142.250.186.46
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
pesktop.com
  • 172.67.69.186
  • 104.26.14.64
  • 104.26.15.64
unknown
accounts.google.com
  • 74.125.133.84
whitelisted
analytics.pesktop.com
  • 172.67.69.186
  • 104.26.15.64
  • 104.26.14.64
unknown
yvjskep4.click
  • 188.114.97.3
  • 188.114.96.3
unknown
static.cloudflareinsights.com
  • 104.16.80.73
  • 104.16.79.73
whitelisted
content-autofill.googleapis.com
  • 142.250.184.234
  • 142.250.185.170
  • 142.250.186.42
  • 142.250.185.74
  • 142.250.185.106
  • 216.58.212.170
  • 216.58.206.42
  • 142.250.185.234
  • 142.250.186.74
  • 142.250.185.138
  • 142.250.186.170
  • 216.58.206.74
  • 142.250.181.234
  • 142.250.184.202
  • 142.250.185.202
  • 172.217.16.202
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Potentially Bad Traffic
ET DNS Query to a *.top domain - Likely Hostile
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain in DNS Lookup (download .mediafire .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Domain Observed Used for C2 Detected
STEALER [ANY.RUN] Domain has been identified as part of Lumma Stealer's infrastructure (creative-habitat .shop)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://pesktop.com/en/windows/glasswire_elite