File name:

Bootstrapper- LunaExecutor.com.zip

Full analysis: https://app.any.run/tasks/7c3e84d4-72ef-4b93-8f57-27482d75e41c
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 23, 2025, 22:31:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
auto
sliverfox
arch-exec
github
golang
loader
crypto-regex
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

85E65A64213EDC431A3E3D6848556E44

SHA1:

691A33CE81E56CECB7597FADB8709ECD2B3CA9C5

SHA256:

C03F6300F70677E07EB682D6528D55017CD0CCCEF028F6D1512ABBB3BBFB95B0

SSDEEP:

98304:pPeWx5fAP2lVMyJ+RZXG3ulRRR2r/r3Wp4c4hywFu9OqmvoLP4O7HeIqi3GLvzF3:6Pk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • SLIVERFOX has been found (auto)

      • WinRAR.exe (PID: 4428)

    • Generic archive extractor

      • WinRAR.exe (PID: 4428)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 6228)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 5232)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 6256)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 4428)
      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • MicrosoftEdgeUpdate.exe (PID: 5972)
      • msedgewebview2.exe (PID: 6256)

    • Executable content was dropped or overwritten

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 1052)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6240)
      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • MicrosoftEdge_X64_134.0.3124.83.exe (PID: 5132)
      • setup.exe (PID: 4284)

    • Application launched itself

      • Luna.exe (PID: 2552)
      • setup.exe (PID: 4284)
      • MicrosoftEdgeUpdate.exe (PID: 5972)
      • msedgewebview2.exe (PID: 6256)

    • Process drops legitimate windows executable

      • Luna.exe (PID: 1052)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6240)
      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • MicrosoftEdge_X64_134.0.3124.83.exe (PID: 5132)
      • setup.exe (PID: 4284)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6240)
      • MicrosoftEdgeUpdate.exe (PID: 6228)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6228)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5772)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1300)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4024)
      • MicrosoftEdgeUpdate.exe (PID: 3888)

    • Found regular expressions for crypto-addresses (YARA)

      • Luna.exe (PID: 2552)

    • Creates a software uninstall entry

      • setup.exe (PID: 4284)

    • Searches for installed software

      • setup.exe (PID: 4284)

    • Starts POWERSHELL.EXE for commands execution

      • Luna.exe (PID: 1052)

  • INFO

    • Checks supported languages

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 1052)
      • Luna.exe (PID: 2552)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6240)
      • MicrosoftEdgeUpdate.exe (PID: 3888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5772)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1300)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4024)
      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • MicrosoftEdgeUpdate.exe (PID: 1568)
      • MicrosoftEdgeUpdate.exe (PID: 1812)
      • MicrosoftEdgeUpdate.exe (PID: 5972)
      • MicrosoftEdge_X64_134.0.3124.83.exe (PID: 5132)
      • setup.exe (PID: 5124)
      • setup.exe (PID: 4284)
      • MicrosoftEdgeUpdate.exe (PID: 1012)
      • msedgewebview2.exe (PID: 5232)
      • msedgewebview2.exe (PID: 4756)
      • msedgewebview2.exe (PID: 6256)
      • msedgewebview2.exe (PID: 6184)
      • msedgewebview2.exe (PID: 1128)
      • msedgewebview2.exe (PID: 920)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4428)

    • Reads the software policy settings

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 2552)
      • Luna.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 5972)
      • MicrosoftEdgeUpdate.exe (PID: 1568)
      • slui.exe (PID: 6632)
      • MicrosoftEdgeUpdate.exe (PID: 1012)
      • slui.exe (PID: 5136)

    • Reads the machine GUID from the registry

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 2552)
      • Luna.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 5972)
      • msedgewebview2.exe (PID: 6256)

    • Reads the computer name

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 2552)
      • Luna.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • MicrosoftEdgeUpdate.exe (PID: 3888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1300)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5772)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4024)
      • MicrosoftEdgeUpdate.exe (PID: 1568)
      • MicrosoftEdgeUpdate.exe (PID: 1812)
      • MicrosoftEdgeUpdate.exe (PID: 5972)
      • MicrosoftEdge_X64_134.0.3124.83.exe (PID: 5132)
      • setup.exe (PID: 4284)
      • MicrosoftEdgeUpdate.exe (PID: 1012)
      • msedgewebview2.exe (PID: 6256)
      • msedgewebview2.exe (PID: 4756)
      • msedgewebview2.exe (PID: 5232)

    • Application based on Golang

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 2552)

    • Create files in a temporary directory

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 2552)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6240)
      • Luna.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • msedgewebview2.exe (PID: 6256)

    • Detects GO elliptic curve encryption (YARA)

      • Bootstrapper.exe (PID: 1760)
      • Luna.exe (PID: 2552)

    • Reads Environment values

      • Luna.exe (PID: 2552)
      • Luna.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 1568)
      • MicrosoftEdgeUpdate.exe (PID: 1012)
      • msedgewebview2.exe (PID: 6256)

    • The sample compiled with english language support

      • MicrosoftEdgeWebview2Setup.exe (PID: 6240)
      • Luna.exe (PID: 1052)
      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • MicrosoftEdge_X64_134.0.3124.83.exe (PID: 5132)
      • setup.exe (PID: 4284)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • MicrosoftEdge_X64_134.0.3124.83.exe (PID: 5132)
      • setup.exe (PID: 5124)
      • setup.exe (PID: 4284)
      • msedgewebview2.exe (PID: 6256)
      • msedgewebview2.exe (PID: 1128)
      • msedgewebview2.exe (PID: 4756)
      • MicrosoftEdgeUpdate.exe (PID: 5972)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6228)
      • setup.exe (PID: 4284)
      • msedgewebview2.exe (PID: 6256)
      • msedgewebview2.exe (PID: 920)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 5972)
      • MicrosoftEdgeUpdate.exe (PID: 1568)
      • MicrosoftEdgeUpdate.exe (PID: 1012)
      • msedgewebview2.exe (PID: 6256)
      • slui.exe (PID: 5136)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • Luna.exe (PID: 1052)

    • Reads CPU info

      • msedgewebview2.exe (PID: 6256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:01:26 21:32:58
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Bootstrapper- LunaExecutor.com/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
29
Malicious processes
11
Suspicious processes
1

Behavior graph

Click at the process to see the details
start #SLIVERFOX winrar.exe sppextcomobj.exe no specs slui.exe bootstrapper.exe conhost.exe no specs luna.exe luna.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_134.0.3124.83.exe setup.exe setup.exe no specs microsoftedgeupdate.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs powershell.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
920"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\134.0.3124.83\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Roaming\Luna.exe\EBWebView" --webview-exe-name=Luna.exe --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=1812,i,9080285003766445220,15432371678046378983,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingPersonalizedCashbackBingHeader,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\134.0.3124.83\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
134.0.3124.83
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\134.0.3124.83\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\134.0.3124.83\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1012"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7RUM5OTdFM0EtNzVBRi00QjFCLTkxNjYtQzU0N0RENzlDQzMyfSIgdXNlcmlkPSJ7MTM4ODlFOTItNzRGRS00QUZBLUI3QkQtQ0FFNTE1MTBDOThDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0Y5QkZGNTdGLTI2RkMtNDdDRC05MjJDLTEyQjk5QjA4ODFCMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJERUxMIiBwcm9kdWN0X25hbWU9IkRFTEwiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEzNC4wLjMxMjQuODMiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAwNTk5NDM5NjIiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA1OTk0Mzk2MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDY4NTI0MzM3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9hNGM1MjZiYi03YjUxLTRmYzktOTI5My1jYWVhN2M1MmY1YjI_UDE9MTc0MzM3Mzk0NyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1IOHhjYXRoSDVqamswUEw1SU5pJTJmcUtSak5JTm5xQ0tMQ2J6TVY1bFdlYndTbzRHT3VHWFFzY2M2OFROdmdTRzF0ejFLd0g5OGElMmJURXlWUUxFcmpvdUElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzk2MDk2OTYiIHRvdGFsPSIxNzk2MDk2OTYiIGRvd25sb2FkX3RpbWVfbXM9IjM3Mjk2Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA0Njg2ODA5MjQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDQ4NzI3NzQ3OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTA4NTMzNjI0MjQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI4NzUiIGRvd25sb2FkX3RpbWVfbXM9IjQwODU4IiBkb3dubG9hZGVkPSIxNzk2MDk2OTYiIHRvdGFsPSIxNzk2MDk2OTYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM2NTkzIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1052"C:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\luna\Luna.exe"C:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\luna\Luna.exe
Luna.exe
User:
admin
Company:
Luna
Integrity Level:
MEDIUM
Description:
Luna
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa4428.42408\bootstrapper- lunaexecutor.com\luna - lunaexecutor.com\luna\luna.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
1128C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\134.0.3124.83\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Roaming\Luna.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Roaming\Luna.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=134.0.6998.118 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\134.0.3124.83\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=134.0.3124.83 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7ffc887e3140,0x7ffc887e314c,0x7ffc887e3158C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\134.0.3124.83\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
134.0.3124.83
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\134.0.3124.83\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\134.0.3124.83\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1300"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.45\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1568"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7RUM5OTdFM0EtNzVBRi00QjFCLTkxNjYtQzU0N0RENzlDQzMyfSIgdXNlcmlkPSJ7MTM4ODlFOTItNzRGRS00QUZBLUI3QkQtQ0FFNTE1MTBDOThDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0EwQkY4QkY1LTNGMTUtNDQ5My04NkFGLTVBNTM0MEJFMjZFNH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJERUxMIiBwcm9kdWN0X25hbWU9IkRFTEwiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQ1IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDA0NDkzODU4MCIgaW5zdGFsbF90aW1lX21zPSI2MjUiLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1760"C:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\Bootstrapper.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\Bootstrapper.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa4428.42408\bootstrapper- lunaexecutor.com\luna - lunaexecutor.com\bootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\umpdc.dll
1812"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource taggedmi /sessionid "{EC997E3A-75AF-4B1B-9166-C547DD79CC32}"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
2552luna\Luna.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\luna\Luna.exe
Bootstrapper.exe
User:
admin
Company:
Luna
Integrity Level:
MEDIUM
Description:
Luna
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa4428.42408\bootstrapper- lunaexecutor.com\luna - lunaexecutor.com\luna\luna.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
3888"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
Total events
29 996
Read events
27 533
Write events
2 395
Delete events
68

Modification events

(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Bootstrapper- LunaExecutor.com.zip
(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4428) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6228) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(6228) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Executable files
215
Suspicious files
141
Text files
41
Unknown types
0

Dropped files

PID
Process
Filename
Type
2552Luna.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\autoexec\main.luautext
MD5:D1C70DC9892EC4C910B00A53A8A0E17E
SHA256:BFC03E5837BBCA0953E447B85E839A371532465FE78666F0911B585E850EF0DE
1760Bootstrapper.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\downloads\Luna.zipcompressed
MD5:C44B07A83211D00F2DA98B84704DC63F
SHA256:E6C563B323E3DD8E49D52B053E80208B42F06AE84599EFED461980AB62712299
6240MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU4FB3.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:156FC058C02F6B2BFD84E6E3D781CBFC
SHA256:23F6D1F6F030AD029C7AC9C7179A6E57B0CF2636CCA6034898C44A6088F38235
1052Luna.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:7683171B0278B98339BFF83AE892BF9A
SHA256:C4985B3D50104C12A535E45ECA320C1DD462041ECE252468386EF0B17788BE71
6240MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU4FB3.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:0857CFD39400CD28176599CC0AFD35CB
SHA256:09358F21AD991269DFF34C97F377472B3908D505A1D5A2CF35E1507C789D9562
6240MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU4FB3.tmp\psmachine.dllexecutable
MD5:75E238DAE9A5C2F276A47979B44557ED
SHA256:BDF767EC157F985AD03EFC335854EED97040F3997208D25CA35F82B1C1A02B50
1760Bootstrapper.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\config.jsonbinary
MD5:CC9BE1D98E86DA9236BC3EE261818CAF
SHA256:BA97EF708719EDE6FA37223BA5CB1BFCD6CC3EE9B627E297980D0D86BEA069A0
6240MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU4FB3.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:D2C066EB9423969B8DA07ED5017E4449
SHA256:E74B6BB988BD8D9FFA041D50BD48ECD03C405F9BB753E29CA462E1BA42930868
1760Bootstrapper.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\luna\Luna.dllexecutable
MD5:3A87FB61F757BC7F8AAA333663A55C78
SHA256:5EA93E328A9D7CB9230ACDDC01B38DC09F3B94792F81F9DB8CA3D30185A94C74
1760Bootstrapper.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4428.42408\Bootstrapper- LunaExecutor.com\Luna - LunaExecutor.com\luna\Luna.exeexecutable
MD5:0AEC51F850345D11F9C754DAFAE65A56
SHA256:7BD3C4C1FC6F2C81AF595CDF1EDE15E7688A1B110EB876569D6907F92DD19F10
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
44
DNS requests
35
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.194:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
732
svchost.exe
GET
200
23.50.131.74:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a4c526bb-7b51-4fc9-9293-caea7c52f5b2?P1=1743373947&P2=404&P3=2&P4=H8xcathH5jjk0PL5INi%2fqKRjNINnqCKLCbzMV5lWebwSo4GOuGXQscc68TNvgSG1tz1KwH98a%2bTEyVQLErjouA%3d%3d
unknown
whitelisted
4200
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6544
svchost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5668
backgroundTaskHost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4200
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
732
svchost.exe
HEAD
200
23.50.131.74:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a4c526bb-7b51-4fc9-9293-caea7c52f5b2?P1=1743373947&P2=404&P3=2&P4=H8xcathH5jjk0PL5INi%2fqKRjNINnqCKLCbzMV5lWebwSo4GOuGXQscc68TNvgSG1tz1KwH98a%2bTEyVQLErjouA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.194:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
23.63.118.230:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1760
Bootstrapper.exe
140.82.121.5:443
api.github.com
GITHUB
US
whitelisted
1760
Bootstrapper.exe
140.82.121.3:443
github.com
GITHUB
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 172.217.18.14
whitelisted
crl.microsoft.com
  • 23.48.23.194
  • 23.48.23.177
  • 23.48.23.156
  • 23.48.23.176
  • 23.48.23.147
  • 23.48.23.180
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 20.190.160.4
  • 40.126.32.72
  • 20.190.160.22
  • 40.126.32.138
  • 40.126.32.134
  • 20.190.160.20
  • 40.126.32.76
  • 40.126.32.136
whitelisted
ocsp.digicert.com
  • 23.63.118.230
whitelisted
api.github.com
  • 140.82.121.5
whitelisted
github.com
  • 140.82.121.3
whitelisted
objects.githubusercontent.com
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.109.133
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
732
svchost.exe
Misc activity
ET INFO Packed Executable Download
4756
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4756
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4756
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4756
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4756
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4756
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4756
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4756
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Bootstrapper- LunaExecutor.com.zip