lumma | fde613b34e4eb82ba36bc421fb6e5028ab6fc8dbdb65bd2c3b7690e3b323fc47

Analysis

max time kernel
144s
max time network
132s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/06/2023, 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CosmoNaut-Setup-1.0.2.exe
Size

28.1MB
MD5

16ab7bbb5ae198e55caa68cb07114c79
SHA1

c6374b9b0ed88adfa98670707c233bbd2010a55e
SHA256

fde613b34e4eb82ba36bc421fb6e5028ab6fc8dbdb65bd2c3b7690e3b323fc47
SHA512

48a747fb9ce19a19e018281d4fb5b1e8f8cdcc882033470c1c7b0f52b3b36c18bbce2c0bfcbb185ac16cb0bbb34f7a9d8fd0a37866f527af47224ec23548b5ec
SSDEEP

786432:8Hjz1S1+UgarmFtLvkVGWz4NGLq0d6tApk:cO+0456sNGmS6kk

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	CosmoNaut.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	CosmoNaut.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\CosmoNaut\resources	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\chrome_200_percent.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\bn.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\cs.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\ro.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\sl.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\zh-TW.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\LICENSES.chromium.html	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\es.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\it.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\sk.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\sl.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\tr.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\resources\elevate.exe	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\bn.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\es-419.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\it.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\v8_context_snapshot.bin	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\swiftshader	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\swiftshader\libEGL.dll	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\de.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\de.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\hi.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\ml.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\uk.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\ja.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\resources.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\en-US.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\es-419.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\el.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\ja.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\ms.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\snapshot_blob.bin	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\LICENSE.electron.txt	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\gu.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\sw.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\th.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\zh-TW.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\id.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\resources\app-update.yml	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\sv.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\icudtl.dat	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\fi.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\fil.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\hi.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\lv.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\mr.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\pt-BR.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\sv.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\zh-CN.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\am.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\pl.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\ko.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\mr.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\ru.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\sk.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\ffmpeg.dll	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\chrome_200_percent.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\ca.pak	CosmoNaut-Setup-1.0.6.exe
File opened for modification	C:\Program Files (x86)\CosmoNaut\locales\da.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\locales\vi.pak	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\libEGL.dll	CosmoNaut-Setup-1.0.6.exe
File created	C:\Program Files (x86)\CosmoNaut\swiftshader\libGLESv2.dll	CosmoNaut-Setup-1.0.6.exe

Executes dropped EXE 23 IoCs

pid	Process
2036	CosmoNaut.exe
884	CosmoNaut.exe
1160	CosmoNaut.exe
268	CosmoNaut.exe
1496	CosmoNaut.exe
936	CosmoNaut.exe
1388	CosmoNaut.exe
1584	CosmoNaut.exe
1156	CosmoNaut.exe
1184	CosmoNaut.exe
284	CosmoNaut.exe
1572	CosmoNaut.exe
648	CosmoNaut.exe
848	CosmoNaut.exe
1308	CosmoNaut.exe
1184	CosmoNaut.exe
1408	CosmoNaut.exe
2016	CosmoNaut-Setup-1.0.6.exe
1480	old-uninstaller.exe
868	CosmoNaut.exe
1628	CosmoNaut.exe
1028	CosmoNaut.exe
512	CosmoNaut.exe

Loads dropped DLL 64 IoCs

pid	Process
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
2036	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
884	CosmoNaut.exe
1160	CosmoNaut.exe
1160	CosmoNaut.exe
1160	CosmoNaut.exe
1160	CosmoNaut.exe
1160	CosmoNaut.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\ = "URL:cosmonaut"	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\shell\open\command	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\shell	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\URL Protocol	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\shell\open\command	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut	CosmoNaut.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\shell\open	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\cosmonaut\\CosmoNaut.exe\" \"%1\""	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\ = "URL:cosmonaut"	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\shell\open\command\ = "\"C:\\Program Files (x86)\\CosmoNaut\\CosmoNaut.exe\" \"%1\""	CosmoNaut.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\cosmonaut\URL Protocol	CosmoNaut.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2044	CosmoNaut-Setup-1.0.2.exe
2036	CosmoNaut.exe
2016	CosmoNaut-Setup-1.0.6.exe
2016	CosmoNaut-Setup-1.0.6.exe
2016	CosmoNaut-Setup-1.0.6.exe
1028	CosmoNaut.exe
512	CosmoNaut.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2044	CosmoNaut-Setup-1.0.2.exe
Token: SeSecurityPrivilege	2016	CosmoNaut-Setup-1.0.6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 884	2036	CosmoNaut.exe	30
PID 2036 wrote to memory of 884	2036	CosmoNaut.exe	30
PID 2036 wrote to memory of 884	2036	CosmoNaut.exe	30
PID 2036 wrote to memory of 884	2036	CosmoNaut.exe	30
PID 2036 wrote to memory of 1160	2036	CosmoNaut.exe	31
PID 2036 wrote to memory of 1160	2036	CosmoNaut.exe	31
PID 2036 wrote to memory of 1160	2036	CosmoNaut.exe	31
PID 2036 wrote to memory of 1160	2036	CosmoNaut.exe	31
PID 2036 wrote to memory of 268	2036	CosmoNaut.exe	32
PID 2036 wrote to memory of 268	2036	CosmoNaut.exe	32
PID 2036 wrote to memory of 268	2036	CosmoNaut.exe	32
PID 2036 wrote to memory of 268	2036	CosmoNaut.exe	32
PID 2036 wrote to memory of 1496	2036	CosmoNaut.exe	33
PID 2036 wrote to memory of 1496	2036	CosmoNaut.exe	33
PID 2036 wrote to memory of 1496	2036	CosmoNaut.exe	33
PID 2036 wrote to memory of 1496	2036	CosmoNaut.exe	33
PID 2036 wrote to memory of 936	2036	CosmoNaut.exe	34
PID 2036 wrote to memory of 936	2036	CosmoNaut.exe	34
PID 2036 wrote to memory of 936	2036	CosmoNaut.exe	34
PID 2036 wrote to memory of 936	2036	CosmoNaut.exe	34
PID 2036 wrote to memory of 1388	2036	CosmoNaut.exe	35
PID 2036 wrote to memory of 1388	2036	CosmoNaut.exe	35
PID 2036 wrote to memory of 1388	2036	CosmoNaut.exe	35
PID 2036 wrote to memory of 1388	2036	CosmoNaut.exe	35
PID 2036 wrote to memory of 1584	2036	CosmoNaut.exe	36
PID 2036 wrote to memory of 1584	2036	CosmoNaut.exe	36
PID 2036 wrote to memory of 1584	2036	CosmoNaut.exe	36
PID 2036 wrote to memory of 1584	2036	CosmoNaut.exe	36
PID 2036 wrote to memory of 1156	2036	CosmoNaut.exe	37
PID 2036 wrote to memory of 1156	2036	CosmoNaut.exe	37
PID 2036 wrote to memory of 1156	2036	CosmoNaut.exe	37
PID 2036 wrote to memory of 1156	2036	CosmoNaut.exe	37
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	38
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	38
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	38
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	38
PID 2036 wrote to memory of 284	2036	CosmoNaut.exe	39
PID 2036 wrote to memory of 284	2036	CosmoNaut.exe	39
PID 2036 wrote to memory of 284	2036	CosmoNaut.exe	39
PID 2036 wrote to memory of 284	2036	CosmoNaut.exe	39
PID 2036 wrote to memory of 1572	2036	CosmoNaut.exe	40
PID 2036 wrote to memory of 1572	2036	CosmoNaut.exe	40
PID 2036 wrote to memory of 1572	2036	CosmoNaut.exe	40
PID 2036 wrote to memory of 1572	2036	CosmoNaut.exe	40
PID 2036 wrote to memory of 648	2036	CosmoNaut.exe	41
PID 2036 wrote to memory of 648	2036	CosmoNaut.exe	41
PID 2036 wrote to memory of 648	2036	CosmoNaut.exe	41
PID 2036 wrote to memory of 648	2036	CosmoNaut.exe	41
PID 2036 wrote to memory of 848	2036	CosmoNaut.exe	42
PID 2036 wrote to memory of 848	2036	CosmoNaut.exe	42
PID 2036 wrote to memory of 848	2036	CosmoNaut.exe	42
PID 2036 wrote to memory of 848	2036	CosmoNaut.exe	42
PID 2036 wrote to memory of 1308	2036	CosmoNaut.exe	43
PID 2036 wrote to memory of 1308	2036	CosmoNaut.exe	43
PID 2036 wrote to memory of 1308	2036	CosmoNaut.exe	43
PID 2036 wrote to memory of 1308	2036	CosmoNaut.exe	43
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	44
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	44
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	44
PID 2036 wrote to memory of 1184	2036	CosmoNaut.exe	44
PID 2036 wrote to memory of 1408	2036	CosmoNaut.exe	45
PID 2036 wrote to memory of 1408	2036	CosmoNaut.exe	45
PID 2036 wrote to memory of 1408	2036	CosmoNaut.exe	45
PID 2036 wrote to memory of 1408	2036	CosmoNaut.exe	45

C:\Users\Admin\AppData\Local\Temp\CosmoNaut-Setup-1.0.2.exe
"C:\Users\Admin\AppData\Local\Temp\CosmoNaut-Setup-1.0.2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2044

C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
"C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=179CAC4C4DC0DA8482E72F701E3B9153 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=179CAC4C4DC0DA8482E72F701E3B9153 --renderer-client-id=3 --mojo-platform-channel-handle=1440 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:884
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=063BA29C4C8EBE3A42E6BEC84E98AD13 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=063BA29C4C8EBE3A42E6BEC84E98AD13 --renderer-client-id=4 --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1160
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=D9D7EF78628EA95340F258518472C37E --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=D9D7EF78628EA95340F258518472C37E --renderer-client-id=5 --mojo-platform-channel-handle=1428 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=AC0942915AE3EECAF348241698E44464 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=AC0942915AE3EECAF348241698E44464 --renderer-client-id=6 --mojo-platform-channel-handle=2416 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=8E1B831980F3098C521EA3BC00671D63 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=8E1B831980F3098C521EA3BC00671D63 --renderer-client-id=7 --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=DAE09D1C3A457F4CE45E3D8946BB6101 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=DAE09D1C3A457F4CE45E3D8946BB6101 --renderer-client-id=8 --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=2B182EFAD436AF357E257143AFA83019 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=2B182EFAD436AF357E257143AFA83019 --renderer-client-id=9 --mojo-platform-channel-handle=1536 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=70915EFA79287F59BF16C443154F54ED --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=70915EFA79287F59BF16C443154F54ED --renderer-client-id=10 --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=27EE71212877182CD7FD21DD22E2A3B3 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=27EE71212877182CD7FD21DD22E2A3B3 --renderer-client-id=11 --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=D00F4923934D83E241AA81B2D53EB6E3 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=D00F4923934D83E241AA81B2D53EB6E3 --renderer-client-id=12 --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=D9D1C706CEE480CE6B7F78A934877C72 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=D9D1C706CEE480CE6B7F78A934877C72 --renderer-client-id=13 --mojo-platform-channel-handle=1620 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=EA6F8C3C411E23A90EB589F11A0B36CD --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=EA6F8C3C411E23A90EB589F11A0B36CD --renderer-client-id=14 --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=7CB955CDEAA27611C3F8955FB5C8143A --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=7CB955CDEAA27611C3F8955FB5C8143A --renderer-client-id=15 --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=1C9AC3AFBD5360DB10AECB86B98D8C83 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=1C9AC3AFBD5360DB10AECB86B98D8C83 --renderer-client-id=16 --mojo-platform-channel-handle=2428 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=AD34E7A4DFE687AEB4F9AAA37D97A4C5 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=AD34E7A4DFE687AEB4F9AAA37D97A4C5 --renderer-client-id=17 --mojo-platform-channel-handle=1500 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe
  "C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe" --type=renderer --no-sandbox --primordial-pipe-token=6DFFB1D202E274BFEA40FA25492EE7D0 --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-vp8-encoding --disable-gpu-compositing --service-request-channel-token=6DFFB1D202E274BFEA40FA25492EE7D0 --renderer-client-id=18 --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Users\Admin\AppData\Local\Temp\up-ehliaa\CosmoNaut-Setup-1.0.6.exe
  C:\Users\Admin\AppData\Local\Temp\up-ehliaa\CosmoNaut-Setup-1.0.6.exe --updated
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\nsjE948.tmp\old-uninstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsjE948.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --updated _?=C:\Users\Admin\AppData\Local\Programs\cosmonaut
    3⤵
    - Executes dropped EXE
    PID:1480

C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
"C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --updated
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
PID:868
- C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
  "C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --type=gpu-process --field-trial-handle=1144,5357964696455218093,16521416616603845277,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAACgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --use-gl=swiftshader-webgl --service-request-channel-token=10397860275314865142 --mojo-platform-channel-handle=1152 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
  "C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --type=renderer --field-trial-handle=1144,5357964696455218093,16521416616603845277,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files (x86)\CosmoNaut\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#fff --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2849502137983685334 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1528 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe
  "C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe" --type=gpu-process --field-trial-handle=1144,5357964696455218093,16521416616603845277,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=IAAAAAAAAADgAACgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --use-gl=swiftshader-webgl --service-request-channel-token=17962959808437464852 --mojo-platform-channel-handle=1624 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:512

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\CosmoNaut\CosmoNaut.exe

Filesize
82.4MB

MD5
c6605cf8e132000fbf1f5d808dc5f9b6

SHA1
a45061a7cc1d4208a54c48c429c66105936eca2c

SHA256
119d4649dd3ad1f225251624120839d48e8df11c24c17c5a492871d92c5ae9a4

SHA512
9b350b22d53be33ba99adbc26e3b711357979c0079b59b003ea7db864f0cb3a0320551edd6649237a41423c4fbe47c94f2a035ee144af240d13667d2fbe9b112

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe

Filesize
54.0MB

MD5
b5f605b5ef0cb6dd1816b39f2f6bc5d0

SHA1
ce3a1c0408c4f17ecb2b397f2c0d9272dd656183

SHA256
02297e1b4bc609385f2507b52779b24030a55391571bfc290838813c4750403f

SHA512
d15b0c3e643d63006366bd72f0fd887ce9acd9895153e449041567d81acf054eab083a4477e4103588849eeacfb91a691fe9d720f21e5ae9d6a58bba1540a17b

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe

Filesize
54.0MB

MD5
b5f605b5ef0cb6dd1816b39f2f6bc5d0

SHA1
ce3a1c0408c4f17ecb2b397f2c0d9272dd656183

SHA256
02297e1b4bc609385f2507b52779b24030a55391571bfc290838813c4750403f

SHA512
d15b0c3e643d63006366bd72f0fd887ce9acd9895153e449041567d81acf054eab083a4477e4103588849eeacfb91a691fe9d720f21e5ae9d6a58bba1540a17b

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\MSVCP140.dll

Filesize
429KB

MD5
d25c3ff7a4cbbffc7c9fff4f659051ce

SHA1
02fe8d84d7f74c2721ff47d72a6916028c8f2e8a

SHA256
9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5

SHA512
945fe55b43326c95f1eee643d46a53b69a463a88bd149f90e9e193d71b84f4875455d37fd4f06c1307bb2cdbe99c1f6e18cb33c0b8679cd11fea820d7e728065

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\VCRUNTIME140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
eb9161fd0b8137d2c43bbe7c646c8e3c

SHA1
f41e6e7302b4bde1281f583a5c4fd5fe7b03f2e3

SHA256
9e4f1d09a2471ff46b5bb2d9fddb0bc04143398d14341d11423a7589796413f7

SHA512
f733062e46f46dbe85a21868ae0e5304e13c645c26e57d0cba905bcd23c872b68f07a9813b4f55fcddcf67475d649d5833d893b27d1ff3756d3f4deea0bdc785

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
a9b1331617f9913210d4dfde195d6929

SHA1
6587bf0b9b89f212ee0e211ca55bbce376fa7841

SHA256
efb33877982c3d8001cf752b50bfd1e422327c274bdd1c843d762f629307f95a

SHA512
eafe8157c510073349cfddecef6a713235b21a2c5f804a0e05f8cc2d1f1c82d9325c02c395448e029e5836df72aa62c9026e93e9b5057a615a94eb0f95ff7a00

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
755b7023ed998486d9029f56c52cdd74

SHA1
dbe7f8bad220e3d000b0abd18e4b36697f96e6e0

SHA256
08a74c3c146bfddd7236c63e83e5cfb98ebe4595155a8954b50d1f0e60067521

SHA512
3590531682857e93c8a911e9b9d04f34fe5e49bc78a29804cf0c1cc974dc523c6d695837fb0db6ee6d1c6093acdadff3b19768e751e9c7dbdda232c95cdbd798

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
e7e679dfd5704fb3bbae35b1675f66d9

SHA1
2c0cc9796dd06a69b6c0e0dc4a75a93aeb294b92

SHA256
057b0483fee48563e78ff5a4ce27db03b65189d8a9cb16b4e0d9ccdeab769c81

SHA512
5393964b1dd842fe6be7346a57ecea8cd7460f5fa4596137b1a2b6ddf71ddcff5e6584f3199d0aad3b3c3c234d4cdb7a4c63a2e7954fd30b7b02f415edd64855

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
154a0b0e4df921852b403f9c3710ebe0

SHA1
e6cb14f232a85609931704b006bd3950baf0a874

SHA256
58c9475a169eecbef8a404a73fda8c4f57282e66e74ba19a1f5c081e9cee7207

SHA512
a325bdb2ac6f854251aa742fcfa771769c3e8843bdd2bf8acf6be170c419f8a65473c2e3b9b149aa61f6452b39749e171fe5945b9d601c356c254cd18deb4754

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-timezone-l1-1-0.dll

Filesize
17KB

MD5
17c1f6b7e224239a45df2760ad534aa6

SHA1
340d78bb270139ec7b771b8cef0da92639750cea

SHA256
0b015be1efc6d20e6ad2a83704c2efdaaf3738bbeb145bc663a098345f38c82c

SHA512
16aa3356c771593c314f922004b69386afd207f5de5466e5dc04fbdc8e10beb28df4b7421ee8abd9024083b55abbbfba54bd4b60b07abde9f25e3332bddc71c7

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-conio-l1-1-0.dll

Filesize
18KB

MD5
ead443b805f5dfddf6b384b214b28ddb

SHA1
8a82e3603936a6623514d0e707fcb48a5933c0ce

SHA256
2da15eb964ab1e82d5eca744aa1636eb667315f3ef84e365ce556ab8758c3550

SHA512
49fe8c2602c29d8652b85e46fd178c78615dcba756a9a7b69ec9248716193db747c60521b94da1e50f009f7824c487e5fb1772b9d171f82c6f329e19c0821080

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
5760bec3a8c82192d724254b80997b83

SHA1
9638cbe7c220dd8ed432104c20fb9dbffbf3e35c

SHA256
ba51a438d47331deef6178345b235e768a4e648d43fd44e28b95e7292cd4f04c

SHA512
56892e8b9d1e34210821b41defaa60e9d1d0014cf827a0ab358bfdea29e95dd5d82565ecd8d81aaef2b93f2b30aef7b1898691adc0660278e5c9047da33ff070

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
a8b527fa19da868dde67c429398addc0

SHA1
7ca13408565890f1f96ce838c818f2fe4b8b5a7c

SHA256
1f62695f9fb0fc6feca4283bb4be26eeea1c5f10368ad51c8a5d910d3e105188

SHA512
18c9a578baa8cac20f0610c0939fe69638b00de09e9ceba72da4801277c64eab1c7ae12da63e087bfe2361b4454229a7c68983d0d30f82fc4e82aa2bf23e33f2

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
2ab82a2368023085ffb3e2c4df1483d3

SHA1
5c7204631683653644771354b4282c63c994dad8

SHA256
9480bb7257c40483e6cb6433cdd90871d55912bdbcfb87f33c11d7401f50f94a

SHA512
96f1ae8252d353297517b9459a359fc617d1065aafefa1532df44cb7781a2c16d5e1429fad3330efddd874a0b00592146b2582cd9d9d918bbedf97823d4825a2

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
4bce918c3f34c152ea99591b7501c932

SHA1
b83e00bdbc78af04146e267a98bccb1597902203

SHA256
ed8b2def856e4effce4856efcc7f3c35fb7e3428287ba8851cde2da8df1d1c58

SHA512
463d73d57ca18c91e401b0293f78286d1d3221775f4a2ea3ee3e59137697bede9327f32b0335e4275626f1b31030543e6abd48988a1f976ec1dd3cbc1b680a9c

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
53d8e61ba651a14e136c3ac3d30dfb35

SHA1
a470dbd794d0a3a23d01f13d146e8cef8dec6886

SHA256
37489d3f078513ecccb7bfb9f18ec1338d011b91ad091085ad1db02f633a23bf

SHA512
2be10659f627bf456d0e75bfe58f2306141841e6ee2d38a742c2e9f4282122075de42a882639643fda9957026efcb0e6dfc00995c911515fae94690923a9bfc8

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
6db484b0d207fd72b5db5ca490bd4ca5

SHA1
8b7a5bb7ce4007b26545fd22902048e05a646446

SHA256
1d8e2b59452b927cc3e0f75b2d5277b667a503c53507fdac11d3d8b44986080d

SHA512
9419ce9148f7c6a473412036bcbca9672f47390295e8a84858f50556c22b66a7385bcee089715ecd7ff1cf5c59257717a75444bee1a4d3e4332326bbc407e0fa

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
55ce323ccbc72920750d305c0b2a09c4

SHA1
8c51f65875cce5c049078fe0209a9a9d1cb98031

SHA256
86cc087d197b1243413c0963b6f132648489fe26a4a11a7a77163744810e9165

SHA512
b760a985f6fc895ccb0d9e0d99d4215cbc90f5d85dfcf46d96dc727c3e5ccea424d8b04c21fae8e2f32127bb6b4e1d63b3ac43bd21b22859d3c6941c8052afa9

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
8c137389afccacccbe5864fba3464f48

SHA1
fb99931a34143b93e5e7a72166af830bbb389157

SHA256
8afdaf1c630aecb97ab5625ac8483664643c526bd705decfae0daaf2481f0a81

SHA512
4723f709483bc62b4200a5e5cc48c8af77994b0d06d0dfa3737ad40cb20099db4bcdf69edfaab7f315e1cdf47866feb473bb4f1d26b25f5823f1a2ea2e1a04cd

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
549f6735f986e1ddc0c85a3502052fec

SHA1
4cf90329f18993c0982cacc1d718e0308176971b

SHA256
8824840d84f561d2b46d13f30484683c36328850a596f1e2ee48bca2e7de2d30

SHA512
51ff305d59e2d1a365095406e9f56b28e57cd95ac36955d93a8f2d6b3dd3d474b30643cf527a67760c540e83517aee2f743214c931cf5e58bc79ae016a47b64f

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-string-l1-1-0.dll

Filesize
23KB

MD5
8f0cb5ca0c982efcec40241f81f9cc11

SHA1
3af0fc542fe2d63ea5acd117e91de134fed3b5ef

SHA256
6147eb7e5bd6ac004301350ef4b168e552b82e301e14dcf3b10df88d833dc1be

SHA512
e6c9ef79f472bd2ae555a9efb606176674d22fb7bb359f268bc0b572382af0336694171a3ec4f5cc986f2eeae63bc0804198715d0494a6c7d58c4160e6e9b966

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
b3f20781c32907a02b16c8e8e2a32e74

SHA1
615e9a72372c69583d0c53e461554eae1368d34a

SHA256
dc7f41906edf362829b5e9157ba0c1da73ce32f95b4cb468cce96521c4c4ac8c

SHA512
f928a79699af5b89d674daf8915c7321feebdd0ba30f611228a88c9781ce2da3c99a724cc8385fe721556126871522b53d149118f747749e665a0754fbdfe15e

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
ead03b9a61a23ff6275ca364a1c6536f

SHA1
4221be864a141079699e80b6b121beb08d20c3c0

SHA256
dd0d05feadf990eaa82d691be1990a2bd2ebe7f9874880d1871760dc15d9b3c1

SHA512
e8b238bff471d06439e170e90af93251818f434ca56491494ee2d9684a1837825f2b169f9dc73201c5563dc7500c2438a6081de56dd1a0b0cab25c9382d6bfc5

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\ffmpeg.dll

Filesize
1.6MB

MD5
d9bf7995b2f465774331f4b81159b073

SHA1
1bfc5919a04469bf6a263005e7b7f20b9b2db74e

SHA256
a1a7d37b5175b365c9736e67319857ad52ff4e53a38eb4cbbddb0e4e1fb8e749

SHA512
bccf5dae4b12aebb858719828747ac9d6c4ba591e53cf61363e7254a447a0b4039747943283cd6f2b756d134a6fae3bbad5b5b763a0ac5dc37fa7dd60624fd73

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\icudtl.dat

Filesize
9.7MB

MD5
bc7f54e4df91c9137dced27976228b66

SHA1
fe532df1de6dd6f9971227b48f8856e07ae0883d

SHA256
51b93e0bc7e6d697ccc29703e2ebc9210c231c931fe764c372e5ba0d26098d3b

SHA512
8fe03a5b65236c90af171f68e911ff307d40f249120ea1c2324e8a7ccf4061ce6ce6dfe66bc957e76bfa7e5161aaa005f40b9be95dc6481df46f25fbae41e14b

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\natives_blob.bin

Filesize
256KB

MD5
2f3295417175b37822bf3106b33fab6e

SHA1
45c1db70ce3062aae85069629519e61bac6cf5d2

SHA256
63ca83faf83e5c47f9ea5915961aeb171b740fe4d4d10c18581c867567fc2e99

SHA512
30f1de45805f387684a17922aaa91596ce8874dc49d9faa251b0d72bd2c55f91be1d3e3bd74a00933869ddd79e1d36ba03a12db41b2a2875b219bc8e91a98255

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\node.dll

Filesize
13.7MB

MD5
24922306e880dcf4ff18224134ea4f4c

SHA1
2c41581098a10eb8130a037b908e22f4323d5e7e

SHA256
b204d42ec01e6a391af66aa33de340db5c8e861d7b9034671603e101dc6fd05d

SHA512
18924eb7494d6bad314ab0979dc74f9ebf6447430bb602b03cd8a57ade344c938d6c66f255df2bc687ff357fab92ed0c69a77d97b2a03d24fbd52992a5c2130f

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\resources\electron.asar

Filesize
232KB

MD5
c5dc1d9f15c08edbc471b91c9cd623ed

SHA1
73d05257bacae6f7ed0b8e0707d5e6544e7a1c5a

SHA256
2c16af93461416fb4e645fc32d52f997c89da8531856136fcbb506e45ceabf8f

SHA512
37ca8c900acf7b6573efca2dae95c4dda37139f095c83d6ca8bccb4e430ce4763a0e2d8dff3bfe1d0867bf4f978c4fcfb6d749632996526f83d288f7f566cb88

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\snapshot_blob.bin

Filesize
1.0MB

MD5
941cedba2d39794543c2453b1b27cd7c

SHA1
bb3ebc9fffaaf6ed295e59220f537cb634f49c42

SHA256
8d569dc66bed9ec53cf7b81f0ed3ecd9f89dae619c192bb5a99448726a158809

SHA512
600bc1fdcd10db82380b52b49ecfb637826912a0f58446ec4e0acb62cd95f16f2191c253b817c9ebe30a7c384cc8d9bfc517745320a02b332695f3b407dcd88f

Download Submit
C:\Users\Admin\AppData\Local\Programs\cosmonaut\ucrtbase.DLL

Filesize
895KB

MD5
f0270079e98f80cd59ee4c45fe9c7697

SHA1
9faf9ca18036c83d83d1c2c3107c4d285381049f

SHA256
94952e907781c68d22294fc38d3463a86bbacf285d637eeb1889f7cf41c69129

SHA512
1995d1fabc38f078af3fadcc054080be9d2587123100dfb830df0040061a2a68cde43e582e1e7b45d849b1d2c65c733ac6a0aad02ef736389a9c344ed68088d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjE948.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjE948.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjE948.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjE948.tmp\old-uninstaller.exe

Filesize
487KB

MD5
24a8e43de3a36a1bc1d3df07f212029c

SHA1
963dba334c4f575d008fbf82cdb20e06ce04b02b

SHA256
2dd87363e1e6fffdee8dde25fcccdeeef1fc86c14267fc5152786523a566ce22

SHA512
11e04ebaf8871cde8ce090a5b9a2d40ddf7e29f04c364011374feff383465730562fd18f6bdfe573c4f306da195d836fbe8b782a2254fb911f5437b9c2bc001f

Download Submit
C:\Users\Admin\AppData\Local\cosmonaut-updater\installer.exe

Filesize
40.5MB

MD5
60026bb854a90bef766663131c31752b

SHA1
83f28ff153792a5a6a5a106d9e00d60206e02bcf

SHA256
0e1cac2bfcf02f45079fa3463d3aedc2cf7260c355c048d2968a9b9a62ee397d

SHA512
bb4dfe7ecc8e15dcbefb1373aca007dbefd0d9532dacac8812e11a3d2fe86912965aaa4f6ea13d11ab751208c6e849cbdc556736e2aecfb704a3b9bb2bdf8542

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
126039c319bf10ad6d7d9d6f9b5e0bbf

SHA1
3eece1d8917097cce99313d30d1951d15d79f31a

SHA256
692d7ccf84b6626be7ed729e36d5b35db9e4c12b24dd17609f241e83e9d4ddb9

SHA512
406ac00ce743f7a1908bba5affef6304cf27ae609866629148d50f68e2b716bc2104ea6c930cea551d07bef4bc9729e45ad54a7cab5d5b07f29fb1cd63e0b541

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Network Persistent State

Filesize
342B

MD5
a34b0e2514bf021b42ef7b753c49e14a

SHA1
00e04553f5c6727c29b3f7f96273313163f60929

SHA256
95553f16dcefde53c23161785ce2c017160407b69b5c82c721f8fd50a3a7aafe

SHA512
f3c4819e076ea7ebeb96b54413fac63e6fb9db8a7d94d3211e801cd69b8deef3864206e434fbd96df9a92ee75927cbef465e39c7fff7e009e74d21291e376b5f

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\CosmoNaut\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe

Filesize
54.0MB

MD5
b5f605b5ef0cb6dd1816b39f2f6bc5d0

SHA1
ce3a1c0408c4f17ecb2b397f2c0d9272dd656183

SHA256
02297e1b4bc609385f2507b52779b24030a55391571bfc290838813c4750403f

SHA512
d15b0c3e643d63006366bd72f0fd887ce9acd9895153e449041567d81acf054eab083a4477e4103588849eeacfb91a691fe9d720f21e5ae9d6a58bba1540a17b

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe

Filesize
54.0MB

MD5
b5f605b5ef0cb6dd1816b39f2f6bc5d0

SHA1
ce3a1c0408c4f17ecb2b397f2c0d9272dd656183

SHA256
02297e1b4bc609385f2507b52779b24030a55391571bfc290838813c4750403f

SHA512
d15b0c3e643d63006366bd72f0fd887ce9acd9895153e449041567d81acf054eab083a4477e4103588849eeacfb91a691fe9d720f21e5ae9d6a58bba1540a17b

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe

Filesize
54.0MB

MD5
b5f605b5ef0cb6dd1816b39f2f6bc5d0

SHA1
ce3a1c0408c4f17ecb2b397f2c0d9272dd656183

SHA256
02297e1b4bc609385f2507b52779b24030a55391571bfc290838813c4750403f

SHA512
d15b0c3e643d63006366bd72f0fd887ce9acd9895153e449041567d81acf054eab083a4477e4103588849eeacfb91a691fe9d720f21e5ae9d6a58bba1540a17b

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\CosmoNaut.exe

Filesize
54.0MB

MD5
b5f605b5ef0cb6dd1816b39f2f6bc5d0

SHA1
ce3a1c0408c4f17ecb2b397f2c0d9272dd656183

SHA256
02297e1b4bc609385f2507b52779b24030a55391571bfc290838813c4750403f

SHA512
d15b0c3e643d63006366bd72f0fd887ce9acd9895153e449041567d81acf054eab083a4477e4103588849eeacfb91a691fe9d720f21e5ae9d6a58bba1540a17b

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
eb9161fd0b8137d2c43bbe7c646c8e3c

SHA1
f41e6e7302b4bde1281f583a5c4fd5fe7b03f2e3

SHA256
9e4f1d09a2471ff46b5bb2d9fddb0bc04143398d14341d11423a7589796413f7

SHA512
f733062e46f46dbe85a21868ae0e5304e13c645c26e57d0cba905bcd23c872b68f07a9813b4f55fcddcf67475d649d5833d893b27d1ff3756d3f4deea0bdc785

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
a9b1331617f9913210d4dfde195d6929

SHA1
6587bf0b9b89f212ee0e211ca55bbce376fa7841

SHA256
efb33877982c3d8001cf752b50bfd1e422327c274bdd1c843d762f629307f95a

SHA512
eafe8157c510073349cfddecef6a713235b21a2c5f804a0e05f8cc2d1f1c82d9325c02c395448e029e5836df72aa62c9026e93e9b5057a615a94eb0f95ff7a00

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
755b7023ed998486d9029f56c52cdd74

SHA1
dbe7f8bad220e3d000b0abd18e4b36697f96e6e0

SHA256
08a74c3c146bfddd7236c63e83e5cfb98ebe4595155a8954b50d1f0e60067521

SHA512
3590531682857e93c8a911e9b9d04f34fe5e49bc78a29804cf0c1cc974dc523c6d695837fb0db6ee6d1c6093acdadff3b19768e751e9c7dbdda232c95cdbd798

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
e7e679dfd5704fb3bbae35b1675f66d9

SHA1
2c0cc9796dd06a69b6c0e0dc4a75a93aeb294b92

SHA256
057b0483fee48563e78ff5a4ce27db03b65189d8a9cb16b4e0d9ccdeab769c81

SHA512
5393964b1dd842fe6be7346a57ecea8cd7460f5fa4596137b1a2b6ddf71ddcff5e6584f3199d0aad3b3c3c234d4cdb7a4c63a2e7954fd30b7b02f415edd64855

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
154a0b0e4df921852b403f9c3710ebe0

SHA1
e6cb14f232a85609931704b006bd3950baf0a874

SHA256
58c9475a169eecbef8a404a73fda8c4f57282e66e74ba19a1f5c081e9cee7207

SHA512
a325bdb2ac6f854251aa742fcfa771769c3e8843bdd2bf8acf6be170c419f8a65473c2e3b9b149aa61f6452b39749e171fe5945b9d601c356c254cd18deb4754

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-core-timezone-l1-1-0.dll

Filesize
17KB

MD5
17c1f6b7e224239a45df2760ad534aa6

SHA1
340d78bb270139ec7b771b8cef0da92639750cea

SHA256
0b015be1efc6d20e6ad2a83704c2efdaaf3738bbeb145bc663a098345f38c82c

SHA512
16aa3356c771593c314f922004b69386afd207f5de5466e5dc04fbdc8e10beb28df4b7421ee8abd9024083b55abbbfba54bd4b60b07abde9f25e3332bddc71c7

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-conio-l1-1-0.dll

Filesize
18KB

MD5
ead443b805f5dfddf6b384b214b28ddb

SHA1
8a82e3603936a6623514d0e707fcb48a5933c0ce

SHA256
2da15eb964ab1e82d5eca744aa1636eb667315f3ef84e365ce556ab8758c3550

SHA512
49fe8c2602c29d8652b85e46fd178c78615dcba756a9a7b69ec9248716193db747c60521b94da1e50f009f7824c487e5fb1772b9d171f82c6f329e19c0821080

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
5760bec3a8c82192d724254b80997b83

SHA1
9638cbe7c220dd8ed432104c20fb9dbffbf3e35c

SHA256
ba51a438d47331deef6178345b235e768a4e648d43fd44e28b95e7292cd4f04c

SHA512
56892e8b9d1e34210821b41defaa60e9d1d0014cf827a0ab358bfdea29e95dd5d82565ecd8d81aaef2b93f2b30aef7b1898691adc0660278e5c9047da33ff070

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
a8b527fa19da868dde67c429398addc0

SHA1
7ca13408565890f1f96ce838c818f2fe4b8b5a7c

SHA256
1f62695f9fb0fc6feca4283bb4be26eeea1c5f10368ad51c8a5d910d3e105188

SHA512
18c9a578baa8cac20f0610c0939fe69638b00de09e9ceba72da4801277c64eab1c7ae12da63e087bfe2361b4454229a7c68983d0d30f82fc4e82aa2bf23e33f2

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
2ab82a2368023085ffb3e2c4df1483d3

SHA1
5c7204631683653644771354b4282c63c994dad8

SHA256
9480bb7257c40483e6cb6433cdd90871d55912bdbcfb87f33c11d7401f50f94a

SHA512
96f1ae8252d353297517b9459a359fc617d1065aafefa1532df44cb7781a2c16d5e1429fad3330efddd874a0b00592146b2582cd9d9d918bbedf97823d4825a2

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
4bce918c3f34c152ea99591b7501c932

SHA1
b83e00bdbc78af04146e267a98bccb1597902203

SHA256
ed8b2def856e4effce4856efcc7f3c35fb7e3428287ba8851cde2da8df1d1c58

SHA512
463d73d57ca18c91e401b0293f78286d1d3221775f4a2ea3ee3e59137697bede9327f32b0335e4275626f1b31030543e6abd48988a1f976ec1dd3cbc1b680a9c

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
53d8e61ba651a14e136c3ac3d30dfb35

SHA1
a470dbd794d0a3a23d01f13d146e8cef8dec6886

SHA256
37489d3f078513ecccb7bfb9f18ec1338d011b91ad091085ad1db02f633a23bf

SHA512
2be10659f627bf456d0e75bfe58f2306141841e6ee2d38a742c2e9f4282122075de42a882639643fda9957026efcb0e6dfc00995c911515fae94690923a9bfc8

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
6db484b0d207fd72b5db5ca490bd4ca5

SHA1
8b7a5bb7ce4007b26545fd22902048e05a646446

SHA256
1d8e2b59452b927cc3e0f75b2d5277b667a503c53507fdac11d3d8b44986080d

SHA512
9419ce9148f7c6a473412036bcbca9672f47390295e8a84858f50556c22b66a7385bcee089715ecd7ff1cf5c59257717a75444bee1a4d3e4332326bbc407e0fa

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
55ce323ccbc72920750d305c0b2a09c4

SHA1
8c51f65875cce5c049078fe0209a9a9d1cb98031

SHA256
86cc087d197b1243413c0963b6f132648489fe26a4a11a7a77163744810e9165

SHA512
b760a985f6fc895ccb0d9e0d99d4215cbc90f5d85dfcf46d96dc727c3e5ccea424d8b04c21fae8e2f32127bb6b4e1d63b3ac43bd21b22859d3c6941c8052afa9

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
8c137389afccacccbe5864fba3464f48

SHA1
fb99931a34143b93e5e7a72166af830bbb389157

SHA256
8afdaf1c630aecb97ab5625ac8483664643c526bd705decfae0daaf2481f0a81

SHA512
4723f709483bc62b4200a5e5cc48c8af77994b0d06d0dfa3737ad40cb20099db4bcdf69edfaab7f315e1cdf47866feb473bb4f1d26b25f5823f1a2ea2e1a04cd

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
549f6735f986e1ddc0c85a3502052fec

SHA1
4cf90329f18993c0982cacc1d718e0308176971b

SHA256
8824840d84f561d2b46d13f30484683c36328850a596f1e2ee48bca2e7de2d30

SHA512
51ff305d59e2d1a365095406e9f56b28e57cd95ac36955d93a8f2d6b3dd3d474b30643cf527a67760c540e83517aee2f743214c931cf5e58bc79ae016a47b64f

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-string-l1-1-0.dll

Filesize
23KB

MD5
8f0cb5ca0c982efcec40241f81f9cc11

SHA1
3af0fc542fe2d63ea5acd117e91de134fed3b5ef

SHA256
6147eb7e5bd6ac004301350ef4b168e552b82e301e14dcf3b10df88d833dc1be

SHA512
e6c9ef79f472bd2ae555a9efb606176674d22fb7bb359f268bc0b572382af0336694171a3ec4f5cc986f2eeae63bc0804198715d0494a6c7d58c4160e6e9b966

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
b3f20781c32907a02b16c8e8e2a32e74

SHA1
615e9a72372c69583d0c53e461554eae1368d34a

SHA256
dc7f41906edf362829b5e9157ba0c1da73ce32f95b4cb468cce96521c4c4ac8c

SHA512
f928a79699af5b89d674daf8915c7321feebdd0ba30f611228a88c9781ce2da3c99a724cc8385fe721556126871522b53d149118f747749e665a0754fbdfe15e

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
ead03b9a61a23ff6275ca364a1c6536f

SHA1
4221be864a141079699e80b6b121beb08d20c3c0

SHA256
dd0d05feadf990eaa82d691be1990a2bd2ebe7f9874880d1871760dc15d9b3c1

SHA512
e8b238bff471d06439e170e90af93251818f434ca56491494ee2d9684a1837825f2b169f9dc73201c5563dc7500c2438a6081de56dd1a0b0cab25c9382d6bfc5

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\ffmpeg.dll

Filesize
1.6MB

MD5
d9bf7995b2f465774331f4b81159b073

SHA1
1bfc5919a04469bf6a263005e7b7f20b9b2db74e

SHA256
a1a7d37b5175b365c9736e67319857ad52ff4e53a38eb4cbbddb0e4e1fb8e749

SHA512
bccf5dae4b12aebb858719828747ac9d6c4ba591e53cf61363e7254a447a0b4039747943283cd6f2b756d134a6fae3bbad5b5b763a0ac5dc37fa7dd60624fd73

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\msvcp140.dll

Filesize
429KB

MD5
d25c3ff7a4cbbffc7c9fff4f659051ce

SHA1
02fe8d84d7f74c2721ff47d72a6916028c8f2e8a

SHA256
9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5

SHA512
945fe55b43326c95f1eee643d46a53b69a463a88bd149f90e9e193d71b84f4875455d37fd4f06c1307bb2cdbe99c1f6e18cb33c0b8679cd11fea820d7e728065

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\node.dll

Filesize
13.7MB

MD5
24922306e880dcf4ff18224134ea4f4c

SHA1
2c41581098a10eb8130a037b908e22f4323d5e7e

SHA256
b204d42ec01e6a391af66aa33de340db5c8e861d7b9034671603e101dc6fd05d

SHA512
18924eb7494d6bad314ab0979dc74f9ebf6447430bb602b03cd8a57ade344c938d6c66f255df2bc687ff357fab92ed0c69a77d97b2a03d24fbd52992a5c2130f

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\ucrtbase.dll

Filesize
895KB

MD5
f0270079e98f80cd59ee4c45fe9c7697

SHA1
9faf9ca18036c83d83d1c2c3107c4d285381049f

SHA256
94952e907781c68d22294fc38d3463a86bbacf285d637eeb1889f7cf41c69129

SHA512
1995d1fabc38f078af3fadcc054080be9d2587123100dfb830df0040061a2a68cde43e582e1e7b45d849b1d2c65c733ac6a0aad02ef736389a9c344ed68088d5

Download Submit
\Users\Admin\AppData\Local\Programs\cosmonaut\vcruntime140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd10D4.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
memory/268-548-0x0000000032E80000-0x0000000032E81000-memory.dmp

Filesize
4KB

Download
memory/284-581-0x0000000020A80000-0x0000000020A81000-memory.dmp

Filesize
4KB

Download
memory/648-590-0x0000000009300000-0x0000000009301000-memory.dmp

Filesize
4KB

Download
memory/848-595-0x000000002BF00000-0x000000002BF01000-memory.dmp

Filesize
4KB

Download
memory/868-909-0x0000000000CD0000-0x0000000000CD1000-memory.dmp

Filesize
4KB

Download
memory/884-533-0x0000000022580000-0x0000000022581000-memory.dmp

Filesize
4KB

Download
memory/936-556-0x000000002C180000-0x000000002C181000-memory.dmp

Filesize
4KB

Download
memory/1156-571-0x000000001EB80000-0x000000001EB81000-memory.dmp

Filesize
4KB

Download
memory/1160-543-0x0000000029780000-0x0000000029781000-memory.dmp

Filesize
4KB

Download
memory/1184-603-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1184-576-0x0000000018D80000-0x0000000018D81000-memory.dmp

Filesize
4KB

Download
memory/1308-600-0x0000000013900000-0x0000000013901000-memory.dmp

Filesize
4KB

Download
memory/1388-561-0x000000002A980000-0x000000002A981000-memory.dmp

Filesize
4KB

Download
memory/1408-610-0x0000000025080000-0x0000000025081000-memory.dmp

Filesize
4KB

Download
memory/1496-552-0x000000002DC00000-0x000000002DC01000-memory.dmp

Filesize
4KB

Download
memory/1572-585-0x0000000014C80000-0x0000000014C81000-memory.dmp

Filesize
4KB

Download
memory/1584-565-0x000000001A080000-0x000000001A081000-memory.dmp

Filesize
4KB

Download
memory/1628-868-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2016-849-0x00000000009F0000-0x00000000009F2000-memory.dmp

Filesize
8KB

Download
memory/2036-530-0x000000003BF00000-0x000000003BF01000-memory.dmp

Filesize
4KB

Download
memory/2036-534-0x0000000009FC0000-0x0000000009FC1000-memory.dmp

Filesize
4KB

Download
memory/2036-601-0x0000000009FC0000-0x0000000009FC1000-memory.dmp

Filesize
4KB

Download
memory/2044-463-0x0000000000330000-0x0000000000332000-memory.dmp

Filesize
8KB

Download