Analysis Overview
SHA256
4e42ce4924cdd62319f93f0991c1eb047d135d5bf9259c445ec4652be7448f21
Threat Level: Known bad
The file LunarBETA1.3.rar was found to be: Known bad.
Malicious Activity Summary
Blankgrabber family
A stealer written in Python and packaged with Pyinstaller
Legitimate hosting services abused for malware hosting/C2
Reads runtime system information
Unsigned PE
Command and Scripting Interpreter: JavaScript
Enumerates kernel/hardware configuration
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 09:54
Signatures
A stealer written in Python and packaged with Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blankgrabber family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240426-en
Max time kernel
92s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\README.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240221-en
Max time kernel
120s
Max time network
129s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\index.js
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240221-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\.bin\mime.cmd"
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\README.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
128s
Max time network
152s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
106s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\README.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
131s
Max time network
131s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\.bin\mime.cmd"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240221-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\README.js
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:54
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
161s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\index.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.253.67:443 | tcp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.212.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240221-en
Max time kernel
122s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\read.js
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240221-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\raw.js
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:56
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime
[/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/local/bin/node
[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/sbin/node
[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/bin/node
[node /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:54
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:56
Platform
win7-20231129-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js
Network
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240508-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\README.js
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:55
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240426-en
Max time kernel
92s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\json.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:56
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Processes
/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1
[/tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/sbin/pwsh
[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/bin/pwsh
[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/sbin/pwsh
[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/bin/pwsh
[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/snap/bin/pwsh
[pwsh /tmp/LunarBETA1.3/Monaco/fileaccess/node_modules/.bin/mime.ps1]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.19:443 | tcp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:56
Platform
win7-20240508-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\accepts\index.js
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\read.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1424,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.177.190.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
130s
Max time network
153s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\raw.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240508-en
Max time kernel
120s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46FE9C91-218F-11EF-8C71-D684AC6A5058} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423570340" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500b311d9cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000a1a81077f7a15612e3cd2abbe3b5312914077184ae90a3b2dc172e83805a95fd000000000e80000000020000200000009b9635c180865d1700ed45eeeb043f81945461430399d18cde07a8726c1b6270200000007dbdc7f0d25deca1d02cd0351b78f1ea71a6da8827551895455398f0b14c7cee400000009893eff607e325554eaab3af72ede8e720315db1ee14b216c6d08d5a52d27d7ac2828c3a606276505e133e6fbee2cfb8d7a3298b2675df72c5da3eff9cc8439e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000037b8802b9a00030b83f08a7cc67de14974a8d74b608d35d998c43a534bc3628d000000000e80000000020000200000000506dfdc0c8e12803dfa4300ed30c6019df04e89cb659f8cf5244cc79c111d9690000000a9af0435b4417c9f54eec92ff029de9b252e530b838df12f41a1220d264e7fa9665eeb4e290531748249ff40532bc06db45eba6c26c6db9e98050dea7b2afce4da1a53167e328f0f5fa3e42dc8d1e58eab6e157fa234d1ab5331b17bd1c57e9950ce382de97c562dddafecec1e0a8e0d205c016a383b927bd447e4b60f8f8369fccde50dea3530d0fbd8837c40d83c2f4000000012927b891e3e16c68070cfe6c3a64c264d2364c772d8f957a645aed60f8248a3cccc3ee749a5fd7d6bfd70f39681c0e20251840869899449951374e01853aec5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 108 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 108 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 108 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 108 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fgd.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:108 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab29C1.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar29E3.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f3c90cf02db422deaeb79efbc1ae01b |
| SHA1 | a8ead29b5f55ba20cd5e2a1e915317028e0e1717 |
| SHA256 | 6b5646b079cafa34a1ebf9ac04992182505def77341037a6c49f8d602a1a401b |
| SHA512 | 9a6abeb5d1a11647999ab90b302fc85afaff1be88af1e198d4ed53ce1fa20bf8b60c3d278c49cc063f965c48015377f9f76d38cbaad51ea1e9473e1825b611f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6477597b89900aa35bb4ea97cd64dd31 |
| SHA1 | badc9e6317671ea77bc274ebc903e9c1db5867af |
| SHA256 | b526b95a2c43f26705e481756ed667359b4960fcca8264bd04505ddba792b68b |
| SHA512 | 12d23aa8fd6651bd65fac7f0d023fd3a9772112ae4bb921a8c7b262dad17df64dceac8b35d49cf6c968a27b073aadfe4cc52085d6172f588296062b17bd14a57 |
C:\Users\Admin\AppData\Local\Temp\Tar2AA1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40bac1672a6264096fa9a2247abd4713 |
| SHA1 | d007351641d5eb028a21427310bde3e7511a850d |
| SHA256 | b228d51c96a4010fb2a6e69c57a8800cc4882cb102f1d184a6dd227400eda418 |
| SHA512 | ae1b2a7b2408d47e49420930af092f8529a5814381fb0a1f974de36a08ceab37368ba8324ad5603e79687e38998b0a20587f16f2e6f1e46258863d97bb926d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebdaaf2353c59fb3490c94bfff4db313 |
| SHA1 | 82219e2aef0cb9e8fdad1b4b6a8d65a74571a21a |
| SHA256 | b7d94c47bf46b5679a7a610bb95f97d590715c1c2cd3d3618fc4d06beabe4625 |
| SHA512 | 391a214fb0e898bbeeee75aab25f2ca03868f3e2855dc9ff1d1d1ac147d4b3de906db0a7a8bdfe52759472033d3796d7319ea726997dc5c62eee8b51f18a0eef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 93b607416933b4b7f951922c3b9c9a23 |
| SHA1 | 2019ca32606364fac9f6cb24a156478988c28ffd |
| SHA256 | 1460893f3298597016e6cee1f4785fbdaf31daec2d91a5d7de41718cd45d85af |
| SHA512 | f316edaa92b36bf159f6aafc28a6542a36503f9d2889b6fd578762bc4640173b46e2587f319373d6be5f8bd7d5e95d0ef53f919bccab9656dc8b68284b721a6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ceb6bf3e61265945fe126f0c967572ac |
| SHA1 | 27afddb389f0898bd24779566d6ab2c73b685280 |
| SHA256 | abc9e51d394cf2fb2842956acfc488ee12c00f75501d3ca11b327ab4db071af1 |
| SHA512 | 620680edd3a0568abe8881c0cdf5e083f5546cd0b305ee30dbfd9bf402e389d233158e08f4ced0c4d268a2e15c2c60e8a7fd87b4d69967e549863988d3a7f960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9c5b28fbdd1e8c8d45c30cdf8215300 |
| SHA1 | 234ad2e9eef7fff0e6acc89cd697c303740ebe36 |
| SHA256 | 49bd407f183cfcf8c089e0f664d0f16d8159033aaa6bbb5223a9f4ce86ca4333 |
| SHA512 | 1be56231a7e8b90fe223991fe52c6a46f9bf476084f657252d0281d468b089d71485c576463b072a8d6bee60e24f3be86114fb193c052a1c5ea62ee1cfcd2603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e046f0d010e8aff90cd97e640e2217a2 |
| SHA1 | 645ed38425e7bd4e112a94bb991b4804c8a08da2 |
| SHA256 | 14d2eb11cdece95860fb2b32c13d0cd67695b925a73ee139a4bd95b40c6a9561 |
| SHA512 | 64327459b90a8fe1ee1bcbab7b6e1403776586a45f386b212349a8de32896f00984d98a7936fdac4adfd9aced4de202b0e9696e0ca4d5f8bdeb7fff453250ffd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7554e416c89de352a6c86de1e8848be |
| SHA1 | 9b13383879579108df8a4cad2d0f26b78f62e574 |
| SHA256 | 298ad7b455e01e332c823c507dcef4baceb0a12ac21319ad01c09f34b71223b6 |
| SHA512 | 8ab405e0233ca1730a1893fa81bc2e9c2f613e22667acb1803730336c87667a69062802392e9cb32d442e43a8e9117d00e25c962ff20c14c5f3980f6e25bddec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe0f5f3eabafbe65d642ec3ad6ffdead |
| SHA1 | 10aa0dfccdaddeac2fdcc3fcce55b748109606a7 |
| SHA256 | 762844bd6c1fe5e033d362539474c8d9b83bc727d51554410d52c837cbb9adf2 |
| SHA512 | 6b48f5a8d47c6af90796047b0335a74d954b18574afe2631a03ec0a63031952208db0a53fb05e090cc95ee6d4a74b739314cdea03c8735a688c8728e44c9e185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1cd5e2c545cd98b904afea7cf8a1ac55 |
| SHA1 | 5ef7d38ae9ef057506b1f89b0ae6454867acdf6e |
| SHA256 | 126c8123c7b01c958e43bdcde9c985767a80eadee7333c5a81098fad26148876 |
| SHA512 | 0bd2ccbd23e08577b9b8c9f00369e19ea69d751beb78ae0da6c4fea60d1f0e425138cf582a9b3527ce79f8ddaf784b88f4b6dee09c705895d1e2709a2976c979 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79ac77a8c4cb1e3e3815f1d3b0c8876f |
| SHA1 | 3eb68ff286d58f2d695dc0591294b30009e1e64e |
| SHA256 | 136fe5cd69c25f07508e3ccbc89b71e9375b8998e4f97bd0db7fa17e1137975e |
| SHA512 | 2643f739991c3f5b2abb59edfdcafc4f9e468ebc4c41ea2738a8f2ee15a65d5e63d81e909c482aebb6fab931f01b009ef4f2f0507bad6cdacb75f646beaf8864 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c325880cf4ed04500ff780afedf966dd |
| SHA1 | 354190beb16f126da7d932f5e4d8ce5ea26df421 |
| SHA256 | b193ba0e8cabedc1df325e85f7ca19f15a6f41a4fe30967093f672d8adaba440 |
| SHA512 | e3d2df5b45a564809ecc6441aaa0daffb3d9dd42c48142c27c867611322e31bafee3acb4a9f05db24092fdf63af5f292959606e948f3d77d47f5bf61bafa64df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7312273d71def877bd1d444a8a76bf1 |
| SHA1 | 617ac56001396074a97b2b109eab00870dfd42a4 |
| SHA256 | f8b41b68caee0a7d693ff9969dd721ddd2ec279b44261989862bd21a533194d3 |
| SHA512 | e63de599fd6a5d40996ea614d173f01a1aefd73d527881c59d1b2f898260011ba93f6a85a785dfbc6f9217693855c4029bfff0c6f38aceb8b6e211525264c9a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38eda669fae1d9b5402e053e628e0f0f |
| SHA1 | c4130372269aa6ec2774a46d78d17a19eeb86e52 |
| SHA256 | 4e87e774ce7ccdea7f4e90f2e6f7bfc135bbc5a86598a765257efe8e570a76f2 |
| SHA512 | 8438897566f01c18f626e2011a071b8358aa6052edf94788f9e47a60f5d53ad145b0c70feed062b9081f12fd8bf419e2fd252ccccc56b8c1df863d674b869f26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 301b4525644c8da140ef5b9780da8063 |
| SHA1 | 578d8ac646ffba3929f41f13476dcb26eb364593 |
| SHA256 | 93eafbb52d82c84a8e922cb57d108a9359a939ca1dc5d91c4e3498b00856b923 |
| SHA512 | 64f2a443755a5fc4075f98497d91238a4168b2aa603130f8201127922920a00fa5493f79c5437458b957b554441d49ceeaf0a603d90157749922c301757698f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d06f9edaf9c0beba2c089500192ba9b |
| SHA1 | b059b3e80fdaa2237e4efc7f781b070648af5dc9 |
| SHA256 | 6396a8ed648be30425d1a0ce4516cc8eecd82e6d0461c82d4e7a7de5dec6e5e8 |
| SHA512 | 98bc8db691176e82d482f7c578bceedab15aa1dad48ec456796d697cb4b9475c349c58a36a7a1862e47c0e5f2b138db194aea598274337466eff89b283ea57d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ddc1e30291436edb4652e4efec710d5 |
| SHA1 | 3e3784c6fe5b9979046412738573c1bff12b9a13 |
| SHA256 | b388da08c32e81b6947ad073f9c5c5121940b6980ee3a2bca65f42b9214f7721 |
| SHA512 | 9a7d9aa63ac783f375be2aa62b4af8402743b9718f81cb4b5d9885f29eba27f3342be62c13cac1c5b1f585095afb5964c58ed6608edde4dfc1286862363572df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e8f79f92cd6586a43f95fbe30f0b5d7 |
| SHA1 | ab17fc3eaf6a2b9cf5032fbf1cace36ac164dd64 |
| SHA256 | 0a9e724c6f74b1a00bd1a7f2e73e365fac52e9d1b0b03d0b5b9a0b12025eb02d |
| SHA512 | ff475bf34f48c5dae08e8a0a704186fdb4606f4e07400993c26e0f1e64ea79f93726cad634c72ba647d9200b495f3a48eb2a7e45be69c323605a36e18a5e43c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ee992a7cf33a96846f878593e8493d4 |
| SHA1 | 3fbfa9bf45c27a006748dbf2dc57c36a2c30e8a1 |
| SHA256 | e79f7c69722c070c9cecada4e00f3bb5ec1df0a97890387cb58160b155146c29 |
| SHA512 | fa1f4f10135c58abf63e8d696b72532ff2d4b42d5596b6467d0f90a23b2b504c77791ebfc8d1c754cbf14d877172f95fc7244e74e7e3d2c33af4f44916c2321d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc27c6a192e80863eaba26a1bca57138 |
| SHA1 | bf741e2abdc2f73555630d531b5291060dbc5f7c |
| SHA256 | 265a3924331528e6d4ef20e69b9b5bfdf6b8f3589de03aa3b79dc3a5d823d2a4 |
| SHA512 | 2c9433c6eed4774bb2fe76e8f3c02e5d37166a9226251719416cb43d282ecc71b5f86257e80a7deacda57dce03b931ec0419ce6d7ae60d25ead3ece651e70ae5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c80b0045b0354e416317f50f203e5c6f |
| SHA1 | 78121aa45e82d7dbaf124b0450e3b74c8e1354b2 |
| SHA256 | ba6a17f370ef3c574de75c410386b482efd1f83cced476acc74679800769cbfc |
| SHA512 | 4b765f15070e55ae2d7a362fdbb515a9a75e0b36b15f27334bbe55bbbee570802c3ec17510d45843d801e963885ba6b24f4de41c0cea9239363d16b83af12dfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b9ef1765dd1c3f5ec31fcf7db8ea157 |
| SHA1 | d740933743635a4e23bf60f03f16942d14af5bde |
| SHA256 | 89d97aaa49ba8309afd3e2ca688256a34e5b985852a6fdf27cb703b2c06420f6 |
| SHA512 | eebd41fc68d3de1ea58d4957a9a7c29cbd325965636a41d3319e7ca0bb4d6dd68caa3ac6aabac4221b090e61d561ee88a5b07b1eea99f4d461a476d1d17f3190 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bf101050c441146d02422387ddf7247 |
| SHA1 | 12ce996c99cca377d32f91778b459b0e0d57d4d3 |
| SHA256 | ff6c2883b524f2d72eb173e33631f4fc935c2d835ec7190d0c3f85e83620008e |
| SHA512 | 5113c0ccdf9bcf2264ed95df5d28d1c29ba175c0afdf595e5f790cb9dd1593d5ead7d16ea43c26128196727d06434bc2a28aed0c4653c28954ea95ec316faa05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03499ade7e030ac5f17825355f1a1ec9 |
| SHA1 | 784f614cd8911c7b85b7c0166265dce2ee0e1113 |
| SHA256 | c138166493bd3088fec90418b08f60464adcaaef20b27efa64fd5455b29192c5 |
| SHA512 | 6423de5c6237a8df81cee4f86b89b51e8d7b107c6f7259248a2ff6fd34956dbc226fe39afa5ab4aa6f08e55d0794c53cad31f11d805704e94b3a04c841f6b665 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ae4da229cd0a73769f0a373a4b981f4 |
| SHA1 | 5a65cb21f063678ee0bcb61448b29daf7f5bc17a |
| SHA256 | 9d0efe6919e29d6eaf9c42e3089ba408a87aef4f432e5d0dd5e540466633fbf7 |
| SHA512 | d0114ee68c7569e36a4168c4cf254338556e96dd1614f3f7a048ac5bd1e61683f6c7f665c392eca084d44072c369f9fcc20178ae935673950235d94a607015d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fde111a17ed992a7a62ae15af3c0c382 |
| SHA1 | 756d2ba7f2f0f271aa7c9302d4026652e45d7c26 |
| SHA256 | 9a82ce6a5b00677312d4b429e6db8ca8a1ad7aecf840586271d077c3fe9c5165 |
| SHA512 | e2bed5446f984731f78f03a06544e50db0353991422394d4510a0d53d50b3cbb526cab9e21e80a180e8f38d5e5b479252f0a65766028037f5100531ccfdc6d35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a34a513cc9366cc713b5cf2c00c9405 |
| SHA1 | 210d05a61acef9cfe0c6fab7851480b9fa5fce34 |
| SHA256 | c259498ebd03302f2c747bc517070c8845cae649d828cfa9b2a4bc3e46cdc154 |
| SHA512 | 9e52c3a934f045e2eeb2c24465766a2f848307b93af3feb0e05a9e4fb1cccb2a478fe680db632a311b2eb3fbbe2fe8f4ec8d81949badb9b7c47cf8f2bea3ba2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fd1ffb9f71122889c1ae5942522bb5c |
| SHA1 | 9c20496aedff0b77549b3e32fabd023b4215d52b |
| SHA256 | 7fd18df4f90d869f210dfb8013458133cdd4fbd9708a1b2b3708918c48fdd3aa |
| SHA512 | de352cf4177d4d388df3adaf239eaa87e6021616dec45b62095284b91e39f9444caf35e86df62abf808cf97d1934217bab259422e55d029b9ecc661b6f6a1e64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c780c1310971fc9386d69102755c0bad |
| SHA1 | dae7954e9bbef88e230cb04c4e76de414a398154 |
| SHA256 | cd0b248779d34c47466f9cadea5aa7b505d4314c84600305d07421d89dc5a583 |
| SHA512 | 054dd10dcd2cb4fd0bfa8b0f0826b22d35518098b37133b53d125a8d7a221ea6efa17424c99b19c4a959236b60ea4b4d2358c59472bb2e55929e5ab67b360881 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ffc81fa1b9aabd309327cc50e47cdec |
| SHA1 | 8f296e2c4e3c2b881554287967fe859ff6b11e69 |
| SHA256 | 9ac67f59400673c90dfe2353194bf9856c9d316ffd6c4f47d3012a4520b1b0e0 |
| SHA512 | 7d5b8e8dd8f1f13aa9a3cb16576899e05d67e86f3bd939378d2914a8959d3ef8389ef4cbeea0a6f8f7a945ba1ff09e3c746e4d72c9fd094326f9e4e22e9b2aa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8d1fe16d89e6ccb3837ab3a2cbf3a9a |
| SHA1 | 7a0371bfdd3f56be9794a66a66ad409858bd4cde |
| SHA256 | fcaec60c7d0fc1b84f3a81b8157d79d7ea4b4811eae02f6f67f010affeb7bf13 |
| SHA512 | 08656465df89ac36d300387c4f090943686c913f32b5dbdec083f55c252521876fcf236ad174ac2a25a59701bda42a941691fd7e1ec0094f3fd040a73f6db26c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd0c4bdbb5067db36d0754e3c915288 |
| SHA1 | ee007b1058dc384573f43cfe837d5b76de72626a |
| SHA256 | b682c9ded50270ce6e0debb00475f54fa7654abedb40a3a9fe1eb772fa447649 |
| SHA512 | 28ef6d5b93d2ac523dd6b79a485de2261e5e700ebd377d2b6cba67096d1904c5c4c70cf10de07d69a00c76d24c0ec280266fe22cc281f3bd6deb91f99d5aaf29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efe69938b299b8b6b7972c09085655f1 |
| SHA1 | 3cf8b56bc9816df689dd76b7617b9535fb1b9ed2 |
| SHA256 | 2d7a67f4d445df795f0e0232603f47c134e6fa82e7d5ea8f00b44617abbdc674 |
| SHA512 | 0fb56f5b940b6a4221096acbf89bef028f7496ac49716df9f39da0306320148867cfd9824b2cf2ffbcb4bf0451cdaf155d8c17f7fdf3cc863576934913bcde2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73918cd1090a5f89ae6e0be3635fcfb1 |
| SHA1 | 765e1b16352847fd43b1f612146b36acf0eb2bda |
| SHA256 | a479b04147100ed3a86128806e29431699c2bbab76ef5f3dd987095714330eb9 |
| SHA512 | c9766f2c8562d317ebf3c96de71d4b1e8429943b26bd683cd81834c29992da8cf4a6fb5e592ce7f4306de8b6445b8f3d68b6ac2aaa5132c6c0ff72d7c2a46a40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db23070e33b9fa45e9d5d6c794250fb0 |
| SHA1 | ba0f6d93e7b7e522c2f6449373e11dad25a48076 |
| SHA256 | ba7d50776aeb8d1f36285ef23b0db7db0ba3f4378416821a7a99f14145045de4 |
| SHA512 | 29dcc9a72429e668e5ac59f057ec3424bb5b998bbbfcb283474abbf72cc4e0e0cad9d2472253bc12d23a34955f5518345d0c90f09cfa660143ce38107665178b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08b8841753e712ed97e78374a38552e6 |
| SHA1 | 71b6d816c97a0975535ed261bebbdf41b7b105ab |
| SHA256 | 81b9bd0ac21138ebc346362e3d5e69cb78d1dd59286ea4dbdaef648875858535 |
| SHA512 | 880705d74cb10719c3bbfe6c4347ccfe92c140e19505744529781bb1b389fe0d20fc4b5d42fc7382aa9e44a369c467771365533979946333f603b32cb9f624b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 838d2358279952195c6ce2472dcbfb0b |
| SHA1 | 927f6420e5d9495d87f497af83afaf93bb3636f7 |
| SHA256 | 22820adf576d3697ff69ca86a5b05cbaa9cf391d540af8e66d8edc293e01efb2 |
| SHA512 | da70d0f2b32a551326b48b8fb46d3f57ece1ebbb1772998d51acc4a8cfab43436f7603a12d9d13beb02bb3921e3ce07d956b755fbeeaec5e286c05caf4c4aaa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aa91921564d95ca9f47641943f6489d |
| SHA1 | 88c1e560d0b4f2f6b15b976e8f5b230b03c1d2db |
| SHA256 | 9d76f03709d489e5b6063f12d9917fcd46cc713fbbfe6cd5c874b28924d0d06c |
| SHA512 | a26d45f1014cbf4fddea58f1275723f5d4afb3839d67574f88a0d053171c64a73e8022aa72a97370730e0d9995ce91779dd84e48bee573e3e65413f6c7926e7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90fa187c1aa6b63cc9e12d446129aa50 |
| SHA1 | d7eebb7d5f997c30061f73a4bc985d8e9cc6a348 |
| SHA256 | b5a210ec30fcdbec9bde8887e467f2e87a6e462be689458888df38d74277ddaa |
| SHA512 | 11a95f5d7a3e51d9e6f6b92d3e9aeecad95ec03afae11acb2af7ba0263b17e5b2a2529c496a7396161f830753a2e361afa26d51fbca80e54ef25c23ae66d294b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b0971d7e92d9bb6747ec6ef40c632b4 |
| SHA1 | 092564daf74ca50b17b6f8a07ac1c44086091e5e |
| SHA256 | 95a9757c905d27a31042d79a88ea4794b2e1c5385eff2cd863bc8e308d9acbef |
| SHA512 | 3a7a90728b0934044c43aff6a9e58548fe3c83409e0161a9c0a452a445340505b7eed5b1e2002e072390c14ee933d9265d712ab9a341d89b735fea7a085dfba3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aad1d8775b9778205027cba330d05a8b |
| SHA1 | 2d62ac926172cb288df60945ad2baa4f7af9f524 |
| SHA256 | a65e6d225af64062bb0a8e2dde4a4c8ec814eb775852c5fa397a5b398e5aed20 |
| SHA512 | d8d0bb60411501a30a146bbb24d08a3f8c2ac7e6a1fa2fd03f2be45b40c6c9cb0ccb3324980e6d3b9eb251521042435d710f7269f21fd823d9d0d077395b4329 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4daf09d73810a0072487ea93aa71e0f |
| SHA1 | b8b4419d51c6041a6d1b77dc2f0ec2ca464768e8 |
| SHA256 | 4740673a771c79ee73c2b0e4d255fec4665630697c670caecf059e89890ad84c |
| SHA512 | 4b7d1bce69224b2b655c764e6d0db7d26f23dba47f9e35ea77bc9a6c573e03ba08377a27834a1e740436701940c30ddef832ab7d52576ebd45a8227a17097e72 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
144s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fgd.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3484,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4908,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4772,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5400,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5416,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5956,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5772,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| N/A | 127.0.0.1:9911 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9911 | tcp | |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20240221-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\README.js
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:56
Platform
win7-20240508-en
Max time kernel
121s
Max time network
123s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\body-parser\lib\types\json.js
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\index.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:54
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win10v2004-20240426-en
Max time kernel
90s
Max time network
154s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\node_modules\array-flatten\array-flatten.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-03 09:54
Reported
2024-06-03 09:57
Platform
win7-20231129-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\LunarBETA1.3\Monaco\fileaccess\index.js