b2ec54685b1596259320fe92f11cb2f081372b6d80676ba95f278b03ad12493a

Resubmissions

04/10/2024, 18:21

241004-wzbqasyfkp 6

Analysis

max time kernel
57s
max time network
151s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 18:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

lunar-client-qt-2.0.0.zip
Size

576KB
MD5

f3dcc5ecf89eb25adf666e16194ef625
SHA1

0bd0ad7a74168bf99de90e723cf022882204086f
SHA256

b2ec54685b1596259320fe92f11cb2f081372b6d80676ba95f278b03ad12493a
SHA512

b8198b4a55da1546128a58a3bbee7ef036fe568e55c7a279676a2fe1e0ceacc47e366c089ff9662b2b07676acdeda03af85eb4e7f269092a30aa5def4a3ac8e4
SSDEEP

12288:YgRh2w3LbueRbTDgmz+RU8DpdBmlZQxj0/g2FtDGPe8OU:XyZSrgc+GOpEZQZ0/LFtSWc

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 27 IoCs

Web Service

T1102

flow	ioc
90	camo.githubusercontent.com
95	camo.githubusercontent.com
78	camo.githubusercontent.com
91	camo.githubusercontent.com
101	raw.githubusercontent.com
93	camo.githubusercontent.com
109	camo.githubusercontent.com
57	camo.githubusercontent.com
92	camo.githubusercontent.com
107	camo.githubusercontent.com
110	camo.githubusercontent.com
62	camo.githubusercontent.com
47	camo.githubusercontent.com
58	camo.githubusercontent.com
59	camo.githubusercontent.com
61	camo.githubusercontent.com
108	camo.githubusercontent.com
111	camo.githubusercontent.com
60	camo.githubusercontent.com
81	camo.githubusercontent.com
94	camo.githubusercontent.com
106	camo.githubusercontent.com
100	raw.githubusercontent.com
76	camo.githubusercontent.com
77	camo.githubusercontent.com
79	camo.githubusercontent.com
80	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2712	2052	chrome.exe	32
PID 2052 wrote to memory of 2712	2052	chrome.exe	32
PID 2052 wrote to memory of 2712	2052	chrome.exe	32
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2844	2052	chrome.exe	34
PID 2052 wrote to memory of 2600	2052	chrome.exe	35
PID 2052 wrote to memory of 2600	2052	chrome.exe	35
PID 2052 wrote to memory of 2600	2052	chrome.exe	35
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36
PID 2052 wrote to memory of 2632	2052	chrome.exe	36

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\lunar-client-qt-2.0.0.zip
1⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5829758,0x7fef5829768,0x7fef5829778
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2300 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2704 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1340 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3452 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2636
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13ff77688,0x13ff77698,0x13ff776a8
    3⤵
    PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3700 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2332 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2376 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1240,i,17057041099144445237,13128683759942564094,131072 /prefetch:8
  2⤵
  PID:1716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x550
1⤵
PID:2652

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\.gitignore
1⤵
PID:2416

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\README.md
1⤵
PID:1696
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\README.md
  2⤵
  PID:2444

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\res.qrc
1⤵
PID:2944
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\res.qrc
  2⤵
  PID:788
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:788 CREDAT:275457 /prefetch:2
    3⤵
    PID:2184
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\res.qrc
    3⤵
    PID:1500

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\CMakeLists.txt
1⤵
PID:1264

C:\Program Files\Java\jre7\bin\javaw.exe
"C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\java\agents\UnlockCosmetics.jar"
1⤵
PID:1728

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\res.qrc
1⤵
PID:1744
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2
  2⤵
  PID:1472
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_lunar-client-qt-2.0.0.zip\lunar-client-qt-2.0.0\res.qrc
  2⤵
  PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
866befa63625055c774613b13c2cee7a

SHA1
3694912b389fa2acc455641aa3de817ab20f691c

SHA256
52b3e62930f5d3a48e9dfc58fd3647489a974c5ae7bc05325373b2da420270db

SHA512
920cdeff6b353783949cd61df3e7233c9ef9f193249cb54632f7ee000c3bf39321df13c0d348bd9681138bef32f527391973f19d7470b9b614be422a04f8e637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d17337e7cee5468c7877ac3797d65efb

SHA1
a229640bf96c099d8ec8d624b9753bc501a715c2

SHA256
7bde61ea5f386d9bfc88a0ffcf66fcc39f69f4873ff9047530190a8defc2c0ba

SHA512
8128eaae1561593c67a5d0c3dc7b0fc4280d08f1e2d826faed4e746c4a8ca1fb3ab176f2ea4ba82295a7197753018fb9df797e80f5a02ee2f4155d63e7deeca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
f6b503630b111bca28b8ae10ceeeb86b

SHA1
b27e4fcb5ae0f4b4036f22b73f1a70ee211918a2

SHA256
3ed2a177b164abf3815505aea9064a90ffb69ee27740987cff931341d091b860

SHA512
741dbc85f566f3717ea554b3ea0f2702374f8e7e2ee7385eaab466660a83a581ae5a64af4c7a51e227f1861f4218dfb7b3c56dac97120ec2fc6394220ecfa3cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
ad77974840fbb1790ce04e9c558f4167

SHA1
a09343af187d8b19caf99610a893ff0d96b16820

SHA256
b48aaebc9568780952dfbf3e0f2b706438866fb623a242762c50c492003e186e

SHA512
260b1d5c4ee164eb85ded4410da6c0e4e07c23a4b36324998b181bcae69353fa4ec330a9fe74802a7450521e6abf79a707b3061bb13b00dc0d94712763d472fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
e5602899b2b6fbf39aa19a39012a5a29

SHA1
ed960d20861cb9594ee5a748b53b5ced786b1b32

SHA256
bffdd51e169f7201654d90f910fc3020c9b5752315b9c7cb0690eaa7107bdd6a

SHA512
3526bfeca5225f9266135f1d5bcf856e2c25b70b29b08b78f73ba472e8390ab8c83d8c1e24d78977a7a4691c8749c0fa995a34448ea0f7cec21a42e1edccdaad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
335718fa38e89b7b4d11629c2d1c3fca

SHA1
8a06005e8ca1d469aa77125275e1070fe7ae3944

SHA256
2cb64ad88bdfd69570c502c6c219fab88d5a594fa5e84407ccfe17be75aad4d2

SHA512
5fd156e09f3b06143038f211ddceaf238e4aa2ddce7e8052be9659dd673141d44bbf8a079ca2f6cddd01cfcb6656463fd3f0fc22c6f8f3a139f50c115be3ec45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa7176f1ab2e9b4b9988ceda0def45fa

SHA1
e4c811f89816af2277eef61d43b9918a98df0239

SHA256
d10580a48408d37dc310edb1524ef4d55427b77d0086fe2ff13d4eac627a9a93

SHA512
a23faf6f5e6dd74e0c9e290f299ec901a411e626eccc5a1d51026a292975c9d6da410b9d6cef21ebb2973be63ff1c939e920d56114a8702cd9ec3023f6eb2f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba49e0296fc77f704249565061dfe8c3

SHA1
c893e33031e99ad63529829cb85ca785c366c19c

SHA256
6bf82396d9908baa8f5a3746d1fb1947c453d0570ece4a0dfb29889c951a3a23

SHA512
a2263d6039a16cac630a0afb9b4e041e5b57efc894238faab3d8a8b5c062484a96b9b6c6b22a8a5675af6d7bab7e1e6a6cea249a571f66e5ab56839bdd2518a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7C05.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7DAD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF63B8DB3DF0EA7176.TMP

Filesize
16KB

MD5
bf999e1bae3c6721f83cdff4e6d17ef4

SHA1
f9052d4359f724ebc822d69acee1f6f368c73b67

SHA256
ebd80ccfa21b21b50078d3a82b0535db4a5951d279558752beed6788d7438a59

SHA512
1b34b85cad252b25e098fbf9a7241d03abdfa4ddf5b2b3c077e5caa975ea6e15f3e5ac219f97ba6e8f54cf757d10d364c96465f839d7526c941d5604c14e0998

Download Submit
C:\Users\Admin\Downloads\lunar-client-qt-2.0.0.zip.crdownload

Filesize
576KB

MD5
f3dcc5ecf89eb25adf666e16194ef625

SHA1
0bd0ad7a74168bf99de90e723cf022882204086f

SHA256
b2ec54685b1596259320fe92f11cb2f081372b6d80676ba95f278b03ad12493a

SHA512
b8198b4a55da1546128a58a3bbee7ef036fe568e55c7a279676a2fe1e0ceacc47e366c089ff9662b2b07676acdeda03af85eb4e7f269092a30aa5def4a3ac8e4

Download Submit
memory/1728-600-0x0000000007E00000-0x0000000007F00000-memory.dmp

Filesize
1024KB

Download
memory/1728-601-0x00000000082A0000-0x00000000083A0000-memory.dmp

Filesize
1024KB

Download
memory/1728-602-0x00000000083A0000-0x00000000084A0000-memory.dmp

Filesize
1024KB

Download
memory/1728-604-0x0000000007FF0000-0x00000000080F0000-memory.dmp

Filesize
1024KB

Download
memory/1728-603-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download