183c1ce5ac789cdd12e75554804dc4a1f635eb5f7d239eccd987475afa82aaf6

Resubmissions

30-03-2023 20:34

230330-zcxk2aff4s 7

30-03-2023 20:31

230330-za4xbseb56 7

Analysis

max time kernel
300s
max time network
306s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
30-03-2023 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lunar Client v2.15.1.exe
Size

754KB
MD5

ec7ffaaf4aa860d1d0b843b5de15ac59
SHA1

8fa9b0ab0790149cb563d4d27ec8954e9ddb969f
SHA256

183c1ce5ac789cdd12e75554804dc4a1f635eb5f7d239eccd987475afa82aaf6
SHA512

44950aec9adb9e144cbe72ac4c3b652a748193c652d4558a04b3b9c995888869085e8c5d23f8e8030862ab26c744eb482d5affe0747ccf20fb0a9f41f527b736
SSDEEP

12288:5Meeeeeeeeeeeeeeee7eeeeeeeeeeeeeezeeeeeeeeeeeeeeeeee7eeeeeeeeee2:57IF0HL8MaDu173pG1szLSvJwCU4h0/r

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Lunar Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Lunar Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Lunar Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Lunar Client.exe

Executes dropped EXE 10 IoCs

pid	Process
2368	Lunar Client.exe
1840	Lunar Client.exe
4908	Lunar Client.exe
1448	Lunar Client.exe
4684	Lunar Client.exe
3444	Lunar Client.exe
1684	Lunar Client.exe
4188	Lunar Client.exe
4680	Lunar Client.exe
3728	Lunar Client.exe

Loads dropped DLL 28 IoCs

pid	Process
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
2368	Lunar Client.exe
1840	Lunar Client.exe
4908	Lunar Client.exe
1448	Lunar Client.exe
1840	Lunar Client.exe
1840	Lunar Client.exe
1840	Lunar Client.exe
4684	Lunar Client.exe
3444	Lunar Client.exe
3444	Lunar Client.exe
3444	Lunar Client.exe
3444	Lunar Client.exe
4188	Lunar Client.exe
1684	Lunar Client.exe
1448	Lunar Client.exe
1684	Lunar Client.exe
4680	Lunar Client.exe
3728	Lunar Client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 19 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Lunar Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Lunar Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Lunar Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Lunar Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Lunar Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Lunar Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	Lunar Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	Lunar Client.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
3824	Lunar Client v2.15.1.exe
4908	Lunar Client.exe
4908	Lunar Client.exe
1448	Lunar Client.exe
1448	Lunar Client.exe
4188	Lunar Client.exe
4188	Lunar Client.exe
1684	Lunar Client.exe
1684	Lunar Client.exe
4680	Lunar Client.exe
4680	Lunar Client.exe
4680	Lunar Client.exe
4680	Lunar Client.exe
3728	Lunar Client.exe
3728	Lunar Client.exe
3728	Lunar Client.exe
3728	Lunar Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	3824	Lunar Client v2.15.1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4988	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 1840	2368	Lunar Client.exe	94
PID 2368 wrote to memory of 4908	2368	Lunar Client.exe	95
PID 2368 wrote to memory of 4908	2368	Lunar Client.exe	95
PID 2368 wrote to memory of 1448	2368	Lunar Client.exe	96
PID 2368 wrote to memory of 1448	2368	Lunar Client.exe	96
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 1448 wrote to memory of 2228	1448	Lunar Client.exe	101
PID 1448 wrote to memory of 2228	1448	Lunar Client.exe	101
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99
PID 4684 wrote to memory of 3444	4684	Lunar Client.exe	99

C:\Users\Admin\AppData\Local\Temp\Lunar Client v2.15.1.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client v2.15.1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3824

C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=gpu-process --field-trial-handle=1972,14839539142124706456,6337104275263552107,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1840
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,14839539142124706456,6337104275263552107,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=renderer --field-trial-handle=1972,14839539142124706456,6337104275263552107,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --app-path="C:\Users\Admin\AppData\Local\Programs\lunarclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:2228
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:2528
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=gpu-process --field-trial-handle=1972,14839539142124706456,6337104275263552107,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=gpu-process --field-trial-handle=1644,13790875337360764236,6041774395126153068,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3444
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,13790875337360764236,6041774395126153068,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=renderer --field-trial-handle=1644,13790875337360764236,6041774395126153068,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=es --app-path="C:\Users\Admin\AppData\Local\Programs\lunarclient\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
    3⤵
    PID:2776
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
      4⤵
      PID:2756
- C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe
  "C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe" --type=gpu-process --field-trial-handle=1644,13790875337360764236,6041774395126153068,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2348 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.lunarclient\licenses\NEU.txt

Filesize
7KB

MD5
9d5fd3dc9dd7a9225a53a8123d0360c5

SHA1
86f4df8deed9e8db7c73d03346d46d50f316cb48

SHA256
1a45b1d0a8603dfe2cfc644f9dab970b1762f92babe2aac6eb2f5d4572c4a680

SHA512
ae339a3985a2885c4ec2ffcffab75f70a3dcb457007a9c8e1aa5e00f103465695373c3dffff687a07aac8f5dfcb193f2df94a7e26c501b2675f56a2da0b22c5e

Download Submit
C:\Users\Admin\.lunarclient\licenses\jackson-core.txt

Filesize
11KB

MD5
175792518e4ac015ab6696d16c4f607e

SHA1
1128f8f91104ba9ef98d37eea6523a888dcfa5de

SHA256
58d1e17ffe5109a7ae296caafcadfdbe6a7d176f0bc4ab01e12a689b0499d8bd

SHA512
31cc38066678c030e8f6378dcae59add64566a977f92983c3a4c929c9b76424291915ea4283e1367ece50b9537f8d51970aa8fd5ce063037aa3a7c45f0677d25

Download Submit
C:\Users\Admin\.lunarclient\licenses\junixsocket.txt

Filesize
11KB

MD5
2b42edef8fa55315f34f2370b4715ca9

SHA1
58853eb8199b5afe72a73a25fd8cf8c94285174b

SHA256
43070e2d4e532684de521b885f385d0841030efa2b1a20bafb76133a5e1379c1

SHA512
42edf58252a01b5858e6cc3c5a1a29bbcdf1295351b6a4383883a189499ec3c1a64cd5f2f6498a9385e85af21732c65afa866a8371afb4bf843f4e8bd38a7a73

Download Submit
C:\Users\Admin\.lunarclient\logs\launcher\main.log

Filesize
588B

MD5
f9a44839e942806994d1dd2755553f77

SHA1
d10dcccc1ced5708a21b54ac03c856f5b9127e42

SHA256
7499ce0379a4d599a4acbd66f3d71cbd470087a5833d2f14bc3abe74c1b79b66

SHA512
1266d19094f810703a283621c421916474c04838d7d462753abc8397ae5108d2c7ac57f53f78979c1ef57b5cd1b2e37bfdbefaa2209751b9eb7de1f3322fb02a

Download Submit
C:\Users\Admin\.lunarclient\logs\launcher\renderer.log

Filesize
35KB

MD5
af8b55c723e375c47d874b153fc87b10

SHA1
0ec51bed357fbcfa937881a316d43c5fbc0f1a8e

SHA256
b5fdd5e3c1eb8cf8a0c0ebd9b3b0b855741396e826c5246aae7db6be21a69f7c

SHA512
3db2d8db80c85d9186575a8b54575c9a367bdf52658197561a263043f6562762e9cb3a933dcd1138639b46fa9524dac0a0e81faa35d91c1cf071bb906b8a90c5

Download Submit
C:\Users\Admin\.lunarclient\logs\launcher\renderer.log

Filesize
256KB

MD5
e8052f597a9c35e09fd0a39c8cf5d0d6

SHA1
cc6400443afca574c9c762d4109e183b4e165668

SHA256
d7555ac1330df7b4dfdd36eefdf7371135b0e8ff9ba7a852dc3af318a33d71f5

SHA512
8b752db2bfa2ed01116afaa541a819b1f2e9d0b06e88be17238088d191964f3f5694cd7dd701064d5a6eeb53af707112f76d64d3d05f9ece9b9a4fab861723e2

Download Submit
C:\Users\Admin\.lunarclient\logs\launcher\renderer.log

Filesize
4KB

MD5
304163685f8213af5a6ee6820f9f3230

SHA1
248caebc24c584c59adedd227a481d05894d6ba8

SHA256
08ac6bce526364bad7c4d62a354a3b409ebd552328eefa9a600862ab58d10ae8

SHA512
495852ab198d5542ff4c6a818a0503f630b03f24579808aa98f515cdeb2dfb3b207ae4afceacb38fe62a5fd43b14cc42e820f46f20d27301e01455aa1070adb7

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\astelicwinter.webp.mcmeta

Filesize
61B

MD5
7a3437f586542801fdfec2daaeb373b7

SHA1
f5b53f6cd61a61bee132366e3e913e45494480d5

SHA256
ccd3c4bc8ed0f66daccd1dfc7860cd7eee6132f6d8721e67c31edb68059147c1

SHA512
3205bbce79f237f268f62d6509efd52e0e53c3327f206545a618a466f5a99cbb9b0dc996fa87facd17ae616c4ef676c5de8aa8fe11e52b553809d58eb3e83533

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\deltawings.webp.mcmeta

Filesize
63B

MD5
662ded5ee1a93a54e30a74088a89917b

SHA1
a1c2d83637829becfd190b5cf06b5aef13923dcb

SHA256
9a289ae27092cb46cf86d7267b652ece0b15ee4e15989d9a5f00735bc588601e

SHA512
b228a88dae7b41033a729015c28c6ff49729c3c501218d1ebd5574dc71c0ec85428e719e492d594db9c7be50b363fb1d86a0c7039c227e1af7ffa564dea0ad8b

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\i3rother.webp.mcmeta

Filesize
62B

MD5
a0e7730dff934a9cb2627fb88da99f87

SHA1
c18ec218296797f9258794c2d76448a42bac90c2

SHA256
919b1b83238c24fc1c4c9525cbc03ec7dc67c5a137ec76432de536198d0da3b2

SHA512
a13ba96a9cb487e505a7b4188f88f4bcf6735a41bb318797194f8b81bc793406ab777202b951252a3a90334a5e4df86cf81ecf580df86a95eb9cc1f9506324c3

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\krustydavidwhite.webp.mcmeta

Filesize
62B

MD5
6dd8a4704f6e5f1e2fa3d9da8d3ecb7c

SHA1
33b3e052fd54cf449684e85537ee3339de0edf0f

SHA256
68128fc74e6444c8e88c1edda6f4387aacd8087917beaaef4885a13b62fc6d55

SHA512
048c787bd70efdf439ab2c6be6fe96dd1465ae2e85ea8b4e8765995e917233049c5ecc4f934d691e0f292822f6068415f2f1f41b8cc4916ff34ab5d44906b9cd

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\lunarpluspinkblack.webp.mcmeta

Filesize
64B

MD5
5f2f175f414bfd5be272e790e40d36b8

SHA1
c39c27698cc6ea8b7898c294b69ef4591eec1d68

SHA256
83ebb8051e24aa8e6d4a64242b239a48cb15fe8c418b3357d7318947513b55fc

SHA512
f723a53d0f289536190d659fb1b1c9f7c903a1d8c343a27574d122ae541496ee3961afe99dc5e37759fd9e7efd2fd5cda0e95542667b8abe1beb12c79cc5b1b3

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\midnightxmas.webp.mcmeta

Filesize
63B

MD5
adf197312061efc9f5d14fef20a81d56

SHA1
6a12619ed49bded4b04d90903c1209c98d5aa0dc

SHA256
ae228ed4a21216112f300333b5ef45b41432ed2d416c219560c587c432d87510

SHA512
2f31ac72a1af406037cfd79ec24267b462637c43c954f6449ed68e5c40bf835d9c511f02e949b859680de7f05f1ac5693f383c830b2a78284b068076bdd55c48

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\neonredgreencloak.webp.mcmeta

Filesize
63B

MD5
937b8c02792d834bf6eee0e743e603fe

SHA1
fe61dbd94b9b8c33b179beaf5f386636e440f271

SHA256
07f091eddb7831b6bab2d6b878e0bffc1b881a92316110ab2a8ef8658b8f79be

SHA512
825aaaeabf0d170770378d82868f66648b5aad856d0574f79ede631ea8dc8c3be05e41bfc717b91bbb9d1c5933d0760aeb0c4e2305e41c827e1f8707257953b4

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\redglitchedlunar.webp.mcmeta

Filesize
63B

MD5
cfdd708dae10ae6ba12d7e9da6e2a7ce

SHA1
8976bc0b51c7228a4a011c369848f6a18a3dd0f0

SHA256
9482002c678e5f55d3be1909f032986df5cce564a3fc00afc5cd0ba4f967ee32

SHA512
9f22d614cf0ef5c4bacf95e419f3bda624f51365fa5d2725fa92a2d2cedb8acd904a57b8aa10053e83d5fbe42d14a9e57cf62382dfa3f18f3a0a3fa68fcad52f

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\spacestationgalaxy.webp.mcmeta

Filesize
63B

MD5
bc32cf63609bc08ddb20f61d7800fe8a

SHA1
89bff8e125dfb052706cc4d775aa3534ea6dfe7b

SHA256
c1cda5005887447ce07945ada2df0056cdb5bb2cd2cd54f9d0b4d5bd5d88692d

SHA512
e4dc559afdd51df9b200d46eee57bac4e2574c4964eb0af1b141fa8d45258c04bb8ff0121da9bd837459f93798ea618cc0e9e04f641f85c4250c0ba9aa9875b9

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\versglitchedv2.webp.mcmeta

Filesize
61B

MD5
ecf4b64166091ca56b586a779a6ec6d0

SHA1
468c277396449b95ec7ec22ae0afad49fc6700b0

SHA256
861ee728928a3a7fed8bf353dd99d1d786629397380fe4ca7315e51f6a18f529

SHA512
94d3374c8adc5058bf98920a8977598e1a83b7a489ef8f0dfd14d80127f48ec53a51007df08c1b88a2e20c889aed0ff2be0edb79d49072f26dd3f4a612395f86

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\wispblueaxolotl.webp.mcmeta

Filesize
61B

MD5
46928583f1c770fed8d07f8a6e051d7f

SHA1
f82010a918b2315b6655d652b78ba0af6dd99dae

SHA256
e3ed1bab288105e7663a01907c67f40f6f7cae5f67d7ac2c0d8358ad2c3377a8

SHA512
babe76bd7300a6113fcbe2656600c1bb3f59b2376798e40d83a12b159893da3508678bc6bf2c650616e4c54e74e0bd6bfdc4b658c8a519dd6ecdb8b853c356d5

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\xnestorioburninghand.webp.mcmeta

Filesize
61B

MD5
4e11af3d18c034eadfe539aa875d45a1

SHA1
c69422ba1b845f875a53e034bbffae0e4c39360c

SHA256
c09d85dc06059dd5eca8396df9c53c70931f5b76a4ed850fc8c5f731524e2261

SHA512
3173706f72b3f5d0ed14ee11f1242f32551f965848d11338782c1974b7866c79982eb95b937f7defffef13e082e9146478c36fb40c877eccb521a952807be692

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\xnestoriopinkanimatedrose.webp.mcmeta

Filesize
61B

MD5
5f0729d9aabd6a8e34a654d2ca3feec3

SHA1
2cd752ddfac973a70472abe9fb4ec000c4eb3252

SHA256
652231bca46644042e435f86c882ddf27bc4390cb9fe7ead71cbffcd6dae5798

SHA512
fd7a9c3509f16481dedf984b5e7c87c06f1dddf200af1ece78cb8bc4ceb897640a940dc2a8831433256e323df61c20bf752dee26c1ed2ad61dedba649b034fb8

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\cloaks\zyphalopagusstick.webp.mcmeta

Filesize
61B

MD5
8df681ec7b11c3e13de6a27b32923e73

SHA1
255bd64f7e82fdabdd432fd6d355fd9ae7376e1f

SHA256
64b0ae5919d174e1c804b7b07a9dcf275cca4df9cdbf80d7cbd0e3c9cd2e0f09

SHA512
43e692dd268fd14e7a34082d196b080f5b7d90cf313bbfc60823863527f1eef85816bc8f7e6b21c3965b760c7e46c945c3f77e8fb22b7089de9a29466313db1a

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\bandanna\textures\averyheartbandanna.webp.mcmeta

Filesize
63B

MD5
643f86081e9ef31568f4dfa0faa1c508

SHA1
2801d7599df9c879e549906968837f4baafa4b12

SHA256
8a028a37193368edcc797265e70206b4d284f27d7885c3c7a1b32b911c91e51b

SHA512
d78a09227a109b6df1909dbfa7741ba5ec18afdaabd024134c8f9733c3e551c3f5b4d170466294d3914f4d6b51ac08768e538ac4dd0b75322109cc73c80b0f61

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\bandanna\textures\halloweenbatsbandanna.webp.mcmeta

Filesize
63B

MD5
b8bcf39a947901e9441a019258daca0c

SHA1
dd5555bc251b722f1a297919612231151cde1705

SHA256
01bc294585498fd554941869f2179d7f3d0db28a2341eeaf0aab6f5f3e259b38

SHA512
c68aa576571f270c02bdb32e8616f2ffe41826c2661067f0cb16f7e654c1922d998b28c8154c4b7cda13a216d4c4e2c65cbfb3e9e1ff236b202584d05f1b2d9e

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\bandanna\textures\lightpinkglitchedbandanna.webp.mcmeta

Filesize
63B

MD5
f8bef180a49f1d1c776d218ecc3a3899

SHA1
b426fec52c1ca01551aa5010e2dde73525484261

SHA256
cc7f0cda5cd4aa5e1fa652791e1c888943fafd9c2bdc81f4d5ae6b2426e31d1c

SHA512
902e4d4ba0e2880de50a09b8672b5c5144af4827cd714c5976860503a15ea62891379ef78b3ba3d36ec4587312f23aa7ce065bd53df01fc45ba15e8688c6ff66

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\bandanna\textures\neonpinkbluebandanna.webp.mcmeta

Filesize
63B

MD5
9a1336e4013da1d4d3434276853232fb

SHA1
f9a187299577bcb9ed4aa3b9ca0ecc0878682f72

SHA256
99ac522a13dc21ee5cf75c3a3544f2a7ed937b62fed293fb766f77b3ed75b05a

SHA512
6a670f1f6cc8dc55c0871a8c3dd66b2e39ee8337e0fef8f8ce52530d725da2925d78d1c5352b1a33901cd451f5efa6977a9d5082f8c5f2acd196626c063a9b9b

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\bandanna\textures\springbutterflybandanna.webp.mcmeta

Filesize
63B

MD5
1238d39282d6171dac0ae93c273985b4

SHA1
82a11d62b9fe56171956c3ec8e40611fd48895b5

SHA256
dab7750a72cb06dc610720e9eca60dec30f2522215321a2da960fff2dcb9d151

SHA512
c8b1128d8c92bd5e7768409573da72550805560f6798b17c897ccf982b06b6a4561fe110a03559ac8e5ca3be29c8b4d6162d8d304c484b78e19869fa5767bccb

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\facebandanna\textures\lunarpluspinkwhiteface.webp.mcmeta

Filesize
63B

MD5
69ef7d1799026110ee3e34fce7e96a46

SHA1
ffbf8a0aff3e54cf12ae3abc646d672e39a9b886

SHA256
01e6dc36a764ceb2cc3886cdd9b54134c5a9cd04cc661022796829a10970401e

SHA512
063cf032048827b3e817b8128420149f6c95b4f2dbe9766a8657064f55a1e425001fb73d92c21a8d500d504cb1a73570c4a97efea699df10dcb19ddf22b18bea

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\halloween_mask\textures\neonorangeredfullmask.webp.mcmeta

Filesize
63B

MD5
19a3ca56dde6f8d43031f7e7396afb1a

SHA1
88fdcbec708c9d3c60b93e217805269ebda39605

SHA256
eefa09792fe81a273eb57e6a22ed7fe607a5f1ee7d2491b6f69454c71c868e2c

SHA512
8fe5ef9991bc4ffd3ba8ca2e844dded521d795aa610302417599f0b9bd4bc9553b12a631b64faf9ea7ddc409d0aaa026e6dd96c3759972b59e995d997d28472a

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\halo\textures\valentinespinkhalo.webp.mcmeta

Filesize
63B

MD5
0d9cb8cf5c2afa138a3a3bc5b132d825

SHA1
a74242280ad328b021f0b2258e98aa8948b48416

SHA256
4619938ea88aee4908495774f210ca9cd085b2316358c29b54ff2e2b47f67d48

SHA512
0b99a3de46cc99683770de17512830943cbdffaaa709585c1ea453e3fc08522b9fdcd11ceb13a1c897c02db6de1721ccf54a252bf856ab0d917eae4321e1df3c

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\halo\textures\xnestoriowhitehalo.webp.mcmeta

Filesize
63B

MD5
8ea3a41a53e3f3893105ea86faa8e94b

SHA1
68005f534f4a40ea62e0ff43f7317a5975bac7e3

SHA256
fb9b4c56b0e5f20f8568d960eb3e78b9fdff0af6776caf0bb98baef9760cf588

SHA512
e6abc3a72553ac9ab0dfdc97a086eac92caeaba28a5938cba0c8754408495d3145c9adc66733e5ee01ac2e6e5f4e67709b52ff0e01bada85072f22d0a579d080

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\mask\textures\greenpimask.webp.mcmeta

Filesize
63B

MD5
16fa6494df2f09c01dcaf32c2b2cfb0f

SHA1
e63e4e0b3fbe527d04de51f69e56e16a330e4f8e

SHA256
8db77927179aa8c3a05a39b2d6b5c157734e93a747ef2868522de2cad8c139e0

SHA512
37109f3abd8efae91b1899883adc9091e41a80355756809710e3d25cf24bbbecd6dcf4252f3eb205acbb08a3715bfeda6a5066ea7f0f93ca407c558f7d035b4b

Download Submit
C:\Users\Admin\.lunarclient\textures\assets\lunar\cosmetics\models\hats\pumpkin_creeper\pumpkin_creeper.webp.mcmeta

Filesize
62B

MD5
989af1c21651556b3011ed290e5c1023

SHA1
6826a00414f82450bf899399378d699394f8a1cd

SHA256
23ca6742f5b218aa4c4f3d43504f5daf62cabfe48ffbc3b2d45f726e5a71506c

SHA512
d5c3690e773a602bba6c38909fdb730735c2b273652cc3ca8188d1ac6aed6083a7c5fb14cfad248e635ecb5cc986cb9e3bb31276cdcc004d8bfb6210c675e7de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
c373fbcecda4511b2184f87ed583c7fe

SHA1
a7839f57821e1bd876e434d1cd54551906b2de15

SHA256
cff7a0d6b78f383f1ca8bea06c69a9cd53d34a9deb128a393ce3704f89c72096

SHA512
c536c0d10e16cbccd805f7f0a36e9904af509299fefd55a644de37907ac72c53388c43ab4f03611a05cda27789e05e85a035a35f7d985062bc7d11bf33bc2bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
9fad744464dbabd211e4248375c21b0c

SHA1
a935e6bdcd10378656fbb53072935ea050b4d22f

SHA256
9e11b51de6b14017158f276ce50d5d8b20de723df14b1bddabdf77d16b42eb7a

SHA512
0a8f42894fd64b1beefb53a9db371d4b2e3748d127127c80025823772588f59b645f343f670a84d4d24b4ed7c96fddeaa078448dfffa84af9d239b4a61066aec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel

Filesize
36KB

MD5
fb5f8866e1f4c9c1c7f4d377934ff4b2

SHA1
d0a329e387fb7bcba205364938417a67dbb4118a

SHA256
1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170

SHA512
0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\Lunar Client.exe

Filesize
129.9MB

MD5
6406a5cdd855e658c2b3fe1de09e32bf

SHA1
7161b211200e7f2997e998d4be24270e7878eed7

SHA256
86a612d3da728265468a99514ff281bfe9fbb48c5375d1fbac25291f064a6209

SHA512
9d37fd15566afaff8cd8dcbf4ae41b9b589d7d57dc7bbd18136b7eb7d9885d28ed39465ad9a8e81c8e4239e1226ddcbd87092609b3d4a5911700a09de834fc9d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\ffmpeg.dll

Filesize
2.6MB

MD5
0a21ae7e5ac221245a11ae41b4500f62

SHA1
3363f03a49f16eb61daa9c22612cc74dbd73e0bd

SHA256
923dfd54dc2413cc05e15fbbc6faafc5e5e3771ea17b3e83c0e252f27a6e0a3e

SHA512
4331d35b9aca1b94988a2357381294989dfe8d16d6f8e5deb5996cdda89de6b78c500ed565dca4fb42eb2bae26a26222861b1648f5bc5c1ed7a5614e032e5137

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\locales\es.pak

Filesize
105KB

MD5
4acad14261fa458cbc61451f4255c891

SHA1
bfbf2429190b85f692bc97d12822cedd53a70742

SHA256
b927984d25359f3d7a20d71aa4b16d2ec4c574461177825b5221865f416d1e71

SHA512
24a71134f5c8f3e03b29491e11d0d0d2b9988c2528593c753893986c6db6ff2bd88e2e5389b086e0785e24141894441efe3db976111e2ad5ee5afbf7374fec1d

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\resources.pak

Filesize
4.9MB

MD5
91f8a4b158df6967163ccbbe765e095a

SHA1
95db67f0a2352fd898f4a4cfdfc860f6a9c58c87

SHA256
a30b8269e588c6cc2cea5fd4685da3012fd10451edb59a283005116f8e033182

SHA512
6450d75d53f24d11e1c1e7e3cacfc57ee9dd09c00ca0dc2ff30f580b59a6b17e7ad7d96682195bd7d806b49068653538c77ca4200491560cecff128a0b012d92

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\resources\app-update.yml

Filesize
197B

MD5
c7aae17e4dabe163b2163ed506b40986

SHA1
14ded38ac319a7bdd1c500b0c8d0ee69b1828e7a

SHA256
4cf6fd408bfa5613ef4d3ac200a678f8af37b050e46a6c9445e468548b9580af

SHA512
e946f2286f4e1172c144c07a092ebb84ed1c30a41318c3ab0a5d6adceb5cdc3174b32ff59dc3031e8316a7aad819a9ebc8fc30e7bb39c405970d0e5c49735320

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\resources\app.asar

Filesize
36.4MB

MD5
447d67cee72daaec0cf3e291d028def0

SHA1
97ec902fcdd226d92c1caa90f4fa454ad1049280

SHA256
3d9871238228b66bd038ad48d60faf4d274015e424a92d57fa8e3773f94503a8

SHA512
dba902cd63d3d77efff999a6f6206fee27ba4c3434468df8c41ded27cb03e81f30531ecee0bfad408f75976a82597a2bc80cfe1998d26dbe7ce9e4d474b5fa74

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\resources\app.asar.unpacked\node_modules\bsdiff-node\build\Release\bsdiff.node

Filesize
792KB

MD5
844727791165c7df763af343264f45cc

SHA1
ffdafb094ae3d9a8a42c1f3249b335a537730e58

SHA256
1083b0d28bd3a45dd2c9be5cabbe42d8665e13b20d83e40ed551393c2d2c7499

SHA512
7dfd3bafd6a4eece907b679b4ddacd12aea527e9afc8ea0a0aea16b30780a880b95c234ec976b00bd023acc2f982c9270023898736efbcca424674161a8d7123

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\resources\app.asar.unpacked\node_modules\bsdiff-node\build\Release\bsdiff.node

Filesize
792KB

MD5
844727791165c7df763af343264f45cc

SHA1
ffdafb094ae3d9a8a42c1f3249b335a537730e58

SHA256
1083b0d28bd3a45dd2c9be5cabbe42d8665e13b20d83e40ed551393c2d2c7499

SHA512
7dfd3bafd6a4eece907b679b4ddacd12aea527e9afc8ea0a0aea16b30780a880b95c234ec976b00bd023acc2f982c9270023898736efbcca424674161a8d7123

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\swiftshader\libEGL.dll

Filesize
448KB

MD5
4d3f71f7c4026d9a6882f3175297816e

SHA1
cbd862bf15991288d4ace44fc541ffa6d606cecf

SHA256
8b97951724d87ab4def7ba41680b8b6e6dc6592b761e35614daf8b650af72812

SHA512
b1cc9f01704faf5296a7dcece116e85bddef865cb1dd6a5c5a912ade81401366b1d8c62cb0d9618f9e986ca072010967d46188affadbb6833621765f49e4a9c3

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\swiftshader\libEGL.dll

Filesize
448KB

MD5
4d3f71f7c4026d9a6882f3175297816e

SHA1
cbd862bf15991288d4ace44fc541ffa6d606cecf

SHA256
8b97951724d87ab4def7ba41680b8b6e6dc6592b761e35614daf8b650af72812

SHA512
b1cc9f01704faf5296a7dcece116e85bddef865cb1dd6a5c5a912ade81401366b1d8c62cb0d9618f9e986ca072010967d46188affadbb6833621765f49e4a9c3

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
08eaefc9b4358c001dc64b1ac4ef1b1b

SHA1
1391b568b2d5262a10cb9a51243c23531cd8fe5c

SHA256
6d6e379958ff33d215f6221b5c654b80c0ed61cc11314ae7e5404ae45ba84aea

SHA512
7d24e474c30dc89aa192e2879fa6f5a7b5914553b5bc434f266512beda91c2dc1867e7d4436a1a2f58d6792421160a150f4c20b564b23be1e6dfa24a268a1287

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
08eaefc9b4358c001dc64b1ac4ef1b1b

SHA1
1391b568b2d5262a10cb9a51243c23531cd8fe5c

SHA256
6d6e379958ff33d215f6221b5c654b80c0ed61cc11314ae7e5404ae45ba84aea

SHA512
7d24e474c30dc89aa192e2879fa6f5a7b5914553b5bc434f266512beda91c2dc1867e7d4436a1a2f58d6792421160a150f4c20b564b23be1e6dfa24a268a1287

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\swiftshader\libegl.dll

Filesize
448KB

MD5
4d3f71f7c4026d9a6882f3175297816e

SHA1
cbd862bf15991288d4ace44fc541ffa6d606cecf

SHA256
8b97951724d87ab4def7ba41680b8b6e6dc6592b761e35614daf8b650af72812

SHA512
b1cc9f01704faf5296a7dcece116e85bddef865cb1dd6a5c5a912ade81401366b1d8c62cb0d9618f9e986ca072010967d46188affadbb6833621765f49e4a9c3

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\swiftshader\libglesv2.dll

Filesize
3.1MB

MD5
08eaefc9b4358c001dc64b1ac4ef1b1b

SHA1
1391b568b2d5262a10cb9a51243c23531cd8fe5c

SHA256
6d6e379958ff33d215f6221b5c654b80c0ed61cc11314ae7e5404ae45ba84aea

SHA512
7d24e474c30dc89aa192e2879fa6f5a7b5914553b5bc434f266512beda91c2dc1867e7d4436a1a2f58d6792421160a150f4c20b564b23be1e6dfa24a268a1287

Download Submit
C:\Users\Admin\AppData\Local\Programs\lunarclient\v8_context_snapshot.bin

Filesize
161KB

MD5
e47426f88649c7f8e27b8a1516cc0137

SHA1
5452aadfddbc55d6c5c18b801087e39529859b12

SHA256
09686ad5bf03d95de7c251d204e60a8e3824bd6420bedddee80b2c6e5609fb26

SHA512
f9647a35ff273ca622b3db4aefb9aaf75075386c42a31e085f916fc82f3a18fed25b0e05dcc09e678ca419408f59f0c34fa5762e5f945db35f9c6f67b7b94bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg7257.tmp\package.7z

Filesize
61.2MB

MD5
2adfd89705a348d582491bb4f4e8603c

SHA1
681f88e88caef89f52b3a059021a878bc2fbd3ce

SHA256
fa2a94d7f3188683256c44de423f19c8e4f0c87481ff0bf3d2f7adb78d891fdf

SHA512
d821582d6a3f807649bf65e8a0fb41250e6c39ca2daefdff22752dc26c646875924b18fc0166212a0ca10054aff2b23288473085ffc2f83676d14055240dd2f9

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\56\56c1d0ac0de2265018b2c41cb571cc6631101484

Filesize
4KB

MD5
04136fa704ddf7b6a0d5101adb0de640

SHA1
56c1d0ac0de2265018b2c41cb571cc6631101484

SHA256
139fc234e51f7825fcdedf10c93d8d60c59df9b4955334f409a624e4b3e6bfbb

SHA512
d0acce8422bee523dac86ca130bfab55e2e0e50906b47ae599d4f5ec0d0627e5c4ef263c77c708586ab4b32786f8aca72f3d39c49926a09a2d5277e7652e4373

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\58\5887d10234c4f244ec5468080412f3e6ef9522f3

Filesize
6KB

MD5
1545455944217e6467c30bc9cf0ba0f6

SHA1
5887d10234c4f244ec5468080412f3e6ef9522f3

SHA256
a0d603f69ad58662e688d74b9ca2f345eebc0938b4af954f16840adf436fe8d9

SHA512
f27e519c219c4d3053c698ac641dc6e252cc208e83b004e0db7fb3015cb9fe5f99bb7739d0b16337f03379dd5775c29456c7ae4f37b15c74b1c851b620df56d3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\92\92750c5f93c312ba9ab413d546f32190c56d6f1f

Filesize
5KB

MD5
4c664febe29f0ca75ac519f0465be466

SHA1
92750c5f93c312ba9ab413d546f32190c56d6f1f

SHA256
2496adc8631bb3ab42ea5a737e2b39242e6a1ca86a90855f7d204a086de35fe9

SHA512
8ccc41d86bbd669da8db5132e3c11f91d3a0386cc6048fb54da28274a388a14065970ff507344cf3cf1522e3ea2297a20576ceaa4d88b0dab56ad7eb2187754f

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\a4\a4bc069321a96236fde04a3820664cc23b2ea619

Filesize
6KB

MD5
02a9f2786ae1487a583495db000551a8

SHA1
a4bc069321a96236fde04a3820664cc23b2ea619

SHA256
ae97513c5bcac9d08f5c8bcbaf55b7a3112134603c141b5de70e15a06c77e325

SHA512
18605d797527b44234a6f2b6a99b2915e7fc30c8c88192252fa3dd02e0b801b78a3f509c44beedc887ef9a38556758279c576d922c8558b2d7b44d795ef25192

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\assets\objects\e9\e9833a1512b57bcf88ac4fdcc8df4e5a7e9d701d

Filesize
6KB

MD5
26a15393379cd7d6072f09f196027786

SHA1
e9833a1512b57bcf88ac4fdcc8df4e5a7e9d701d

SHA256
5998bf8ee2eecc2779ef896f04a540f9d48d4e96cc9227aae4646f4d9b817749

SHA512
73f6fa5e911fd64a3e45037876cc9edd8606c4590d0db5488de2169fddc6d5f80649c0108631e37af2fb52618b477d1a9086c734f8ac901a6b64cb06f64ef0e1

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\.updaterId

Filesize
36B

MD5
c398c40b21f33d409e575149aa993029

SHA1
151339942fcf40c74bb50bb9685896f7d516e02c

SHA256
2599d927ccaee1ae1d06d1bf574d4643c39ef7b4f7e1d84310c0ae388ab7576a

SHA512
35740ba51cf2ae651fff285a4719b004023baedfbc69836b503f976f95d877b16599d193cce52785afbffada03ce12ca25150e79adcb5c5534ca3a81c7de62f8

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Cache\f_000001

Filesize
766KB

MD5
471061756215fd1f387f076ac014303c

SHA1
d8397cb5900f52a5cad2416ed8ebf53caa1a3adc

SHA256
e6334dcf080aaeca679db70565762a2c296ff5780c1af263530ac7345736bfa9

SHA512
ba9d0f2deb2fcd77e75bfe8a9c6241da25c7eb9012d0374ccca8e9cd9cd1c9615efd5f3980166b0b3431c7e3e55ef013cbc37f0d53bd1e2411afb9363ceccb05

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
af0aca1e7ea87d1d3b8303349ee389aa

SHA1
19fc36f81a4191a93e180cc32bd29b3e07efeeec

SHA256
18cdb4ebb5530244be933b6d008119cd3fd54620ee0302820574cdc09952212b

SHA512
6e74c70b6bdd1ce93a769ca107bf46b291ac953e80457ca48727f5f64a5c8cdb9e2c314149e899fdf4754f1d585e0bda7d32003d4bb091e56067b20b54ad34d4

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
fb182e47f5cdfd7669a158296098566c

SHA1
f75d6dd38138d16b0457cf2d94ed2aa7aa26823e

SHA256
2aca190efa87cf6774c9c1ddf7d92d6429d568cb904f9c543a5a83b509906209

SHA512
bd6173e3002f0eb542163089100d17a08c73221ca17ad35dd76a375564b987cd1b797f898d36e2d4fafabde7391611c49442b995902680802afb1d5fe02ba5eb

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Dictionaries\es-ES-3-0.bdic

Filesize
766KB

MD5
471061756215fd1f387f076ac014303c

SHA1
d8397cb5900f52a5cad2416ed8ebf53caa1a3adc

SHA256
e6334dcf080aaeca679db70565762a2c296ff5780c1af263530ac7345736bfa9

SHA512
ba9d0f2deb2fcd77e75bfe8a9c6241da25c7eb9012d0374ccca8e9cd9cd1c9615efd5f3980166b0b3431c7e3e55ef013cbc37f0d53bd1e2411afb9363ceccb05

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\GPUCache\index

Filesize
256KB

MD5
a7525c3bcb8f126cba446eb27f059a6b

SHA1
6707c807c7059707a6c28e78ad0c14550c530daa

SHA256
c2f9ba3cdcd7ec4fcce9f938206cbb0f03e62ef20a1029a8a6d4e515bf90d16d

SHA512
39186e3a71ec74a5324d10a72dd704055d7fed1d6c018d23337db2bb2bf7646a1deb37c6e9afff028e140fe1804130719d37500975a94600080f517d75981eb6

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Network Persistent State

Filesize
859B

MD5
6f80a0470da3ac1c524a5f2f997bf092

SHA1
207318e8b4a19652357fec2e92b005ff2a437172

SHA256
2b00524a7e638d9bf22932733d8aaf49809ecc5f89362bcccd41c98dc2250d7b

SHA512
a24beabbab93d10c1cc2b7fab5c98468964ab20fbc85e1521b924d6bc9dadf2ad62b0fae9b1655280af485b63df9579e7334780214594f9324a459c12c7aea52

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Network Persistent State

Filesize
509B

MD5
56f04556465738ca0a5d3e3ed2abde9c

SHA1
6694407a49e9d34b47af92a1a10284e79ce35430

SHA256
cade104c15f1e8aab1f762a201dc32d55b6eecdffbc91aecb7e701ef81281b7d

SHA512
1d82d043de991fa546f8a02039e9aff1707e89e60a0b3ccf37f3dc8e23f6711831a2ea58776594d6cccb60f90693460cc5e175aabc6b11de72688d6271c78fd1

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Preferences

Filesize
57B

MD5
217c781be08416f5b6fa33aedf027293

SHA1
0e76955a55f31406fc64e3b136f1bb9214bc2d79

SHA256
3de8ead96083d18355eed62a5b8089a61f6c7f97ba3dba04cbefae364f0455b0

SHA512
964b588d2bb87d3e19924cf8a16f1c35807c45ccb41caa00be9dd4e34b9fdfa0625973828a9df1f5f56354f00bf13939e01798c40a8a7089c9aee4535e45b099

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Preferences

Filesize
57B

MD5
217c781be08416f5b6fa33aedf027293

SHA1
0e76955a55f31406fc64e3b136f1bb9214bc2d79

SHA256
3de8ead96083d18355eed62a5b8089a61f6c7f97ba3dba04cbefae364f0455b0

SHA512
964b588d2bb87d3e19924cf8a16f1c35807c45ccb41caa00be9dd4e34b9fdfa0625973828a9df1f5f56354f00bf13939e01798c40a8a7089c9aee4535e45b099

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\Preferences~RFe5739cd.TMP

Filesize
86B

MD5
8a9bbc2f833ed90104d3e81732369d1c

SHA1
488256a8361ef1496ad01a67dbf5eb4149aef667

SHA256
eccd0ffbf81c7646a3a23e4727206b08596cbc0c36597ddb13a8c6906ed89115

SHA512
ee423d4ceb3bfbd8a6d61cc48077e92c2f764d0135d58d07f2c742de9e936a86059d60c08998918fadb0e3e66eb25b3bdd49e4bb95e7a67dada71fc487a345ef

Download Submit
C:\Users\Admin\AppData\Roaming\lunarclient\TransportSecurity

Filesize
704B

MD5
fd04fe301b025cf4f750d89da6937c16

SHA1
c670383101453159da9ed97707de8119ac429d31

SHA256
4fc324b9535933a3a4d744ee0c1796c16d2e73f3ca4e06b0af631b93e9770597

SHA512
b025739fe96a0dd4ebab2116b1f78cde92f280f5e9adef35112a7e3a23959c29da497a22ab16553e0b02a79fe96f1c13152277dae072936bf119d71187d3bd9d

Download Submit
memory/1840-499-0x000001D2132D0000-0x000001D21336E000-memory.dmp

Filesize
632KB

Download
memory/1840-1432-0x000001D2132D0000-0x000001D21336E000-memory.dmp

Filesize
632KB

Download
memory/1840-5235-0x000001D2132D0000-0x000001D21336E000-memory.dmp

Filesize
632KB

Download
memory/1840-444-0x000001D2132D0000-0x000001D21336E000-memory.dmp

Filesize
632KB

Download
memory/1840-386-0x00007FFC32AA0000-0x00007FFC32AA1000-memory.dmp

Filesize
4KB

Download
memory/3444-4286-0x00000134DC8C0000-0x00000134DC95E000-memory.dmp

Filesize
632KB

Download
memory/3444-1460-0x00000134DC8C0000-0x00000134DC95E000-memory.dmp

Filesize
632KB

Download
memory/3444-521-0x00000134DC8C0000-0x00000134DC95E000-memory.dmp

Filesize
632KB

Download
memory/3444-5727-0x00000134DC8C0000-0x00000134DC95E000-memory.dmp

Filesize
632KB

Download
memory/3444-6356-0x00000134DC8C0000-0x00000134DC95E000-memory.dmp

Filesize
632KB

Download
memory/4988-1959-0x000002BA7D7A0000-0x000002BA7D7C0000-memory.dmp

Filesize
128KB

Download
memory/4988-1986-0x000002BA7DB70000-0x000002BA7DB90000-memory.dmp

Filesize
128KB

Download
memory/4988-1974-0x000002BA7D760000-0x000002BA7D780000-memory.dmp

Filesize
128KB

Download