Malware Analysis Report

2024-10-10 08:22

Sample ID 240603-lw8whsaf51
Target LunarBETA1.3.rar
SHA256 4e42ce4924cdd62319f93f0991c1eb047d135d5bf9259c445ec4652be7448f21
Tags
execution blankgrabber
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4e42ce4924cdd62319f93f0991c1eb047d135d5bf9259c445ec4652be7448f21

Threat Level: Known bad

The file LunarBETA1.3.rar was found to be: Known bad.

Malicious Activity Summary

execution blankgrabber

Blankgrabber family

A stealer written in Python and packaged with Pyinstaller

Legitimate hosting services abused for malware hosting/C2

Reads runtime system information

Unsigned PE

Command and Scripting Interpreter: JavaScript

Enumerates kernel/hardware configuration

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 09:54

Signatures

A stealer written in Python and packaged with Pyinstaller

Description Indicator Process Target
N/A N/A N/A N/A

Blankgrabber family

blankgrabber

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240426-en

Max time kernel

92s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240221-en

Max time kernel

120s

Max time network

129s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\index.js

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240221-en

Max time kernel

121s

Max time network

124s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\.bin\mime.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\.bin\mime.cmd"

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

128s

Max time network

152s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

106s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\README.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

131s

Max time network

131s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\.bin\mime.cmd"

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\.bin\mime.cmd"

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240221-en

Max time kernel

119s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\README.js

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:54

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

161s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\index.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.212.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240221-en

Max time kernel

122s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\read.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\read.js

Network

N/A

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240221-en

Max time kernel

119s

Max time network

122s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\raw.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\raw.js

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:56

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/fs/cgroup/memory/memory.limit_in_bytes /usr/bin/node N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/meminfo /usr/bin/node N/A

Processes

/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime

[/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime]

/bin/sed

[sed -e s,\\,/,g]

/usr/bin/dirname

[dirname /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime]

/bin/uname

[uname]

/usr/local/sbin/node

[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

/usr/local/bin/node

[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

/usr/sbin/node

[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

/usr/bin/node

[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:54

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:56

Platform

win7-20231129-en

Max time kernel

118s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240508-en

Max time kernel

121s

Max time network

126s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\README.js

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:55

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240426-en

Max time kernel

92s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\json.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\json.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:56

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

Signatures

N/A

Processes

/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1

[/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/local/sbin/pwsh

[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/local/bin/pwsh

[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/sbin/pwsh

[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/usr/bin/pwsh

[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/sbin/pwsh

[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/bin/pwsh

[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

/snap/bin/pwsh

[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]

Network

Country Destination Domain Proto
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 151.101.65.91:443 tcp
N/A 224.0.0.251:5353 udp
GB 195.181.164.19:443 tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:56

Platform

win7-20240508-en

Max time kernel

117s

Max time network

119s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\index.js

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

debian9-armhf-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

135s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\read.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\read.js

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1424,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

130s

Max time network

153s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\raw.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\raw.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240508-en

Max time kernel

120s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fgd.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46FE9C91-218F-11EF-8C71-D684AC6A5058} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423570340" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500b311d9cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000a1a81077f7a15612e3cd2abbe3b5312914077184ae90a3b2dc172e83805a95fd000000000e80000000020000200000009b9635c180865d1700ed45eeeb043f81945461430399d18cde07a8726c1b6270200000007dbdc7f0d25deca1d02cd0351b78f1ea71a6da8827551895455398f0b14c7cee400000009893eff607e325554eaab3af72ede8e720315db1ee14b216c6d08d5a52d27d7ac2828c3a606276505e133e6fbee2cfb8d7a3298b2675df72c5da3eff9cc8439e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000037b8802b9a00030b83f08a7cc67de14974a8d74b608d35d998c43a534bc3628d000000000e80000000020000200000000506dfdc0c8e12803dfa4300ed30c6019df04e89cb659f8cf5244cc79c111d9690000000a9af0435b4417c9f54eec92ff029de9b252e530b838df12f41a1220d264e7fa9665eeb4e290531748249ff40532bc06db45eba6c26c6db9e98050dea7b2afce4da1a53167e328f0f5fa3e42dc8d1e58eab6e157fa234d1ab5331b17bd1c57e9950ce382de97c562dddafecec1e0a8e0d205c016a383b927bd447e4b60f8f8369fccde50dea3530d0fbd8837c40d83c2f4000000012927b891e3e16c68070cfe6c3a64c264d2364c772d8f957a645aed60f8248a3cccc3ee749a5fd7d6bfd70f39681c0e20251840869899449951374e01853aec5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fgd.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:108 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 172.64.147.188:443 kit-pro.fontawesome.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab29C1.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar29E3.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f3c90cf02db422deaeb79efbc1ae01b
SHA1 a8ead29b5f55ba20cd5e2a1e915317028e0e1717
SHA256 6b5646b079cafa34a1ebf9ac04992182505def77341037a6c49f8d602a1a401b
SHA512 9a6abeb5d1a11647999ab90b302fc85afaff1be88af1e198d4ed53ce1fa20bf8b60c3d278c49cc063f965c48015377f9f76d38cbaad51ea1e9473e1825b611f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6477597b89900aa35bb4ea97cd64dd31
SHA1 badc9e6317671ea77bc274ebc903e9c1db5867af
SHA256 b526b95a2c43f26705e481756ed667359b4960fcca8264bd04505ddba792b68b
SHA512 12d23aa8fd6651bd65fac7f0d023fd3a9772112ae4bb921a8c7b262dad17df64dceac8b35d49cf6c968a27b073aadfe4cc52085d6172f588296062b17bd14a57

C:\Users\Admin\AppData\Local\Temp\Tar2AA1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40bac1672a6264096fa9a2247abd4713
SHA1 d007351641d5eb028a21427310bde3e7511a850d
SHA256 b228d51c96a4010fb2a6e69c57a8800cc4882cb102f1d184a6dd227400eda418
SHA512 ae1b2a7b2408d47e49420930af092f8529a5814381fb0a1f974de36a08ceab37368ba8324ad5603e79687e38998b0a20587f16f2e6f1e46258863d97bb926d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebdaaf2353c59fb3490c94bfff4db313
SHA1 82219e2aef0cb9e8fdad1b4b6a8d65a74571a21a
SHA256 b7d94c47bf46b5679a7a610bb95f97d590715c1c2cd3d3618fc4d06beabe4625
SHA512 391a214fb0e898bbeeee75aab25f2ca03868f3e2855dc9ff1d1d1ac147d4b3de906db0a7a8bdfe52759472033d3796d7319ea726997dc5c62eee8b51f18a0eef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 93b607416933b4b7f951922c3b9c9a23
SHA1 2019ca32606364fac9f6cb24a156478988c28ffd
SHA256 1460893f3298597016e6cee1f4785fbdaf31daec2d91a5d7de41718cd45d85af
SHA512 f316edaa92b36bf159f6aafc28a6542a36503f9d2889b6fd578762bc4640173b46e2587f319373d6be5f8bd7d5e95d0ef53f919bccab9656dc8b68284b721a6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceb6bf3e61265945fe126f0c967572ac
SHA1 27afddb389f0898bd24779566d6ab2c73b685280
SHA256 abc9e51d394cf2fb2842956acfc488ee12c00f75501d3ca11b327ab4db071af1
SHA512 620680edd3a0568abe8881c0cdf5e083f5546cd0b305ee30dbfd9bf402e389d233158e08f4ced0c4d268a2e15c2c60e8a7fd87b4d69967e549863988d3a7f960

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9c5b28fbdd1e8c8d45c30cdf8215300
SHA1 234ad2e9eef7fff0e6acc89cd697c303740ebe36
SHA256 49bd407f183cfcf8c089e0f664d0f16d8159033aaa6bbb5223a9f4ce86ca4333
SHA512 1be56231a7e8b90fe223991fe52c6a46f9bf476084f657252d0281d468b089d71485c576463b072a8d6bee60e24f3be86114fb193c052a1c5ea62ee1cfcd2603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e046f0d010e8aff90cd97e640e2217a2
SHA1 645ed38425e7bd4e112a94bb991b4804c8a08da2
SHA256 14d2eb11cdece95860fb2b32c13d0cd67695b925a73ee139a4bd95b40c6a9561
SHA512 64327459b90a8fe1ee1bcbab7b6e1403776586a45f386b212349a8de32896f00984d98a7936fdac4adfd9aced4de202b0e9696e0ca4d5f8bdeb7fff453250ffd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7554e416c89de352a6c86de1e8848be
SHA1 9b13383879579108df8a4cad2d0f26b78f62e574
SHA256 298ad7b455e01e332c823c507dcef4baceb0a12ac21319ad01c09f34b71223b6
SHA512 8ab405e0233ca1730a1893fa81bc2e9c2f613e22667acb1803730336c87667a69062802392e9cb32d442e43a8e9117d00e25c962ff20c14c5f3980f6e25bddec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe0f5f3eabafbe65d642ec3ad6ffdead
SHA1 10aa0dfccdaddeac2fdcc3fcce55b748109606a7
SHA256 762844bd6c1fe5e033d362539474c8d9b83bc727d51554410d52c837cbb9adf2
SHA512 6b48f5a8d47c6af90796047b0335a74d954b18574afe2631a03ec0a63031952208db0a53fb05e090cc95ee6d4a74b739314cdea03c8735a688c8728e44c9e185

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cd5e2c545cd98b904afea7cf8a1ac55
SHA1 5ef7d38ae9ef057506b1f89b0ae6454867acdf6e
SHA256 126c8123c7b01c958e43bdcde9c985767a80eadee7333c5a81098fad26148876
SHA512 0bd2ccbd23e08577b9b8c9f00369e19ea69d751beb78ae0da6c4fea60d1f0e425138cf582a9b3527ce79f8ddaf784b88f4b6dee09c705895d1e2709a2976c979

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79ac77a8c4cb1e3e3815f1d3b0c8876f
SHA1 3eb68ff286d58f2d695dc0591294b30009e1e64e
SHA256 136fe5cd69c25f07508e3ccbc89b71e9375b8998e4f97bd0db7fa17e1137975e
SHA512 2643f739991c3f5b2abb59edfdcafc4f9e468ebc4c41ea2738a8f2ee15a65d5e63d81e909c482aebb6fab931f01b009ef4f2f0507bad6cdacb75f646beaf8864

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c325880cf4ed04500ff780afedf966dd
SHA1 354190beb16f126da7d932f5e4d8ce5ea26df421
SHA256 b193ba0e8cabedc1df325e85f7ca19f15a6f41a4fe30967093f672d8adaba440
SHA512 e3d2df5b45a564809ecc6441aaa0daffb3d9dd42c48142c27c867611322e31bafee3acb4a9f05db24092fdf63af5f292959606e948f3d77d47f5bf61bafa64df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7312273d71def877bd1d444a8a76bf1
SHA1 617ac56001396074a97b2b109eab00870dfd42a4
SHA256 f8b41b68caee0a7d693ff9969dd721ddd2ec279b44261989862bd21a533194d3
SHA512 e63de599fd6a5d40996ea614d173f01a1aefd73d527881c59d1b2f898260011ba93f6a85a785dfbc6f9217693855c4029bfff0c6f38aceb8b6e211525264c9a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38eda669fae1d9b5402e053e628e0f0f
SHA1 c4130372269aa6ec2774a46d78d17a19eeb86e52
SHA256 4e87e774ce7ccdea7f4e90f2e6f7bfc135bbc5a86598a765257efe8e570a76f2
SHA512 8438897566f01c18f626e2011a071b8358aa6052edf94788f9e47a60f5d53ad145b0c70feed062b9081f12fd8bf419e2fd252ccccc56b8c1df863d674b869f26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 301b4525644c8da140ef5b9780da8063
SHA1 578d8ac646ffba3929f41f13476dcb26eb364593
SHA256 93eafbb52d82c84a8e922cb57d108a9359a939ca1dc5d91c4e3498b00856b923
SHA512 64f2a443755a5fc4075f98497d91238a4168b2aa603130f8201127922920a00fa5493f79c5437458b957b554441d49ceeaf0a603d90157749922c301757698f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d06f9edaf9c0beba2c089500192ba9b
SHA1 b059b3e80fdaa2237e4efc7f781b070648af5dc9
SHA256 6396a8ed648be30425d1a0ce4516cc8eecd82e6d0461c82d4e7a7de5dec6e5e8
SHA512 98bc8db691176e82d482f7c578bceedab15aa1dad48ec456796d697cb4b9475c349c58a36a7a1862e47c0e5f2b138db194aea598274337466eff89b283ea57d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ddc1e30291436edb4652e4efec710d5
SHA1 3e3784c6fe5b9979046412738573c1bff12b9a13
SHA256 b388da08c32e81b6947ad073f9c5c5121940b6980ee3a2bca65f42b9214f7721
SHA512 9a7d9aa63ac783f375be2aa62b4af8402743b9718f81cb4b5d9885f29eba27f3342be62c13cac1c5b1f585095afb5964c58ed6608edde4dfc1286862363572df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e8f79f92cd6586a43f95fbe30f0b5d7
SHA1 ab17fc3eaf6a2b9cf5032fbf1cace36ac164dd64
SHA256 0a9e724c6f74b1a00bd1a7f2e73e365fac52e9d1b0b03d0b5b9a0b12025eb02d
SHA512 ff475bf34f48c5dae08e8a0a704186fdb4606f4e07400993c26e0f1e64ea79f93726cad634c72ba647d9200b495f3a48eb2a7e45be69c323605a36e18a5e43c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ee992a7cf33a96846f878593e8493d4
SHA1 3fbfa9bf45c27a006748dbf2dc57c36a2c30e8a1
SHA256 e79f7c69722c070c9cecada4e00f3bb5ec1df0a97890387cb58160b155146c29
SHA512 fa1f4f10135c58abf63e8d696b72532ff2d4b42d5596b6467d0f90a23b2b504c77791ebfc8d1c754cbf14d877172f95fc7244e74e7e3d2c33af4f44916c2321d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc27c6a192e80863eaba26a1bca57138
SHA1 bf741e2abdc2f73555630d531b5291060dbc5f7c
SHA256 265a3924331528e6d4ef20e69b9b5bfdf6b8f3589de03aa3b79dc3a5d823d2a4
SHA512 2c9433c6eed4774bb2fe76e8f3c02e5d37166a9226251719416cb43d282ecc71b5f86257e80a7deacda57dce03b931ec0419ce6d7ae60d25ead3ece651e70ae5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c80b0045b0354e416317f50f203e5c6f
SHA1 78121aa45e82d7dbaf124b0450e3b74c8e1354b2
SHA256 ba6a17f370ef3c574de75c410386b482efd1f83cced476acc74679800769cbfc
SHA512 4b765f15070e55ae2d7a362fdbb515a9a75e0b36b15f27334bbe55bbbee570802c3ec17510d45843d801e963885ba6b24f4de41c0cea9239363d16b83af12dfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b9ef1765dd1c3f5ec31fcf7db8ea157
SHA1 d740933743635a4e23bf60f03f16942d14af5bde
SHA256 89d97aaa49ba8309afd3e2ca688256a34e5b985852a6fdf27cb703b2c06420f6
SHA512 eebd41fc68d3de1ea58d4957a9a7c29cbd325965636a41d3319e7ca0bb4d6dd68caa3ac6aabac4221b090e61d561ee88a5b07b1eea99f4d461a476d1d17f3190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bf101050c441146d02422387ddf7247
SHA1 12ce996c99cca377d32f91778b459b0e0d57d4d3
SHA256 ff6c2883b524f2d72eb173e33631f4fc935c2d835ec7190d0c3f85e83620008e
SHA512 5113c0ccdf9bcf2264ed95df5d28d1c29ba175c0afdf595e5f790cb9dd1593d5ead7d16ea43c26128196727d06434bc2a28aed0c4653c28954ea95ec316faa05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03499ade7e030ac5f17825355f1a1ec9
SHA1 784f614cd8911c7b85b7c0166265dce2ee0e1113
SHA256 c138166493bd3088fec90418b08f60464adcaaef20b27efa64fd5455b29192c5
SHA512 6423de5c6237a8df81cee4f86b89b51e8d7b107c6f7259248a2ff6fd34956dbc226fe39afa5ab4aa6f08e55d0794c53cad31f11d805704e94b3a04c841f6b665

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ae4da229cd0a73769f0a373a4b981f4
SHA1 5a65cb21f063678ee0bcb61448b29daf7f5bc17a
SHA256 9d0efe6919e29d6eaf9c42e3089ba408a87aef4f432e5d0dd5e540466633fbf7
SHA512 d0114ee68c7569e36a4168c4cf254338556e96dd1614f3f7a048ac5bd1e61683f6c7f665c392eca084d44072c369f9fcc20178ae935673950235d94a607015d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fde111a17ed992a7a62ae15af3c0c382
SHA1 756d2ba7f2f0f271aa7c9302d4026652e45d7c26
SHA256 9a82ce6a5b00677312d4b429e6db8ca8a1ad7aecf840586271d077c3fe9c5165
SHA512 e2bed5446f984731f78f03a06544e50db0353991422394d4510a0d53d50b3cbb526cab9e21e80a180e8f38d5e5b479252f0a65766028037f5100531ccfdc6d35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a34a513cc9366cc713b5cf2c00c9405
SHA1 210d05a61acef9cfe0c6fab7851480b9fa5fce34
SHA256 c259498ebd03302f2c747bc517070c8845cae649d828cfa9b2a4bc3e46cdc154
SHA512 9e52c3a934f045e2eeb2c24465766a2f848307b93af3feb0e05a9e4fb1cccb2a478fe680db632a311b2eb3fbbe2fe8f4ec8d81949badb9b7c47cf8f2bea3ba2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fd1ffb9f71122889c1ae5942522bb5c
SHA1 9c20496aedff0b77549b3e32fabd023b4215d52b
SHA256 7fd18df4f90d869f210dfb8013458133cdd4fbd9708a1b2b3708918c48fdd3aa
SHA512 de352cf4177d4d388df3adaf239eaa87e6021616dec45b62095284b91e39f9444caf35e86df62abf808cf97d1934217bab259422e55d029b9ecc661b6f6a1e64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c780c1310971fc9386d69102755c0bad
SHA1 dae7954e9bbef88e230cb04c4e76de414a398154
SHA256 cd0b248779d34c47466f9cadea5aa7b505d4314c84600305d07421d89dc5a583
SHA512 054dd10dcd2cb4fd0bfa8b0f0826b22d35518098b37133b53d125a8d7a221ea6efa17424c99b19c4a959236b60ea4b4d2358c59472bb2e55929e5ab67b360881

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ffc81fa1b9aabd309327cc50e47cdec
SHA1 8f296e2c4e3c2b881554287967fe859ff6b11e69
SHA256 9ac67f59400673c90dfe2353194bf9856c9d316ffd6c4f47d3012a4520b1b0e0
SHA512 7d5b8e8dd8f1f13aa9a3cb16576899e05d67e86f3bd939378d2914a8959d3ef8389ef4cbeea0a6f8f7a945ba1ff09e3c746e4d72c9fd094326f9e4e22e9b2aa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8d1fe16d89e6ccb3837ab3a2cbf3a9a
SHA1 7a0371bfdd3f56be9794a66a66ad409858bd4cde
SHA256 fcaec60c7d0fc1b84f3a81b8157d79d7ea4b4811eae02f6f67f010affeb7bf13
SHA512 08656465df89ac36d300387c4f090943686c913f32b5dbdec083f55c252521876fcf236ad174ac2a25a59701bda42a941691fd7e1ec0094f3fd040a73f6db26c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffd0c4bdbb5067db36d0754e3c915288
SHA1 ee007b1058dc384573f43cfe837d5b76de72626a
SHA256 b682c9ded50270ce6e0debb00475f54fa7654abedb40a3a9fe1eb772fa447649
SHA512 28ef6d5b93d2ac523dd6b79a485de2261e5e700ebd377d2b6cba67096d1904c5c4c70cf10de07d69a00c76d24c0ec280266fe22cc281f3bd6deb91f99d5aaf29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efe69938b299b8b6b7972c09085655f1
SHA1 3cf8b56bc9816df689dd76b7617b9535fb1b9ed2
SHA256 2d7a67f4d445df795f0e0232603f47c134e6fa82e7d5ea8f00b44617abbdc674
SHA512 0fb56f5b940b6a4221096acbf89bef028f7496ac49716df9f39da0306320148867cfd9824b2cf2ffbcb4bf0451cdaf155d8c17f7fdf3cc863576934913bcde2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73918cd1090a5f89ae6e0be3635fcfb1
SHA1 765e1b16352847fd43b1f612146b36acf0eb2bda
SHA256 a479b04147100ed3a86128806e29431699c2bbab76ef5f3dd987095714330eb9
SHA512 c9766f2c8562d317ebf3c96de71d4b1e8429943b26bd683cd81834c29992da8cf4a6fb5e592ce7f4306de8b6445b8f3d68b6ac2aaa5132c6c0ff72d7c2a46a40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db23070e33b9fa45e9d5d6c794250fb0
SHA1 ba0f6d93e7b7e522c2f6449373e11dad25a48076
SHA256 ba7d50776aeb8d1f36285ef23b0db7db0ba3f4378416821a7a99f14145045de4
SHA512 29dcc9a72429e668e5ac59f057ec3424bb5b998bbbfcb283474abbf72cc4e0e0cad9d2472253bc12d23a34955f5518345d0c90f09cfa660143ce38107665178b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b8841753e712ed97e78374a38552e6
SHA1 71b6d816c97a0975535ed261bebbdf41b7b105ab
SHA256 81b9bd0ac21138ebc346362e3d5e69cb78d1dd59286ea4dbdaef648875858535
SHA512 880705d74cb10719c3bbfe6c4347ccfe92c140e19505744529781bb1b389fe0d20fc4b5d42fc7382aa9e44a369c467771365533979946333f603b32cb9f624b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 838d2358279952195c6ce2472dcbfb0b
SHA1 927f6420e5d9495d87f497af83afaf93bb3636f7
SHA256 22820adf576d3697ff69ca86a5b05cbaa9cf391d540af8e66d8edc293e01efb2
SHA512 da70d0f2b32a551326b48b8fb46d3f57ece1ebbb1772998d51acc4a8cfab43436f7603a12d9d13beb02bb3921e3ce07d956b755fbeeaec5e286c05caf4c4aaa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6aa91921564d95ca9f47641943f6489d
SHA1 88c1e560d0b4f2f6b15b976e8f5b230b03c1d2db
SHA256 9d76f03709d489e5b6063f12d9917fcd46cc713fbbfe6cd5c874b28924d0d06c
SHA512 a26d45f1014cbf4fddea58f1275723f5d4afb3839d67574f88a0d053171c64a73e8022aa72a97370730e0d9995ce91779dd84e48bee573e3e65413f6c7926e7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90fa187c1aa6b63cc9e12d446129aa50
SHA1 d7eebb7d5f997c30061f73a4bc985d8e9cc6a348
SHA256 b5a210ec30fcdbec9bde8887e467f2e87a6e462be689458888df38d74277ddaa
SHA512 11a95f5d7a3e51d9e6f6b92d3e9aeecad95ec03afae11acb2af7ba0263b17e5b2a2529c496a7396161f830753a2e361afa26d51fbca80e54ef25c23ae66d294b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b0971d7e92d9bb6747ec6ef40c632b4
SHA1 092564daf74ca50b17b6f8a07ac1c44086091e5e
SHA256 95a9757c905d27a31042d79a88ea4794b2e1c5385eff2cd863bc8e308d9acbef
SHA512 3a7a90728b0934044c43aff6a9e58548fe3c83409e0161a9c0a452a445340505b7eed5b1e2002e072390c14ee933d9265d712ab9a341d89b735fea7a085dfba3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aad1d8775b9778205027cba330d05a8b
SHA1 2d62ac926172cb288df60945ad2baa4f7af9f524
SHA256 a65e6d225af64062bb0a8e2dde4a4c8ec814eb775852c5fa397a5b398e5aed20
SHA512 d8d0bb60411501a30a146bbb24d08a3f8c2ac7e6a1fa2fd03f2be45b40c6c9cb0ccb3324980e6d3b9eb251521042435d710f7269f21fd823d9d0d077395b4329

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4daf09d73810a0072487ea93aa71e0f
SHA1 b8b4419d51c6041a6d1b77dc2f0ec2ca464768e8
SHA256 4740673a771c79ee73c2b0e4d255fec4665630697c670caecf059e89890ad84c
SHA512 4b7d1bce69224b2b655c764e6d0db7d26f23dba47f9e35ea77bc9a6c573e03ba08377a27834a1e740436701940c30ddef832ab7d52576ebd45a8227a17097e72

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fgd.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fgd.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3484,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4908,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4772,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5400,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5416,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5956,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5772,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 8.8.8.8:53 kit-pro.fontawesome.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.18.40.68:443 kit-pro.fontawesome.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
N/A 127.0.0.1:9911 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:9911 tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20240221-en

Max time kernel

118s

Max time network

121s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\README.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\README.js

Network

N/A

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:56

Platform

win7-20240508-en

Max time kernel

121s

Max time network

123s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\json.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\json.js

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

155s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\index.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:54

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win10v2004-20240426-en

Max time kernel

90s

Max time network

154s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-03 09:54

Reported

2024-06-03 09:57

Platform

win7-20231129-en

Max time kernel

122s

Max time network

124s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\index.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\index.js

Network

N/A

Files

N/A