Analysis Overview
SHA256
57f487f0d8eddd22ea6c42f697c612d3969e8cba20925cb72a1b8568b67b3003
Threat Level: Known bad
The file CrystalUPDATED.rar was found to be: Known bad.
Malicious Activity Summary
Agenttesla family
AgentTesla
AgentTesla payload
AgentTesla payload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Themida packer
Checks BIOS information in registry
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Enumerates physical storage devices
Reads runtime system information
Unsigned PE
Enumerates kernel/hardware configuration
Command and Scripting Interpreter: JavaScript
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 18:42
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fgd.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceb7246f8,0x7ffceb724708,0x7ffceb724718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,11153945240757849121,12562549351261787296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.147.188:443 | kit-pro.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.131.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3a09f853479af373691d131247040276 |
| SHA1 | 1b6f098e04da87e9cf2d3284943ec2144f36ac04 |
| SHA256 | a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f |
| SHA512 | 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016 |
\??\pipe\LOCAL\crashpad_1136_GLUGOWCMAIMATJKN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db9081c34e133c32d02f593df88f047a |
| SHA1 | a0da007c14fd0591091924edc44bee90456700c6 |
| SHA256 | c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e |
| SHA512 | 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70698e796d567173de2c8ba253d02267 |
| SHA1 | 39514ea2322e18c4e2bb837083e500921aadbee6 |
| SHA256 | 0ffbac14a8ce07073c6b475e2f68bf9ab40713747841ae7b008364b2733f6b4f |
| SHA512 | b371323682c3633d6c034e792a114d9378e1103258840327354196ec57ac10cec2a0646c5759fb764c2c8cf47edb8dc3f3476f53b66227a2f802ba1b8ca57c90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2fd395f502de5bdfb6747858a7476790 |
| SHA1 | 476e628b7128f565c53c79052ef0d20205c53052 |
| SHA256 | 69c877b2931349421785e77caac2f1d323f2ec76ad528266d34b00edffed969e |
| SHA512 | 2b4d7ca28112a42e81da06c418e8b551ba9ddf03d7d09e3857f56e95e2eafcb3f8167845e8c0144427f8e5f7d8bccd33d4fb9859ba8f91d5be5d8fe2bb4125d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6403a4bb876f23e6f368fa37e406e556 |
| SHA1 | 0a960108fbba10d94324ae06a4ff357c79fe960d |
| SHA256 | c78863c719916d17abc0385ff01b5f9636deb0ceda8bed37ebcc1c2285baed4c |
| SHA512 | ebe08b9ea584abacc0126a1d0976d9101742ab1b42725183f137fbc982f224cbc238cc5d1acadb9f5019c4d0840585bfe995df39bb2a6b1f94c490b789188643 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 670a6e0419be3cd9bdbe92f571150fd7 |
| SHA1 | f816db19160027a5b9a539cd9c589c041fb5f410 |
| SHA256 | cf9fbdcf62547e079526a3cd6c5233f9a5fa790ab415694bbb43de5000f87df9 |
| SHA512 | 9693c2418ae4919ec7b632a63f7756527771f4b2a6da59485c76b684ab4ebed0f437f9fbe04df99eb8f15b547864fc139586c64a9a093e8f3d1f7223ec84f462 |
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240508-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\node_modules\accepts\index.js
Network
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:44
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240221-en
Max time kernel
117s
Max time network
122s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\node_modules\accepts\README.js
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240221-en
Max time kernel
121s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a3deee53bfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003889b83ba6aa2b4cac07312048dff3c100000000020000000000106600000001000020000000a89b37a409d69add78e4f59fdd686f451eda29bcfdda3b512d5e5ecc359fbf9e000000000e800000000200002000000086eb71e0e084b798dbe634ed5109b8c5697edc019bcbd975eea72974732121ff200000000372275a06a3fcf3b54459fcc0303e267d504ce5c9b37f1f455a1228e573d9d540000000580bd530fa7f815fd496365ba7b2c82a16f27aabadf00d0a7bbad6a05d0f5ac11928b2012070d7c53063e916be87a54cc7a732f907a81e299538ad3b246ae559 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003889b83ba6aa2b4cac07312048dff3c100000000020000000000106600000001000020000000d6b44ed2c98598e5b069bbe36807de4169bbe99f6ac9d4e84b29893162f840b3000000000e8000000002000020000000893a7d16ea4ad301290365caede6b3f41e56e55ae7398805dccb44230f1df9b890000000b1ac71577a47ae1735937501bc2be33459fd96de427bb3822131bee73d5e5cfb5f6e781041f7afface9b6228da240646e03cb0308917399fca35a5abf6acfb5178bd6f5b57369694cc4dcb661aca36aae8f3d08784b63ef0d1d47e4243dd9485e0cf20f6f47d9c173a21ad8b845806eeb6988fd676a16a7823152fe60cb3996ee2b83d6fcbfd6a8db872a93bf11ea95340000000a932a25619916aa686872637ea2307920545f6a0d8f62e9d70ec69742c76782b53503a89c47998c37789e402f812315ba04e756f24f4ad7dc22381d97462d4f7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424638851" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{18572761-2B47-11EF-BC57-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2160 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fgd.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.8:80 | apps.identrust.com | tcp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2DC6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2E75.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | d69e1bc20603a14c158326c803885ee9 |
| SHA1 | 0e682fec8d29888ebf04d3ec2d7df5402c38f1af |
| SHA256 | 6db811302f8929f8ecf418def8f4505e94fb4db430758cf841ea521898cb0c8f |
| SHA512 | 38e3b444454aaae4492247e9ecafba662c732dc76da7121d1044cbff340390e461f0d83da6ad11b337fc4c3a81bee47c41290a33cdf3ade35f2d2d0537e7d74d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e600f59579892ff6423a15906ac5f86 |
| SHA1 | 312d347f6c41719f96f6c291c42ecd277a0f32db |
| SHA256 | 92e92101252ebfaa386856cffebadc71b3c76140846937dbb99558b8a6b513bb |
| SHA512 | cbf8dcffee8d1f75f4e95f27c1fb4254bcfaffb5638786a47c616667950d5f1adf3069615c66799cd7146da64355b7bbf4567742a6673751807ead696f7fdc27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2ED3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6da6af0400bbe9430f81aa6304cf153d |
| SHA1 | eec650bed737cc785384b81085593c931ef43e89 |
| SHA256 | 27d73368428fb330012d41398082d0ed6713ebb41372979a4e00d0500c9fa013 |
| SHA512 | 7efb41edc876759b3a8854fb87f274515775a226026f9d7303877e0f2ab9f40ec287658bfb14b8be7bc1496b9834bdfa2613086279351f0f2227b8300ac88b5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a23b9a6042c5f28c80b6d9a283c46a40 |
| SHA1 | ec92fe7cfc22e9d7c3e4ab5572543b647d682a3c |
| SHA256 | 91b18c45c0e295e89cea7a33d2b414e363fc5ebb69ede7b9af884ba1a3f03deb |
| SHA512 | aa474b1c16a1529a677348d303139fe2e45ba41d7d2bd0887353e83fb2fde081fb986092c86d1b8bc3bd406ac510e4e6299e70dba4200dbe17f32382665e42e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dfd5e9899249e859d352619ae9196be |
| SHA1 | c794355fa30f0cea3c2313521aa0973ac68e125f |
| SHA256 | 69ab5ef1d00dbb4cdecca7e43f494eca5028c0c218c7a99eb55a109940bf6e8f |
| SHA512 | 6b76c030f966a000cdbe4a6b9d3caa28859f37a7c54c91ae1170edfc8a88066553d6c3267a1343bbbb61037d3b186d185cc899a9477590709ef90a0537085660 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f117f3ed8d12836de4fe7c2a23cce9fc |
| SHA1 | 80a3014479556a5e0c3cf0278dfdbc4bbd9f90ac |
| SHA256 | f6d56ffde4bcd7695268f505bc27cd84ab23924209b43b5eba8b639662754abf |
| SHA512 | 1541497dc64f0e5789a6d5d7f7797c57af4538e7d37bf59cd0b40c9cb0761253b8a6ab7fe842e15bd099c3617550faf068a8a9fbcea70db5629da90f1b554a49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b311a78bbc584a72d153dc6a388dc970 |
| SHA1 | cbb7adeb4fc8b55c158b283652cb680a073212db |
| SHA256 | a654b702652f4630cdc9f917d098370339ddfca9d21488efa093560e5bd18f05 |
| SHA512 | ed0dd3a8e699a1cd4bccec5395913815cf9f6ef9c10d7693c895ffe84681f2be6562b3048b8eba5e018bba03fe28f414b1f265293d9fe6e1b5b9cc054b8a3f0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 545c11c337888964561bb2027fad2a50 |
| SHA1 | c0486db52b12149a704ac5623b51a3842f28d737 |
| SHA256 | 134de4d4258e4da2005b7a1c5b8948e0e97691adb5ee21cf4e467db2b511a06c |
| SHA512 | b137c9e7763136bb7ec4634bdecfddc76a08ff09f4ebfcfebb9c3f0aeaf6ed264aa1f69621924ead62c011a753abd99fedf1a82a398ffa5d45c7cfd5b29253ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ef087134a489462a79dd47f2a246b1a |
| SHA1 | eef97abc1695379045d526ffe229e29748e46b7a |
| SHA256 | 5dfa24da09c5ef4757374612738079e1107bd6bc36ef993b8dd752577c7bab40 |
| SHA512 | 90a5df956371b81d6f77981c6f8079fef572643a7141bca1e1146cb5b02d5ba723205dd467507de43746b27aec5c2e4c5b0edc433373baed55fc9408b1363432 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd49c1c61c058a294d99c6ec8e7fb8f3 |
| SHA1 | d1bc1539a90c698b2c5aa8cf70d64a93445d82d6 |
| SHA256 | 8b68d9c14fa32fbdb62940828cb8d7ee457f4dba5904919d91323a336bf960e6 |
| SHA512 | ebb2b773fc58c374d28046446389e964c463b9c0c59fb84459401698b2e0f3b49bd1cbadc753d26df08030a25af0d2edb7f707cf442c899c1d13826fea98fd7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 740b7f9587b1947ceb57ad40473f255d |
| SHA1 | a29c01922dcb26dd24faa335dc4f92cc0f8fc90b |
| SHA256 | 3b091debd39e72c9e20cb16f174861e7f147e2a500d65f5dbbfa0de95fee7011 |
| SHA512 | 36913128ab709d273a332a81494c93f6fc3d5e4953834d7ecdd65e7b3df62760a5334a61b0e2f61f4d1b2792516eb5f869a5cdadbee7b840a2a495cf4838b289 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e55a97ecc16774096c12dd3e91d7e8f |
| SHA1 | eafc0e6ee5c06c1c007bf0e043929e87f82c1c63 |
| SHA256 | 99b744ea8570258f75e7fe0b522053a3776a2492c313c4f62214d0d1475d5c04 |
| SHA512 | 3121924fc65ef73d83eb0ad2a070ae5a1a559b1ef9f8f43854ee645d108ee3943589ca01bbbc026ec99a40f6e8da6537a277872a7d124164eee25e7d10239c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 329a8ea66a6c9fcfe29f0ddb6b6b910f |
| SHA1 | 2b8714550a8d6206b4f564cc332ffe12f5511e9a |
| SHA256 | 030876f685a44a8e2768c658882245b534ea32c523bc0d0d365ff9c843d093fb |
| SHA512 | b35b1d6642a8ec0ba008f8dabf49ccb0f7844394f649bdf1c52f62ae6a45bd2ef539b7795c536659a22c5c66fc99a41593823a124419d9d608ead2a0f266fce6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88630602cfa2c63563d87b67e1890d48 |
| SHA1 | 3459394ebe15cb23849cdc813614da920002a2eb |
| SHA256 | 85eed415b4e66a64af81e24136469e1ff224fbc1c595d381ded3ce1b6eb6f9cf |
| SHA512 | c29e47c072a1d7f60e940a4fd7f20c70ffde1c51258fef9ccc749d426e551af3246bdd2e63a67baf64c38dd70a1894362c1b2896a5d4030cd71948a62a3217b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7398511d47f414e7f7119757394b9c5 |
| SHA1 | e7c1f674d74eac3bff16e6021af10a76a89ac8d2 |
| SHA256 | b2fde38b4cbf16db58d38b34592c8321a20648a5ff5062ad4027b495c0b3f5f1 |
| SHA512 | 832c659e2f32ac795e83880062930561926d435159c1847f51ef654f1082ff05c0e229ccfc8eaa2aa40c1f7714b6a278363486f2f3495abb97ca25328273fabc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59289984a69412a96c67575655fe110a |
| SHA1 | f0397ef93e6845a8b39fa727498c462f90bbb185 |
| SHA256 | 450f1fb7d81a0700e70456d46c4b5b3349f378d389d64945e8e10cf276bb08a3 |
| SHA512 | 5bef9699e1bb27f2851f994cb1bab0d0389a90222ba4041694d7d64d384cebb7971808fee9fab5c21500d490f9182cd0d96605ea5b3ce112b66fab5b01b39e96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 584b34f8aa577941c7fe26d8d22ed543 |
| SHA1 | 28a5d9a2e95d0ecebac8bd2d823635920455f205 |
| SHA256 | 5a3dc4ee5fa81779b75e0dc171e66726c565f6f8e972b58c5d5e272a71e904db |
| SHA512 | d47160272d4f3fa01ef22dc95123b6464c8595855dd8ef6556fdf5f46a0d03f6816246de0e41b0cecbe3ded247a73dc581de55ddc12c1930a78128dd25ca01fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d84ef999ca9f7e99a5adf7ac80024e33 |
| SHA1 | 24e61a28d8ed3419f72102aa69d415426e59eae5 |
| SHA256 | b85adb63995d05f13dbf7a7821ee25426bddce3eeb34d2f1764fbaee622787b4 |
| SHA512 | 78835839ebd9a9aea35d194354dc8364fdf98adc1aeea06c9785b4237a95962226047b1e09c29e7c2abf29f71585b8306118496e039a742528d9b5ee5c8aaf22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c04fd1f5da3e792f44496843b3fc8a1 |
| SHA1 | 51171b718e1d2eb1576487ac70ea47c808917d31 |
| SHA256 | 2b2cbfee66ebb727172bad96682bd77de787c0dd566933e6f0ede2c996fee427 |
| SHA512 | e4b69b88844b9114fcf6e4a61b13234dd7ef964f4ad221ab5cb270de2ef7ccafd095acf1b11e90f2f749d74d80398690f3c3c314757423ba9efbddb0b2bc605d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c26fb2572cef3898b46d25222da0531 |
| SHA1 | 0dbea019560b66384210f1d8862cb30a28603411 |
| SHA256 | 624126bc6e7ab58b583adf5286f923e2631ea635a9d3c09193ec791f62d758f2 |
| SHA512 | 71d6244571c37c16cf35de6c2689063a680d77783cf8749d4f74e450723edfe4507032eda8dc486b4063233007fa5eba466f6e4d632a8c0dde3de22ad86521eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c44e1579616f687e98f5c7d1ca092e2 |
| SHA1 | 2dc7a6fc31f6593042e1ab16680f16ffbd3712e5 |
| SHA256 | 687c0caf4fc081cb5b6cceb79998e82e42ef8c7150a28eb0ffd1c875074bcb5f |
| SHA512 | ef866c581036a4a10b3f23e6b4e2ddb190864e5b0d707c63521ecf83a1efa4d7ebd4c7510297322ac781433c13a2318dcb300df4a4844f747d2457a65ab8d9fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23145dfb6bc01ae8bc47ee3e239d5156 |
| SHA1 | 69d27667c06b7557278078500dae5a8d87cf0655 |
| SHA256 | 888f7e4683ea295c67a542ee4fd96499837879a513efa86136bac7034d149eef |
| SHA512 | 1573be7db1dbf875117ba7b1c3b502691cfc0c6988dc2ec36985500f03a9741fc699706e3218c3c67ada8add8e1d587cff7dc3e37f0a18db8baf914864df3b87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5db13b8bf70ddd6305f342d4addce9b |
| SHA1 | e00732cd67fd5f8048e0f3ca018b6a70fd09d7e6 |
| SHA256 | 6d9677e52c1217c56851b1cd769dcef246e157c356450d12e09e23ee30252d99 |
| SHA512 | 3148b33ec287e2ec380efb139b5e598d2996c74b2f4f909cd8e7a8d8df65b8351d9406337c1158757d3b5f8714185ef0c92810e9158a0a2bfd91ba1de6d7dc0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c17114ce702f4a971cabbca9b568d9 |
| SHA1 | 51dce10b4626e6829b80d2921a02f86f26dae8b1 |
| SHA256 | 711dbb069a96676b6300bdd1b47e35ca7134d03fd8839c3ce61287752d2a1141 |
| SHA512 | 0eb84f6391e299f30c5e2ef164d54af7c7e10a278758b426f9822cf5a2ace786a7fe8b2a1f5ad8f06aa7271371fee17cb5e6b03b26c8e82732531038716da855 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db69424ede070b47c604b9b5d7fdfdcb |
| SHA1 | 03c215bfe82c840a8c6deec2d8d69471ec6f7045 |
| SHA256 | f83126944119f25b2ba9586ae12809d381396d21afbae3d1c916c7361902b91b |
| SHA512 | 96539b2f8a9ef46399aa47d6af9c05eff73d0fbca3bf2503016a89703aea89229e117d80c35b72b798a4732677f2b305d522665250ea442c8ad332838d7214b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 037b79e08570b9051da9097f62643a26 |
| SHA1 | 3bd3281e497bfc60672b56e4c8e58d63016d3b8e |
| SHA256 | 647245a820c7dd9705fa2b3ae99e2f3976cd556ffcf0318cd9f1b131f3012e22 |
| SHA512 | 7e75b9e9787cc451a603af534a2556bd94b2ec9ec7b5f0e4c05cb69f5f3988767a68315efb15e94cf699f986e99400719bd871d8c1feb2adccad4092de09962f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fca39404df36a4b1edd90a9f0a6ce410 |
| SHA1 | 7426c1832d7d35b2f069daece6993270fa277aab |
| SHA256 | 0718d0435c3417dc0bdc1bcf07b828bff2d4d49517966eef54a223ef2d2effda |
| SHA512 | 1c8a579e92137329f8738defce9f8cb6b4617fafea0b815d2644fca4f4cc2ac6219a19de8076520cf4550d2379e209ef90c479c385591098e66290905ffa56c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 835c6a36883619112cb314282c6cb7e4 |
| SHA1 | 71dda8b348971419b0549166cb3ab50b2b990669 |
| SHA256 | f6d724e126e9b10842a3ed342e2ab6e64ee34c861ab036193a5c279c35207766 |
| SHA512 | b8706281be95b2e71bc9657d8057bd87149d9340438f198a28cfc5a7c515b6223112df7b3f2cd02606b716da4552442895e685f265c9f97cafabb610617d61ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ff74028a0336390d4936d420d5b1d23 |
| SHA1 | 5b752f2384bb2a0aaebfd66eb29b785dcbec810a |
| SHA256 | 5cf10b712ced9cdfed5a435b2998d93f74ef565ada75193f5a9ace990322d6a7 |
| SHA512 | 673e85933e25ed114f0acd3b8e285c78dece311aa1c11be34cf92e29a5a8052099c6c5d7fb9969143934dec98ac58163bedf94292b6567b92177b1e1a76117ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44e968b03a5eae52f2e2499fded83fa6 |
| SHA1 | d894d9b6f1c3063f6f50f4d3dd6a62581ad66458 |
| SHA256 | 183f9fa263deb204d0acf66652732c8a6fbafe9337d8e8147383873293ee0c73 |
| SHA512 | c92b8142d49f8adb198585fa9429cc48f91a1c50d62868729f5a11ce38787c0d4cea39c10cf2f2ff34dd23e55345e30621624ab24af6c61bc5b7b372c2359c7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b32be4dbf2afc666985130afe61bd0f |
| SHA1 | 1be1cb0300694e7e6b5be6bab5a48a71b61deb81 |
| SHA256 | b759007f3b9d1d1543e583d32f51a2c68c485c662c9e95cddb8efd020b433bee |
| SHA512 | 9e5ad2b5fb4614dcee1eb1c5eb9041efcf087752d98b93dd4f22d0a5cfa0a21e43cb33f4023f9bc8cd83fd5daf9993a4a6325ec52156cfea5e16c95a7b97bbc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f482ca00b1ae9a7da9b64d8c2978555f |
| SHA1 | 4e69d39458cc7d88df5b99215e256f8fe2cec72b |
| SHA256 | cf34992eb1ac665f6143f24e583afac29c89228870c20dee96ee61ad09153474 |
| SHA512 | 51c366d094bddb1989d67a8344fb9dd799069fdfb1cedc03083b63c16fac878c755d823bd351b6c68e6d8b355f82398af8750b394e67ff7f0b635d859cfb1937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d71bf7d92e53b5c71c76386ba45b4b86 |
| SHA1 | f724e57149b70c5311592f8fb7591dc065bb7893 |
| SHA256 | 6fdca161c50d4997995a2d5ee99867df9b2d36f120048492b7a093989ecb7c3d |
| SHA512 | 90f09be7e9a6445a072cb0b16d62788f43bd04c560deb3770810324c0cfe69bcaf746b0d1f8fc55fd376c1f35026d334f8ccfda967e50974d2564c3069447640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97350a7841f9c89f248722707d855b68 |
| SHA1 | 35e5b99406a10b837da8d6904e79a6c96a761da6 |
| SHA256 | 94152b3ee21ffb5b0a9b389307f4ee66036cd35ce9e3ec79952e6d5762af8d07 |
| SHA512 | 00475a3c1fdaafd5d2ec76619a421b972bac1c3d49565aa1c95a8a9faae4d1104381692add3e4c0d1ef65df172f3e17c54f87f102176fae484aa4c702503e253 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f83bfb22901b30858274d02cf67a33ab |
| SHA1 | 1c926d821c759b9f38046e6159270565c0b2dcc8 |
| SHA256 | 96e70fc2d96c73ab616d6737f6774100ea100368f83d7250728a6b5888ee2434 |
| SHA512 | f9f6bd1e00a86140e9d30b13d50a5f64dd23e2acc52f42052eaf830d645d607a494e1a97bbdafe1dfbf02434b5e747c4e1daa591cb387b9a2e34acb74a7a0ba7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9117f37a8890d20461fde12b51cedd04 |
| SHA1 | c10ebf30c6fdeec98d0bf257f17bd8fff816637a |
| SHA256 | 03aa1748a57ca09065a27efa1081dfcfeab28d39d195dff83633ed2e07cdd641 |
| SHA512 | 5766522296b19c01a4629586626f859410c3b386a5b88d04bafb65b0687386c1a1be70d0105fd511b8e86e28f6557dd67ecbbecb719db71aa6dd8f508780d193 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce96f06a1187df30cdedb214ccfe1853 |
| SHA1 | c2f13314984bb5de79f9e7438c54619fc92163ab |
| SHA256 | 18ae67d0370e68eefc3f774dafb1a8f658f18b234cca5f526399c2bc508b884a |
| SHA512 | 8cf927123c1f4ca5b750cb67531c778205786f4fb9829f0f3a9dddc3baadf846344f7d97b7ecf4e72d2a55da13c2ebc3a50f6539697da60d65a82c66905cf4bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 08afb126e6ca88ba963cf2a170fbd6a9 |
| SHA1 | e1c0cceabb93796e80ba69a6c17030ed6271d653 |
| SHA256 | bc88e5598312662537e4637e6e19834b53f10733d8cb11ee24b68ad2541663ae |
| SHA512 | a48da79aac6058cc999162d297e0fcd0d5c53bf05ec615341723f92e27f6135bae782dfe0a6ffeb157f2c972927b3641800a61de1c482b594f459429d24efc7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d1711a03490fea3a0658b14d4804e12 |
| SHA1 | 81da47128450fb934b31a07f19156eeaa963b654 |
| SHA256 | efe47edfb734f5cc942048e7d6796bd993adafdba137d663d5e35cb29c2d8db2 |
| SHA512 | be1c1b0327d10b54988fe741650cc91c4a547c377da08d3d3482a21e472cc55f9c5a4254a533da1d02cda9144edb0ddd699206eee46a8dbb4fc918c1c2f9b75b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b28a63e169a78ac55ece7c9275417c0d |
| SHA1 | 4f2ee7999b5131e74f05ab77a3467afd746bcda0 |
| SHA256 | d95bb89b26ec12b4fad046526b1347dedab964da2ce81092f7137c1466b6419c |
| SHA512 | 7c8d39edd1de9839d2c327d3820df1571257c761f3b5b147a1d45f7855b46e06a5dd0d42d3cc2c5be977da9b078544a7af7574fb92f6c53f95496f0f844a48b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ae81586db25c608abc51e0170230098 |
| SHA1 | d3692a0e0a1f2fac8f8b30b54dce797ff6f49e1c |
| SHA256 | 5f14bc89fa745b6ed323a5ab2b95380ab3ccda40aef91f091a89850bb4d5f576 |
| SHA512 | e4600a48247d530f05093e1e9a417ea892230c87e04079145830366ec8dd27922ecf93aab1616fe2795ae4b9380347d20a2e801c5bb99d691eb3b9dc507c6b43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cc714384a20154d45193364c83335f9 |
| SHA1 | 1f0065c6917225701bced961909353e3b9d0626f |
| SHA256 | 627ad0de2317556e5ab4f4fd47e0a5fdab47409ecc5b5c8e034e4ff437a40e4a |
| SHA512 | b3d6aa997b45573bceb15c859376206389a59f3f50f9c223c5c69d6077c21770d7b9d8960c3fdf0f31a74b39851bec2b04752233f93c93ddd376416f1495da8b |
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240611-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\index.js
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:43
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:43
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:44
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240508-en
Max time kernel
50s
Max time network
55s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\node_modules\accepts\index.js
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240508-en
Max time kernel
145s
Max time network
126s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe
"C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
Files
memory/2284-0-0x00000000742DE000-0x00000000742DF000-memory.dmp
memory/2284-1-0x0000000000A10000-0x0000000000A3C000-memory.dmp
memory/2284-2-0x00000000008A0000-0x00000000008B6000-memory.dmp
memory/2284-3-0x0000000000800000-0x000000000080E000-memory.dmp
memory/2284-4-0x00000000742D0000-0x00000000749BE000-memory.dmp
memory/2284-5-0x0000000001F80000-0x0000000002010000-memory.dmp
memory/2284-6-0x000000000AAB0000-0x000000000ACC2000-memory.dmp
memory/2284-7-0x0000000002080000-0x000000000208A000-memory.dmp
memory/2284-8-0x00000000742D0000-0x00000000749BE000-memory.dmp
memory/2284-9-0x00000000742DE000-0x00000000742DF000-memory.dmp
memory/2284-10-0x00000000742D0000-0x00000000749BE000-memory.dmp
memory/2284-11-0x00000000742D0000-0x00000000749BE000-memory.dmp
memory/2284-12-0x00000000742D0000-0x00000000749BE000-memory.dmp
memory/2284-13-0x00000000742D0000-0x00000000749BE000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:46
Platform
win10v2004-20240226-en
Max time kernel
134s
Max time network
202s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3808 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Guna.UI2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240508-en
Max time kernel
50s
Max time network
58s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Microsoft.Web.WebView2.Core.dll,#1
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240508-en
Max time kernel
50s
Max time network
58s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\node_modules\.bin\mime.cmd"
Network
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
130s
Command Line
Signatures
Processes
/tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1
[/tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/local/sbin/pwsh
[pwsh /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/local/bin/pwsh
[pwsh /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/sbin/pwsh
[pwsh /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/usr/bin/pwsh
[pwsh /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/sbin/pwsh
[pwsh /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/bin/pwsh
[pwsh /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
/snap/bin/pwsh
[pwsh /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime.ps1]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 89.187.167.3:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
Files
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:46
Platform
win10v2004-20240226-en
Max time kernel
127s
Max time network
177s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\node_modules\accepts\README.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3920 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.201.106:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240508-en
Max time kernel
118s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Microsoft.Web.WebView2.Core.dll,#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240220-en
Max time kernel
120s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Microsoft.Web.WebView2.WinForms.dll,#1
Network
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240611-en
Max time kernel
118s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Microsoft.Web.WebView2.Wpf.dll,#1
Network
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
156s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\index.js
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:46
Platform
win10v2004-20240226-en
Max time kernel
133s
Max time network
202s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\Microsoft.CognitiveServices.Speech.core.dll",#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.131.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Microsoft.Web.WebView2.Wpf.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240220-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Guna.UI2.dll,#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Debug\Microsoft.Web.WebView2.WinForms.dll,#1
Network
| Country | Destination | Domain | Proto |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.131.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.239.69.13.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:46
Platform
win10v2004-20240226-en
Max time kernel
166s
Max time network
215s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Loads dropped DLL
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_282884019\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_282884019\metadata.pb | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_282884019\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_282884019\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_346920265\keys.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_346920265\manifest.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_346920265\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_346920265\manifest.fingerprint | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2432_346920265\LICENSE | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe
"C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
"C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3876.1604.2394548109547511807
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffae3442e98,0x7ffae3442ea4,0x7ffae3442eb0
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=1548.1136.13707563944614693613
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x164,0x168,0x16c,0x140,0x104,0x7ffae3442e98,0x7ffae3442ea4,0x7ffae3442eb0
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1744 --field-trial-handle=1752,i,7683810579171379737,14329383726418416877,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1736 --field-trial-handle=1740,i,4194730337516025619,6350338870146985399,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=1940 --field-trial-handle=1752,i,7683810579171379737,14329383726418416877,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2060 --field-trial-handle=1740,i,4194730337516025619,6350338870146985399,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2312 --field-trial-handle=1740,i,4194730337516025619,6350338870146985399,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2312 --field-trial-handle=1752,i,7683810579171379737,14329383726418416877,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView" --webview-exe-name=cd57e4c171d6e8f5ea8b8f824a6a7316.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3604 --field-trial-handle=1752,i,7683810579171379737,14329383726418416877,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3544 --field-trial-handle=1740,i,4194730337516025619,6350338870146985399,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2152 --field-trial-handle=1740,i,4194730337516025619,6350338870146985399,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView" --webview-exe-name=Crystal.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2156 --field-trial-handle=1740,i,4194730337516025619,6350338870146985399,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.131.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:51365 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | kit-pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 104.18.40.68:443 | kit-pro.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| N/A | 127.0.0.1:9561 | tcp | |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9561 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| N/A | 127.0.0.1:9911 | tcp | |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 204.79.197.239:443 | tcp | |
| US | 8.8.8.8:53 | 239.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 2.20.12.74:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 74.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
Files
memory/1548-0-0x0000000074DDE000-0x0000000074DDF000-memory.dmp
memory/1548-1-0x0000000000A90000-0x0000000000ABC000-memory.dmp
memory/1548-2-0x0000000002DA0000-0x0000000002DB6000-memory.dmp
memory/1548-3-0x0000000074DD0000-0x0000000075580000-memory.dmp
memory/1548-4-0x000000000B130000-0x000000000B6D4000-memory.dmp
memory/1548-5-0x000000000AC60000-0x000000000ACF2000-memory.dmp
memory/1548-6-0x000000000ABD0000-0x000000000ABDE000-memory.dmp
memory/1548-7-0x000000000B6E0000-0x000000000B770000-memory.dmp
memory/1548-8-0x000000000B080000-0x000000000B08A000-memory.dmp
memory/1548-9-0x000000000B990000-0x000000000BBA2000-memory.dmp
memory/1548-10-0x0000000074DD0000-0x0000000075580000-memory.dmp
memory/1548-11-0x000000000E280000-0x000000000E28A000-memory.dmp
memory/1548-12-0x000000000E390000-0x000000000E39A000-memory.dmp
memory/1548-14-0x000000000ED20000-0x000000000ED32000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
| MD5 | d0104f79f0b4f03bbcd3b287fa04cf8c |
| SHA1 | 54f9d7adf8943cb07f821435bb269eb4ba40ccc2 |
| SHA256 | 997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a |
| SHA512 | daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\hasown\.nycrc
| MD5 | c2ab942102236f987048d0d84d73d960 |
| SHA1 | 95462172699187ac02eaec6074024b26e6d71cff |
| SHA256 | 948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a |
| SHA512 | e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\hasown\.eslintrc
| MD5 | c28b0fe9be6e306cc2ad30fe00e3db10 |
| SHA1 | af79c81bd61c9a937fca18425dd84cdf8317c8b9 |
| SHA256 | 0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641 |
| SHA512 | e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Monaco\fileaccess\node_modules\vary\LICENSE
| MD5 | 13babc4f212ce635d68da544339c962b |
| SHA1 | 4881ad2ec8eb2470a7049421047c6d076f48f1de |
| SHA256 | bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400 |
| SHA512 | 40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182 |
memory/1548-1468-0x0000000074DDE000-0x0000000074DDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe
| MD5 | d213a75b1956398e4c36bcc2f93339bf |
| SHA1 | 6a2739cc0e67f5593c744fbcbc8f00f12eef9954 |
| SHA256 | ece75d080f94df4b3699389021337b1536cfed229d1325f09b03f0b0d6d85ab4 |
| SHA512 | d32ddaf4c6f8f8df6c390d683e6c039f3b0d8f35f68f690b28bf88b17caedf0e11abd3aeb2e46238d0cd0a91b2db095cca0782b4e27f04453ea4cb6db38f4dd7 |
memory/3876-1479-0x00007FFAE80A3000-0x00007FFAE80A5000-memory.dmp
memory/3876-1480-0x00000257A5A40000-0x00000257A5A5A000-memory.dmp
memory/1548-1482-0x0000000005540000-0x0000000005550000-memory.dmp
memory/1548-1481-0x0000000074DD0000-0x0000000075580000-memory.dmp
memory/3876-1483-0x00000257A7790000-0x00000257A77A0000-memory.dmp
memory/1548-1484-0x0000000074DD0000-0x0000000075580000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Wpf.Ui.dll
| MD5 | aead90ab96e2853f59be27c4ec1e4853 |
| SHA1 | 43cdedde26488d3209e17efff9a51e1f944eb35f |
| SHA256 | 46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed |
| SHA512 | f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d |
memory/3876-1486-0x00000257C0490000-0x00000257C09CC000-memory.dmp
memory/1548-1487-0x0000000005540000-0x0000000005550000-memory.dmp
memory/3876-1488-0x00000257C0200000-0x00000257C02BA000-memory.dmp
memory/1548-1489-0x0000000005540000-0x0000000005550000-memory.dmp
memory/3876-1490-0x00000257A7790000-0x00000257A77A0000-memory.dmp
memory/3876-1492-0x00000257C0150000-0x00000257C0160000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Microsoft.Web.WebView2.Wpf.dll
| MD5 | 0be1da3ff37f50fd3b3e9af672823566 |
| SHA1 | 6613d92e19bd889e0c330686526ea0fc9596bd33 |
| SHA256 | aaeff04c720c3c7df94beb7f670a0f992dcbb23a1f5283980084462a7f6e65a8 |
| SHA512 | 600381e32ac6b379ee34beb5a938b4a4a2f69cfbd8cf086a1c57bb84876b02db050506a9fdac7fa028957a7ff21d911e15e8b85c4c0db1803d038f04efd3b2b8 |
memory/3876-1493-0x00000257A7790000-0x00000257A77A0000-memory.dmp
memory/1548-1494-0x0000000005800000-0x0000000005900000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\Microsoft.Web.WebView2.Core.dll
| MD5 | 851fee9a41856b588847cf8272645f58 |
| SHA1 | ee185a1ff257c86eb19d30a191bf0695d5ac72a1 |
| SHA256 | 5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca |
| SHA512 | cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f |
memory/3876-1496-0x00000257C0400000-0x00000257C047E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\WebView2Loader.dll
| MD5 | a0bd0d1a66e7c7f1d97aedecdafb933f |
| SHA1 | dd109ac34beb8289030e4ec0a026297b793f64a3 |
| SHA256 | 79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36 |
| SHA512 | 2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\zlib1.dll
| MD5 | 75365924730b0b2c1a6ee9028ef07685 |
| SHA1 | a10687c37deb2ce5422140b541a64ac15534250f |
| SHA256 | 945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b |
| SHA512 | c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\vcruntime140.dll
| MD5 | 7a2b8cfcd543f6e4ebca43162b67d610 |
| SHA1 | c1c45a326249bf0ccd2be2fbd412f1a62fb67024 |
| SHA256 | 7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f |
| SHA512 | e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8 |
memory/3876-1508-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\libcurl.dll
| MD5 | e31f5136d91bad0fcbce053aac798a30 |
| SHA1 | ee785d2546aec4803bcae08cdebfd5d168c42337 |
| SHA256 | ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671 |
| SHA512 | a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.dll
| MD5 | 0df8e80fd47cee0af8a6fb8ae2fd2237 |
| SHA1 | 3780465816d176d162dc32895284aeb631efefd0 |
| SHA256 | 2bf8ee57bc984b47d8662dc580c4aa97aa48807b5f7d5953d72c14e7277da045 |
| SHA512 | 1864cc3cdea3ff3262bac5f1e308f9c937f329516b9f48c1a69eda9246d3ed0c8cdc51b4129c73bd766166327060eb4002d96a28f9e7ed361210b4a869aa1194 |
memory/3876-1510-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3876-1509-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/3876-1511-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\bin\path.txt
| MD5 | 7207978deac3d2df817c0efb6de01f45 |
| SHA1 | 1b547cb35c2e709dcf4132452cdb5b6ccd66044f |
| SHA256 | 14056051c638d943e3f6cd8ae99b7b8b8b4419f6e6193861081e519eeb4dc808 |
| SHA512 | d38226a5eb755aafe7e8e3d707b00841aea985bd8dedf20556800f1bb7ac7c807fa195bdd1e21014087f89b319ab278bec922951b7c682e9edd3fbee147834ed |
memory/3876-1514-0x00000257C4FC0000-0x00000257C4FC8000-memory.dmp
memory/3876-1515-0x00000257C5600000-0x00000257C5638000-memory.dmp
memory/3876-1516-0x00000257C55D0000-0x00000257C55DE000-memory.dmp
memory/1548-1518-0x0000000005540000-0x0000000005550000-memory.dmp
memory/3876-1517-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 72130a2aab34ce59e2f4a1cca7b10790 |
| SHA1 | bc605c365884a01f2044597cebd53510b3803bb2 |
| SHA256 | 8f84800e126cd62a9971e5694dc212ea97d161212d608f87547e6d880f021f6e |
| SHA512 | 0484ea864b08be78580d45c092aaf08df2d905cf84993add37f73b3b38a3f11bba37ccd6a6fd5982a4a37144ebe78df60c50f9b9b3f749366cb1fe567e738ed1 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 3c5c5443e8187ee344e8b22af02be1e7 |
| SHA1 | 6f3942d9cc851c1e5a4940128f91ec5a45cb08e7 |
| SHA256 | a7e1ceaa8e223070e06d7001da65de4440ba5d9679325042be3c884f2ff989c8 |
| SHA512 | 581ab8f470b0a71a71f7855ebd3a061cf66e0a73730fc9634d959fb0fcfef6b04512f951606075f263990a2e0dc625c00062cde8304386bb862c3f37d353f2f8 |
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | a705762f7c4d93c75f5ce1c41665b0f9 |
| SHA1 | daeae50102424567bb51666232da62a83441bdfb |
| SHA256 | a380668e555c22c3218a75aa06fa11a907fef51de355080ff71925b38ed1f852 |
| SHA512 | e6e15a65fdad170ebc53060ef933bbceb9cda13123be1339ca53aded63393ef822a5fc087312095b7f250ad93288f46b02bfdd661f83252f41f0df9b3998085d |
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Local State
| MD5 | 45f20bac0729b60f657543863cd693e1 |
| SHA1 | e4a6f79ffee2e5a5322e559b6395ecd6b6ed5e1f |
| SHA256 | 654b7237515460ddd8aa6519eb88686781acd35a15a74a1e073a4685b1611aa3 |
| SHA512 | 2229414e5451f0b731dc42b19f55047af982b63b447e446eecd5250b8020b3d93f24fe6e97e9181be158410dcc8ffe8ec103e189b82cd78e46782f5a39e1e527 |
memory/2592-1563-0x00007FFB08D40000-0x00007FFB08D41000-memory.dmp
\??\pipe\crashpad_2432_UKABWJJIJEHCECSM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1548-1569-0x0000000005540000-0x0000000005550000-memory.dmp
memory/4312-1583-0x00007FFB076B0000-0x00007FFB076B1000-memory.dmp
memory/4312-1582-0x00007FFB08F60000-0x00007FFB08F61000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 1bbd8a13069a8ca58e4a531e9b53ab99 |
| SHA1 | 803086e779223589d3f35eaa05cd4cad7ccfc748 |
| SHA256 | b158946ff877a58d1bf730e88b9a9da4e10d26cd2c7678de2b13cfe7b7d573bc |
| SHA512 | 3308442a6e5766a75758a09dc302a725e850c24a631de6fc776102ebfe62f5f4e24352a864d7ef5fad0c561eaf38d903ffff1f66b5242d40c40d22605780d08d |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | ad877eb3ffb40144bf283d2f6914f8dd |
| SHA1 | c06eb07958476d60719250b5b792b95be9a4eeec |
| SHA256 | 377360ef4e279427e5a41d23b96d068c0323f2adb7b47f0d2274ed03f8d40006 |
| SHA512 | d670d8984f85a071530e8e18cbc7a9b1d81c66186bb79228b3d386ee89839018fa30c31ae342af99a86c0290f85436c87f96f269135a19049523c262041e36fb |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 28f60aa64f5553beb11dc0490f2c4ccb |
| SHA1 | 491c86e0254a8e6f5c14997c0dbcaf5a6eafe8aa |
| SHA256 | 1e3a7fd144697d17767c27c1c55ebfa855b3a24e9795e72647d5719831d7157f |
| SHA512 | 17af8059685076553891fd0e977ae3b07a89d2684a1d501d741d7763717a5ef21452aefa154bcab253d49ee50332b465914f7886b3a2bfd670d771b343fe6ba8 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State~RFe59afaf.TMP
| MD5 | 1e3fbea7a72eb5c5327607d30674ac15 |
| SHA1 | 38915821e33c4a2e1eefe15b44d7fc24554f1379 |
| SHA256 | d391b2c5afa85e102a8f3e57cae3c260bf048d2b9d4887545157092c65edaeef |
| SHA512 | 0733ed78046eb18ee6a0e8fc5356ebb23ae7fde911ce318543368b8af0b63533e4df89f66f8f16dcaac135da48d05660ed1e26944c80a59be8fb7ff6724d036e |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 4f823e0921cf77fc50bbffb4db9a62e4 |
| SHA1 | 137a97de9e46f1a4adf9d655633bcc079c488be9 |
| SHA256 | c92ece0602a1dd91d56c1a094bcf305bdec0396159b75458a1ad715564217703 |
| SHA512 | 80ea94573fd22559f3256faab2d9e5e5792b767d13a3f3dd2c9623956a91fc36ffe9edf96b2442643811615e88681b2453093d3e3dd59147eeecdcd202d2e6b1 |
memory/3876-1668-0x00000257A7790000-0x00000257A77A0000-memory.dmp
memory/3876-1667-0x0000000180000000-0x0000000180A63000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/5568-1705-0x00007FFB08D40000-0x00007FFB08D41000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\Api.Solara\cd57e4c171d6e8f5ea8b8f824a6a7316.exe.WebView2\EBWebView\Local State
| MD5 | 56fc8b2588bf4b514420d319def58e32 |
| SHA1 | 870ff16bf06b246a5bbb57915c58980e703a0f1c |
| SHA256 | 788d723a72b7039357fd81150bdc302af54166f04c9ff544acfa30d20f128a35 |
| SHA512 | 2b60f02ca6979933dc3b393244227126e31d30fa0a9e68ebdc7c0675e226f1997fd4d43aeee72fab2be4c47e02c56b503dfb90bbe9c4a3ba8c74be17d2ca3d16 |
memory/1548-1891-0x0000000005540000-0x0000000005550000-memory.dmp
memory/3876-1895-0x0000000180000000-0x0000000180A63000-memory.dmp
memory/1548-1898-0x0000000005540000-0x0000000005550000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Default\Secure Preferences
| MD5 | facd4b1e37285d542ac46542af884745 |
| SHA1 | 9e4efff12db388ded11d5d0925d4597bfce89ed0 |
| SHA256 | 19784efcfbdeaac005e2f05994d33e63b7c69874829793e168f4600d983b41e6 |
| SHA512 | 9d93c6cb7836daa55abc8b652a991ce4deaab40e9239e27b1a6a03c018b505682e7120221963b3e00d3741385dbe4f47dc4588ec35a015256893bb38d9f2f537 |
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Default\Preferences
| MD5 | 356b2f1987f520012da89f0feccd6b26 |
| SHA1 | 79753d66ae49d0d8d7649c49e6ed14032cf2e992 |
| SHA256 | c01ae4082b7c22933edf81dc22f79e46c0648298108784198e016ad5eb57a226 |
| SHA512 | f599dcb9f546dc7fc8980cb9a88a29ebf35e027a13463f8f14314fa6f22990de4e7d258d854a734a67b954d996f24e4249a0f1f5dc062fbb23f73dcc3db46e7e |
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\9c1aee44-8582-472d-b622-0009a9ad5a8e.tmp
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
memory/1548-1925-0x0000000005540000-0x0000000005550000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\TransportSecurity
| MD5 | a13a17c730ad5d4327bef30d04f31e7b |
| SHA1 | ff93663181f54442e8000be8febab055338b2cf4 |
| SHA256 | 783f67db3c6b8af9bb00b9bdfb26cdcd3133ff2beab0dcdf9d290f76b2514dec |
| SHA512 | 19e7f2b3c745d4e456a8474de908b2da0ff32131408ef07f95d7f837d7e0361c32ab7bfbd1dd3bc1fb8b42cd1324aa4c15899795c654e99849632d1e25851833 |
memory/1548-1936-0x0000000005800000-0x0000000005900000-memory.dmp
C:\Program Files\chrome_Unpacker_BeginUnzipping2432_346920265\keys.json
| MD5 | 2d4de461500a8828a8f9f788973c891b |
| SHA1 | 044b9052a3e463dde9d8d8a3fdb56085fcc4c6f6 |
| SHA256 | 53a6e5dc368a54486f7580bdefeef06cd8c940f4e697343d774a59f679422320 |
| SHA512 | 4a21c8baa20d899f45a0b6e545bf3d6d07b2421c5e5ccb547a8554734b8a51457a953c67afb9897a0baaf3e6d3c69d05e9f698b590b0f522d1a6d8e6109c2011 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2432_346920265\manifest.json
| MD5 | 9f334804d984c140e3eb9644171ce6de |
| SHA1 | 3f24cca85f25517e9ee9cc6bfcee4f10169f5376 |
| SHA256 | 4fe9e95540546ad31adbe93bc4780aeb381acc9c769422a8f8aec9a1a5376c79 |
| SHA512 | dec0efd18a63abf3368ccd0122d4d461b68c92c20961416c22f28c5b9d85d8f06779436b1b992e315fe649557f65e51512a74e7642a5a5dcbba9a69c6317ef8d |
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Default\Network\Network Persistent State
| MD5 | 7eba753fd180484b9f14b6a37f8aaa41 |
| SHA1 | 95dab8de129f1ceeff0ddbb7304e8831d246af83 |
| SHA256 | a842701dc07e1ab272cbc26722b98fc57e2c5a9321bd8e88e526cf2490883f38 |
| SHA512 | 996b9f3bfd72694c6c84738df6b237de7c9b2e2813308d66aee70dba6dc7e67a90f80bacdda26cfd95bf88a6e49ff9d38862de3ebdf7f8660c92de3c290e6b2a |
C:\Program Files\chrome_Unpacker_BeginUnzipping2432_282884019\manifest.json
| MD5 | 763e003bcbb80f3c81522cb052addfa0 |
| SHA1 | fa672c6fa9ce939d607a1526ca13ec245514b43d |
| SHA256 | e1d24c2bfb4bc07717aa5833146ed55b67c41ef17fb61ef276eff923bb1ec20f |
| SHA512 | 41062cf02794548d6df38205fb369d1aa614ac67030cd909b66a23735473f76de1a3c0bcf0895c932bf9b5c506c1d9659745ec84ec52e361881eb474e92e3fea |
C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\TpcdMetadata\2024.4.29.1\metadata.pb
| MD5 | 7b9001fd6a5786c7b7edfa104a1eca5b |
| SHA1 | 462bafeca182a3e600ba22eaa1cab15c1a70831c |
| SHA256 | 779726531d52eff63d46df72ddcd421921b2e6bb918147a18c2adc28f45e693c |
| SHA512 | f16d79a093c55408b6c118a743c5d77057dc899f5303c55003298fd67256f58200e085d03471f421065db1d3b131393f2e3a96ca71e35c94f1ba7a0569029918 |
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240508-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Debug\Monaco\fileaccess\node_modules\.bin\mime.cmd"
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240508-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Speech Recognition\1.15.0.1\Microsoft.CognitiveServices.Speech.core.dll",#1
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
win7-20240611-en
Max time kernel
119s
Max time network
126s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Debug\Crystal.exe.WebView2\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\adblock_snippet.js"
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-15 18:42
Reported
2024-06-15 18:45
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
147s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/memory/memory.limit_in_bytes | /usr/bin/node | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/node | N/A |
Processes
/tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime
[/tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime]
/bin/sed
[sed -e s,\\,/,g]
/usr/bin/dirname
[dirname /tmp/Debug/Monaco/fileaccess/node_modules/.bin/mime]
/bin/uname
[uname]
/usr/local/sbin/node
[node /tmp/Debug/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/local/bin/node
[node /tmp/Debug/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/sbin/node
[node /tmp/Debug/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
/usr/bin/node
[node /tmp/Debug/Monaco/fileaccess/node_modules/.bin/../mime/cli.js]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |