Analysis Overview
SHA256
560b03c4ba18e5a443f74a69727db0eabac6f455bb836757d620cc51615a92ea
Threat Level: Shows suspicious behavior
The file Lunar Client v3.2.3.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Checks computer location settings
Checks installed software on the system
Loads dropped DLL
Executes dropped EXE
Unsigned PE
Program crash
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Enumerates processes with tasklist
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 22:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral13
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240221-es
Max time kernel
1566s
Max time network
1571s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 224
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1379s
Max time network
1175s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 216 wrote to memory of 4704 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 216 wrote to memory of 4704 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 216 wrote to memory of 4704 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4704 -ip 4704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 189.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.192.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.192.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:48
Platform
win7-20240221-es
Max time kernel
1565s
Max time network
1566s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 220
Network
Files
Analysis: behavioral24
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:50
Platform
win10v2004-20240226-es
Max time kernel
1763s
Max time network
1176s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5108 wrote to memory of 3204 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5108 wrote to memory of 3204 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5108 wrote to memory of 3204 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3204 -ip 3204
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.80.50.20.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:41
Platform
win7-20240221-es
Max time kernel
1561s
Max time network
1563s
Command Line
Signatures
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Lunar Client.exe" | %SYSTEMROOT%\System32\find.exe "Lunar Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Lunar Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Lunar Client.exe"
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe"
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | launcherupdates.lunarclientcdn.com | udp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\INetC.dll
| MD5 | 38caa11a462b16538e0a3daeb2fc0eaf |
| SHA1 | c22a190b83f4b6dc0d6a44b98eac1a89a78de55c |
| SHA256 | ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a |
| SHA512 | 777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 753df6889fd7410a2e9fe333da83a429 |
| SHA1 | 3c425f16e8267186061dd48ac1c77c122962456e |
| SHA256 | b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78 |
| SHA512 | 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444 |
C:\Users\Admin\AppData\Local\Temp\Tar812A.tmp
| MD5 | dd73cead4b93366cf3465c8cd32e2796 |
| SHA1 | 74546226dfe9ceb8184651e920d1dbfb432b314e |
| SHA256 | a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22 |
| SHA512 | ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63 |
\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\chrome_100_percent.pak
| MD5 | 443c58245eeb233d319abf7150b99c31 |
| SHA1 | f889ce6302bd8cfbb68ee9a6d8252e58b63e492d |
| SHA256 | 99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760 |
| SHA512 | 081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\chrome_200_percent.pak
| MD5 | 81b5b74fe16c7c81870f539d5c263397 |
| SHA1 | 27526cc2b68a6d2b539bd75317a20c9c5e43c889 |
| SHA256 | cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4 |
| SHA512 | b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 2191e768cc2e19009dad20dc999135a3 |
| SHA1 | f49a46ba0e954e657aaed1c9019a53d194272b6a |
| SHA256 | 7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d |
| SHA512 | 5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\ffmpeg.dll
| MD5 | d5e1f1e9d0ccfe7f21b5c3750b202b4d |
| SHA1 | 74144ac93c0c58a9b9288bce5d06814c9a1b1dc2 |
| SHA256 | e1ab367644f72ebcdc8eb3fcfe829ff51719559ac2a43a1600e712b16871ad65 |
| SHA512 | dcf70d43f1a83c424be99c38e33e520c72115c3d30945980e5e394d460462251bde309e543213b2b08dcbe9769d11d46792e1cc99aa42777fcc34d6f3361a3d2 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\icudtl.dat
| MD5 | 2134e5dbc46fb1c46eac0fe1af710ec3 |
| SHA1 | dbecf2d193ae575aba4217194d4136bd9291d4db |
| SHA256 | ee3c8883effd90edfb0ff5b758c560cbca25d1598fcb55b80ef67e990dd19d41 |
| SHA512 | b9b50614d9baebf6378e5164d70be7fe7ef3051cfff38733fe3c7448c5de292754bbbb8da833e26115a185945be419be8dd1030fc230ed69f388479853bc0fcb |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\libEGL.dll
| MD5 | dd78b86b3c92d61c37b44ef5b157cfe0 |
| SHA1 | 4dcf9ebc3ff5ca552c0e83469b921153b29aea1f |
| SHA256 | e142752e073c0051a0beb963981af70263ed673959515545521a7941d3230838 |
| SHA512 | 9d071568dc56db2ab93d034d07a11a477aab8ac50d9ea3c4db3ac4866fcd3c2f3002ba7a3f2c55589a9d68463181fc7a03327dc164310d7e80e30cc6f6bf2423 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\libGLESv2.dll
| MD5 | af3792b63af63408a40604184ea6ef7f |
| SHA1 | b4d577e1c7ca0d4d3a34e2edb919cf58e6b62952 |
| SHA256 | b0ff1bad8e2f34b12dfcc4b5387bdc042f9bc2f963e11dea1758397ca0e907ea |
| SHA512 | d413c52f7c82dd17f06002f3ca6bc3efcf4e11e88379d989d982b2f9f47b71643971c4988abee2dc1212027b2cea148a8849bcb442dd4dbcd8e26ea892dd7a58 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Programs\launcher\LICENSES.chromium.html
| MD5 | 0e3e4362f785aff0b9e1852b1064c0f1 |
| SHA1 | a42ccb51e72bdcb5bb905a62efaa28857def3a17 |
| SHA256 | bd3ee49a5ab19d15ddc44b421b0bdefce587790786989ae77cf3ddf1e6a2ba8d |
| SHA512 | 193b57efc5f5971fbd9e4ea1a80b34aadcc2a814ff49c4c06afe972bf327e98ff0498217a8bdef984b10fdec6e7858a6fb88c0b14936e0c6b404387a426b87f2 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\Lunar Client.exe
| MD5 | 4f5547716cc5dec5846084da50da7ea2 |
| SHA1 | 014a7a7fce1d6cccdbefcebcdf57d8f2a30fac52 |
| SHA256 | d1d8d830f8d6e6d14f302358e203f7d8724cf20d1221f84579221ca0f9095572 |
| SHA512 | 230fc0841d2c2a2c879173b8f6727db2e73b73f1b2a02035d0983e6922400c2c4bd9a1dea018b3b061a50c947e04b660e569f8450b6739dc93218441ad72b2bc |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\resources.pak
| MD5 | 09b6f51fef581065c9e37603e5a7ed7f |
| SHA1 | d5f47159620cf602d097b27d69041ec94c861118 |
| SHA256 | 67f88ec430d971c52f0c96fcd572a4260386efddad2fb4e8f171700e06df668c |
| SHA512 | c39811779b84e228c99d7459c9058e5c63a15d58c1bce1edbf805656f7f0e9a2aebd02734ba97482e25571413ee4d91bf75c4260bf0577f5e64ba19543e66488 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\snapshot_blob.bin
| MD5 | 3a4095538e021b84396b3ce25affafc3 |
| SHA1 | cfc20771227b3c1f3197ff6a91cee68555afb247 |
| SHA256 | c1c9145735032bff20b2fff50a4b92ae9cf47290f433e3f3b32e3b232d610c59 |
| SHA512 | 7b71083180f237f5f37cbe7a9755f6606708b959986562f9c5880cccea17b80a5187649fc0cb6965a8b40526bcb2cb6d980d364be528465290658b4d9084348e |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 5db8a5bb87c7999343f30128979057a1 |
| SHA1 | c4177c2fe973a495db59b6228ac26264eec46a4d |
| SHA256 | 5b1f69f39f3d5865dce13ee3bdbc1af2938f5cc4c056dc9f9e213e9af346ad4b |
| SHA512 | da2d516251376952729a33de2cd23764290d400fafc49642f2ccd799e3f989cce4d5561a76d380a950b77b53b50148dec9089c30de6c3dc38666237e196e569b |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\vk_swiftshader.dll
| MD5 | 82e83b4e7008604a856108f72543e3f0 |
| SHA1 | 1c77f08eebb700d17ca0c23778f292a981e8f7f7 |
| SHA256 | 1884132bd61d5359d7d8feb6c49ca72725fa976a3b5c5e239d3bc19a209772df |
| SHA512 | 76808636f05e5266ab9b30746b782a932f38a4278f56554c79b1b88ec619ecbb89e53e70c4eeef4385b7104d1ea685ca4b7fc45e1fb6fa92fe342a394e1fdbf3 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\vulkan-1.dll
| MD5 | d562628f9df56ae61770ffdef79c8d05 |
| SHA1 | 2423105a960fe0ceb038ca36d6a37638ebd32b6f |
| SHA256 | 5789ca1822f3a5a67cd2c24e6ff0307e688b76a2e99831050bdcf8b8d155956d |
| SHA512 | 739f9f41d8e3e48dbd20bfecfc5679f38e59b3fc8cb406a77c384fd5146f19efafa1e4f23f15071dbeaa1d0dc71e125966e19fb757fc39e6abe953159669c096 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\af.pak
| MD5 | 974fbb9e71b9d12b82ebcaffcb4417b1 |
| SHA1 | 2a8270127f3591f72da79f6d8041fd9d7afe3ff5 |
| SHA256 | 8df9563dba732ee406535651ebffd505ae10eeff5f323076805d9b64f4a9d3da |
| SHA512 | c3d1b5824168a3f2af8a0bb66c67e30392da2d8c0d85d8a3d33003aeae0ea5f7ad80d53fade11c5186a9b20b8a503fd88c7106189d8459caf503751ae8f77c8d |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\bn.pak
| MD5 | acbadfca73363958a4d99ae23513383e |
| SHA1 | 81e9edb43c8a227331cb09aa8d6d28d3e3407e81 |
| SHA256 | db0c12686235366c21ee24989a77abb9dd09f48a811bf71d7ca304862d865591 |
| SHA512 | b07efaaf1be454b5b424d6379f139ac2b8609221f01cc0a9541792655f2855b416a10449fd4f8d57b970ff140762cd9773f955d1cafe73631e80ac1e8a40032e |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\cs.pak
| MD5 | 06b879aed90f03a0c15a345d7e44bfb9 |
| SHA1 | 9330c67b3532e94d09da13fb396ea60619738978 |
| SHA256 | 57a2ca6c0148ba7ae94328322bdedeed447b3eecc76558ce60974a0c2b43727c |
| SHA512 | 6e50d57e48a08c23c4541809b39f0a0516f60f5ab991f81e2ee2fbc02e56f3d002cfc1ccb7588640f67cce12852042c5b57f2d6689fe75f9530e970571b19adf |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\de.pak
| MD5 | 650bf51c9ab2e3fcb30c1f7e804ab068 |
| SHA1 | 830fd332fa5a57b48876fb3c807b06959576572a |
| SHA256 | 622856d3ab8b821dbb203fa7a39d02567f95aee8d1ae928d1243d276890ebad9 |
| SHA512 | 6b39270d1313e1e96637ffe9ef47b0da9b6d9758dd9780560665065f98ee3e4174931a041bfece74cf27467f5615c162f3ef27f60476e9a1a9c809ff62fa38b4 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\es.pak
| MD5 | bebf33d6133d19cf037ac0882da2c6f7 |
| SHA1 | 5129702bb5071f006d6fce96a77c01ba2148bd88 |
| SHA256 | 8d2e928a102a7ec083def99b50ed630e371314c0299750359c7bb6465cae526b |
| SHA512 | fc7af2db2d74aa5bcf7a3f05061ac15b2d766ea7709a4a93bd352cbd80bd5bae14dda1b7b396b91f08a88519cbac2e0de577b8632e99bedfe7cf0c304656f7b2 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\fi.pak
| MD5 | 807f0ea396a65b4c42ed124d8417e890 |
| SHA1 | 5328d35724ea6596cc670cc5636f20b6bc32bdae |
| SHA256 | aa0ef9ebd06dab005134d657e08c33ffd9b2cd72d0944af9ccbd1dbb7466f271 |
| SHA512 | a5f9e8d50e170cbae92633e2d0a2116a4661b78a406b9a7c02fcdcd57a947d29c91ba80e45bbcfff6958c6a3443b992b806a01c1f9c1577c93b1c33b241b004b |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\hr.pak
| MD5 | e1d36f0e21b895962d413705d181bafd |
| SHA1 | 6b44c0f48a3e80e2d3c565e286c1686ccd264d5a |
| SHA256 | b9d3c755483357d8b8c9a9c7104fcfe1f7d9be22b889509001f70d162ddd23fb |
| SHA512 | 1cbb208dfeaa9d2de1651c4095b4b0bad17c1b19ebae192ec3e99e39c14daa57e40291d25dd71235daf96419f127121f110e5a2957bf712785930dad34eb63a9 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\lt.pak
| MD5 | 21ad7e003b3d73662acf3609ef1f6191 |
| SHA1 | 209de67b1b9af3e58d0a02771c16dcc276c66266 |
| SHA256 | 5736f9cf3224e051166788f95da05bb526101abc84d8b0be1bb68a5b393f4823 |
| SHA512 | 365daad433a945494db20dccac292bfb68b99ed96d996f8a2c75bd5ca6de4f7e759e810cb93386ffea9136b6eed657697bfc64de8e0f0d872d5b9a16d57b1595 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ro.pak
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\zh-TW.pak
| MD5 | 29299419f1cc916f87c447f5ba136011 |
| SHA1 | 45d8300a076f9a4839684ed5361570f126cddf02 |
| SHA256 | 6bb3136089c4c511472bbd7e58d66ad8a8f3820aa4abc1b38645698c7874d850 |
| SHA512 | 19efe1b3244f36c290f9f1439b89222e96dc4e7a29edc287395b35b43dcf0f0fa1e818c4eee00dae438166e5d4b3ea9b13e67efc49deb0c4d84a13a55cc2bae0 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\resources\app-update.yml
| MD5 | 9fafe2931214f36d81e3632b0be80774 |
| SHA1 | cac08ef88b787dfea0acc0d18e559fd9180819ba |
| SHA256 | 9161bcc9763091ff3670ef98eff99d004c0f67f13b5dd94715c661fae274cf33 |
| SHA512 | a671cec02c8957864797cad7657b4d2165b40980410db0696cb6dbd05b9485f0491065f1249461fb7777d73cba601f8d1035c9c2718a52a56a217da859c03217 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\zh-CN.pak
| MD5 | 4308ef4507441cfc139d0e707631639d |
| SHA1 | 0873a21c2cc56716fae3f41a1bd02d48857355f8 |
| SHA256 | c0ad4e8d10a07b0f1714a6602faf74cf07e2bf3a3b21dd64a3405b0cb271e233 |
| SHA512 | 6280ed5c2f1f9cbe8bdca6001e60c1b4bfa82352061d87f793406789ba75d540efbe074bca7112d36f9560775fedcbecbfb79bbffaaee5ecfc8adec60911c358 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\resources\elevate.exe
| MD5 | d3376edc37f52d286b0bf9c12788e584 |
| SHA1 | fade078cbecf7ddceba63134afcb0826670d5040 |
| SHA256 | c6de3b6ef5116a8c153eba67c0b989d603a45879ca40610cf89c5755210ea42e |
| SHA512 | 7b72601510bdd7b8b8ea291f60bd03aa7fa3a143d16d901a706d6f103650a9d89b903ace5c81ca5118d45d9d490207b2369398ef02ffb3931d93a8c176a8d393 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\resources\app.asar
| MD5 | 718552e592a44be51318833874fc16b6 |
| SHA1 | b3aef8756aa5968b5990a163bb2c818c47de4dde |
| SHA256 | d50a008a52648cbec9186a68b073f9847ae432a7e789037bfe5430acdc5437de |
| SHA512 | 4ab7bb0e469d1fc84268b881cb8a5d3c139b768ecd54f1a20b39d5fa17a0b0eff122f1fa8e91cd00eec8da99a225fabf6ede94c5e1e6b19d091777a5dcc73e25 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\vi.pak
| MD5 | c53c25131486d0f7400072f4c98aec60 |
| SHA1 | f925d1f675b703bd06a6ac61a739b30a0cfff5a3 |
| SHA256 | aa02757dbe920fbad807c1dcefda25c82ea32d3f9a4968dcc1c5ad66cfff4fcb |
| SHA512 | 83680e3ab88c1d7abbc47be04cf600368a0eee137451450901b9b2aceae76087cfe95af45088bf69fd2c774e00352bf2533c6cc9bd1abdaeedc63bbc6e90ad85 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ur.pak
| MD5 | fe83da3d20f82850b417432c6418a087 |
| SHA1 | 13067b27c99eb66a4962809fd159815fb7ebbbee |
| SHA256 | cb7d2fa5d33e972a10cd679470a46677d70ed133bdf3483427a7a52ccd97f0d2 |
| SHA512 | e5a9fc4a3281b2d68b11249becc7f0dc0a54c5316c349efcb9fb17ddfbd0b8a74179b8ae4b9044cd16085ed95bc026a55f7f0a5714737b8bd0b422e77ce6e289 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\uk.pak
| MD5 | 9059d18416a196e5a7741456740eb685 |
| SHA1 | 15c7c36c5568e4dc010689571e2c2acaabd893e5 |
| SHA256 | 02df759f3ad644e864989a810ff36597e6fdb9987291fa6a63c5c2428c08e8e2 |
| SHA512 | 903b367612c60631d835a7ae8193c8c774d7118d9843ebd670aafd835975b6b7581010a58ebeef2ceedb48f07d3cf6255414558b25d3b254861900e2d564d65b |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\tr.pak
| MD5 | 418dc1cdd7ccc10679523665e1626280 |
| SHA1 | d4407ba9bc55153963150e6e30f23cc5b2304e30 |
| SHA256 | 26fd3317bedd4080038d7a0003d73923fc0edd40283ef11b5ba80bb27f946c13 |
| SHA512 | 4a907bf14dc9cd8ecb2f17152ff5ea0a6dc37034c95ed31a445395bcb9ad6fc23d4117e81f94ac82d767869b0b828738eacd33b810df87dd41cc3ec2d5b92e94 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\th.pak
| MD5 | 2376dc182234c3f1188dc0d6e1840453 |
| SHA1 | 2dd35d89e79512e37b721fa697cb2e9e07a1d1cf |
| SHA256 | 610a440605110f1aa18b1134d116c66cd2050da53e0360924a3171d0850c27fc |
| SHA512 | 7c81fe0c2172ff49b6ad9236762fe81e0a786991ca6c6e3549bd66f9cba3c14d96f8560e01bf3681355d6155a0b1b9cb5fa0177137f71ba3d8a1fb6fded29e38 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\te.pak
| MD5 | 51356402af92c1912f185b6bc9aa9026 |
| SHA1 | 60ccd65d7ef35e5219f2bd1eced66e1ba984a8cb |
| SHA256 | 11df9eaa9216b091fab01f66fd77bcb17c0bea0db3ea7a803bdf5dc6c6e18322 |
| SHA512 | 8ddc7946a9445a832b4b3b254d24e12d66c42af8cf7dc13add4cd3a9ae50b83e5178830300c0b08aa145d55d79b868efa9d95a116623044d7df8eac1a6556632 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ta.pak
| MD5 | abf95e05d798043abf4f2f514c0517a9 |
| SHA1 | b8c6c1cdcbfea03fb106c7a44385a3a8e6806aa6 |
| SHA256 | 9cd624a97493282afed3b9b1e848b12639234fa54c04b22128169924f9c92777 |
| SHA512 | aacd7439df84ec76a3d0c69c39341b51031b66b24be53c87f3ffbced989b38fee416b19db2c3b36904eaf88f98b24e1e26f070bcc8dfb4ecc99dc7bb6f6b911f |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\sw.pak
| MD5 | bc771a0e8398e14653d9a4373a73496a |
| SHA1 | 6e844c7daa666640ac3093d5e51276886a0f5a66 |
| SHA256 | 7a5d056fd317b7b60a4fbf0df39dfdd21829f2245393a21e1ddccf1a4e3b61fe |
| SHA512 | 79b916c737bc44051e6b4c0a9afdfba26928536034c5a5149586594454855b7074f6f8fdaeb98f0b7bde5c3da36d66988f683de8961e13c9c82301676f942998 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\sv.pak
| MD5 | 094d69544816535e4d040ef0ce923100 |
| SHA1 | 5891cdc73bc4c112855d099ee112da0c3e9cea81 |
| SHA256 | 110112c2f7ff5d3c8599036669d156e96ec19e70515fbba3bbcb2043ab994680 |
| SHA512 | 023037077a3482a3bf2ac076b5c00922d7039bfc2098797275465138142fea0f97c1e003f77de71b9ab88f786b7401182618603610c51f634ad17a123faf5bd4 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\sr.pak
| MD5 | 4d1ee9487f4ddfdc4471366d3965293f |
| SHA1 | 4e53084fe0d4bf4f46ea980f7423787084152ff2 |
| SHA256 | b75a222db70c3f5734a75042718da599881d5e84cc52b332e9162f78b32f4819 |
| SHA512 | a44a448203cc9388d8df4c39be9db5436546fa17add0975c18ce01ea0a5cba142692660ce6efbf00699793ca98af8e392e41a07dcd9c183fe03414574389609c |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\sl.pak
| MD5 | 1b02b0834b8bbd12a77f7fff09e1d81a |
| SHA1 | 1898cfedde55aae307f7578b88cb0bcaf61e1d52 |
| SHA256 | b36e1fe2405cc4b9f34587e30da2feadaa6f03124769b02f79333adacaddb49b |
| SHA512 | b1006053ace6f8842e9436c94934b2e7d1b502e3df9ecd1fe59ab39ae35e69e8f0dcff8728aee2c35a3a1eb7a27f0146d6113b4de0632dbab20eb0a37942bc4c |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\sk.pak
| MD5 | b88ec1f7bbdcf1b6690f2698b3dff738 |
| SHA1 | c5975de1d66827087bbf8cf0f4b3bda816a723e1 |
| SHA256 | 04b179b5c3a5468f495a0620a2dbc6e312ebd76ba32b98d8cc7daafb46edc21e |
| SHA512 | ef30ac14b17b71f5659f33778d8c4b017127c3c5bfb593dca919a80320a66dcf5e0a3f228dcf62b05df5d4d6929eb5401ba9c369affe89cf541633bb743553f0 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ru.pak
| MD5 | 6092ff0430736682e24595b37b3c018d |
| SHA1 | 9d2b9822556ab1f33861c45b2f7f4236b3ea5f05 |
| SHA256 | c5264fa2b485326e91d4df7a6e39122554ed632c0c17fa1f130205ed50e2d6b9 |
| SHA512 | fdd960f3295c280cc57915f7cabd7ffde0c0cdf4cf6b671748a6f5b8b39376141f2a552afce3e2a428ba18057fb9890da9b95fc6b8367dbda5430e1b205a08cf |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\pt-PT.pak
| MD5 | 7074036013be3839e218ec7b15d49215 |
| SHA1 | 7711ae4e96efd4f4676a3c0281a92af56329deee |
| SHA256 | 342381f89058bedd809991a0b416f48642df3c71aea10bb13e13bc15eaaf46c8 |
| SHA512 | 8a1e9cefb8a64b3664d9496e2d2f76e2281b3c427fe24ecb70ee74f78778d94def66787a7e35ccde6037ec061e29a6ac7fd8b4010f77b13945780e1316bb16e0 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\pt-BR.pak
| MD5 | 4f3f65f6639ae1905fa37b9b6ee2e4d4 |
| SHA1 | 07553f41c4f8f3d105eb92b65497c4976449a6b4 |
| SHA256 | b4e0a6064dcfe876c819ec4b00f9857b84ff52cd3e845bd0c48e31ad43a23db9 |
| SHA512 | 85cfcaed8fa2026c13735e7d4b6852bf794dd4a8ac078889d5ef46ec2ff7173ae443addcb0b0c711f6a31f80469fc1df5af1a78da6397d9df5e33cabb354fba2 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\pl.pak
| MD5 | 41cb68de75d011281c7936194ef8457f |
| SHA1 | 6bd3efbf5142769c6fbe8478185edf89f471716a |
| SHA256 | d52358b8fd70f1f18b3f8ecc4aa9c791591dbb698ef8d8670312e50f024db451 |
| SHA512 | ceb90fa9f723c3d8d522a401cb46545c72a2ddd1d04f091e9d7ca5212cedcc641c54cb8fe19595e9c823b2ed374757e5ba7d1813cd763bbd8d726b1e2ebe0407 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\nl.pak
| MD5 | 54817be286dbfd9de461f42304eb72cc |
| SHA1 | 79386881a11e6c7d49f2d117822c29d7631f3830 |
| SHA256 | 3c682e37df71cc036c2b5e91064407fed8091c0306a856121e28c19e7110e1e4 |
| SHA512 | d8f922b028b03c6379911308cf240d104b40a9c46f67a6ddbbfcd20110c287e8106376cd6e8295915d054e05b2a8a045b3ab8d98932c1be97b1f258525db1a68 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\nb.pak
| MD5 | 23ecce10db7753622fd7cd956aa55212 |
| SHA1 | 52affc68e91448d8aecf2396f02ede77d4ea664f |
| SHA256 | 29f38d3720c948fd261a2aea7d195e861a73a1313071bd2cbf1ebcbba77c63e6 |
| SHA512 | 553543bef496052995e33e2f3e8bd66ac845351cd292623479a303261900c393cec35af3e0ecd57db84197e6f7653ffa4eeaf4950647ae2d5304f961890deba1 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ms.pak
| MD5 | 2c4056d84b980267faadd69d52c17086 |
| SHA1 | 3b3c5fcf182d86a170c8f35c041bf3869a82b362 |
| SHA256 | 163eb7ba5f0c61acb6443709c24e38ca6370a33f89a12e13d0a57c258a87ca16 |
| SHA512 | 47285ab42b46cf7d6556eac2a8f7afb9a9c9abe8cb026fe847b2504e4dbddd481a98c1ea959c74e31f195ecdbb618a3d93df8f20b797411a8bf2b3856fc9b963 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\mr.pak
| MD5 | 1675668911fd3063e092fe34579c210c |
| SHA1 | d1d09041778599002d07a89848ddd79cf5f4f4db |
| SHA256 | 436efbdbce605c23f855644a9ff1b04d9a3eca37de3b18de8c3e589930d54096 |
| SHA512 | 61c7aabb00700773bb55522e7ae9482d1d97ace936c9bbfeaef3215a976c411a51f41a2d5aa05f2b286b0d112b5616215b9fa3632eaee38b1ec090dfb29391b1 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ml.pak
| MD5 | fb1a6e31dfb4f4c78a50b4dbece0e1c1 |
| SHA1 | 367c506478380f8bab411747a906f8f8c60df30a |
| SHA256 | a7afb3ebfa8f4d2e35dfdd5554ff2702182e73dad0fd82f8b4207a61563ed134 |
| SHA512 | 18afb816e974c9f0d669af7cb6a5d8761e1c5af69317e6ea293559876549692baf1567657b356ba9d52ecdf4d117b7ee7fe003d1820286470d43af89321e3f6d |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\lv.pak
| MD5 | f8a5403bd91f231db58e77c9d4514e2f |
| SHA1 | 7d29e2d8459af6fc3082cec0d9638daf5275bf3d |
| SHA256 | dfb9b5ee446977dc0435cff4d66402d3a9426edb106effdbb7d86379527c5956 |
| SHA512 | f491cffdc5cc588f7ec70f87be84615aaf5b39e9c990cd9c835e65beb27f26334517abac1af7419f2b7b18f94c369037c8df4c1c8e26a5fed4288d477dc0874e |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ko.pak
| MD5 | c90a42bb27bcbf1bd345dc998f9e410e |
| SHA1 | 66f8bb72db6b38e2d288959bcee3c43caefdc59a |
| SHA256 | 56100d20a59fe6cb333f57ffdef90157324ae1b90194e852478daa8c46d29de9 |
| SHA512 | b5912c895a6a3b391555efc10b15d45fe9a84473c8687327b7d2fa033711e437e2f160345daefd554374357e0afbaeda4a25f4f69ca74e498d7081062f299b46 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\kn.pak
| MD5 | 74f0e9c7c670a981d3651e0d189dfc47 |
| SHA1 | a2fd3037311f36aaa348805d57172f9e9b0680c6 |
| SHA256 | 0c8e0b6a8398d7b9ab9cac634e4a7ce4453540358e79ac6e9c5633efb4182fe9 |
| SHA512 | 2c555439f7de3902b2b1a940cd43977558c4d9239c449105fc24777952af8de592ba86a7476567d190719c66d38f7a7982c9b94278c0594de1b427dc546f2d89 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ja.pak
| MD5 | afd423713e28b3980392443f31dbda7b |
| SHA1 | 926560b21af422f22e1cca1a4a2948ff988bc6d9 |
| SHA256 | 88383ddccacb53f3ce5918cd80b5dafb16b3cf1fab295e230cc15490600615e4 |
| SHA512 | 1544f7a91b4b63bb80f651833a931204e44745bb0bccfb5564ee9af3149218f140b6adfb6d4ebb5ce5e82f5c345c098cae8a0637b274c42f6711aa53877b0bd4 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\it.pak
| MD5 | 47c89f9ba4993e7cb6640c23f444e9cd |
| SHA1 | 0e3755d2835742b7aa4e1d5245454f7cf22a2d47 |
| SHA256 | 95bbf94625cf0476124763cebedcf5ee46148bb6b5c006f86540a02e8d8c883c |
| SHA512 | 948e4da235cf7d0272fd7a99e7238596e5d50913886fc73fe35f9af17d1087f550a3cc3251ee6595f9872ef0b88e75725405382e6aea4850088e068d5b80922d |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\id.pak
| MD5 | 0dcb56f6b196199f7ed802c06b774037 |
| SHA1 | f62edd5e814d05cc4aeb5574fc63acfdeffb6010 |
| SHA256 | bd512e36a88f0d7e6fecc0b559adb2761589947fef9c253dc350cd8d6ea889f2 |
| SHA512 | e03474255bce20004788475ee1f546ee7830e9b9960023b15210d88347032b5376848aeadef3e953ec654d3905baee37279bfaa287af7669ca66e382a4b1344c |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\hu.pak
| MD5 | 2fef83993a62f73f8e4b40a6e28a085c |
| SHA1 | 8bae181f3eed8d5ea8fb0f912c679e608ee7c008 |
| SHA256 | ca4b4c7c7be45ea0871abf7d5668ab948f712a02facdc1d6bbc189b1b3522446 |
| SHA512 | 6eed29acd38b662f62381a5c00ebfb254915a57de6fde8e6da77f60dffd13d4846b26b1897d710ef852bcec5728a4460becaed2367f1a06a066da77521701324 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\hi.pak
| MD5 | 4eb5c501aecb647fa81fb4b65b0cb6d6 |
| SHA1 | 5154741cceb272352f0814850e75b517f7f8a023 |
| SHA256 | 71830814b8c7028a114a53a4e715ffa8da12f01d920455242a0cbc35fef48e6b |
| SHA512 | 2bf32962d4f018959281f6f09d149aadd901c21131ef25aa1199ecd73dc16e2377eeeb67352e030198aa280ac1fd5962eb226fc6481c654d8d332751a20329d8 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\he.pak
| MD5 | 8b3957dda3c9fd903d2c4b8a5f686475 |
| SHA1 | 36e45b4d30fd1e59ecafe095f405e0722a814a17 |
| SHA256 | ad20b3d634130c247f4ff954f1a5c56687523e5610f2ec6085e257126c4513a4 |
| SHA512 | 1dd54ce0a1f30ba087a9d09b9aa2928dec3070788d7db3dc2bbd27fa6126f70fa1e05106a1503602b203fa76be914210a38d5dc9c6bb56c56857ef08c528c4f2 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\gu.pak
| MD5 | 0c33e2a35eaaed3572f31e7b24d4493b |
| SHA1 | 278498568109ea7d6cb34c634316f95b04155b64 |
| SHA256 | 0f0fee8a2f22f80a0c4a758e7f4fd90d40be4048dcab0d824135caa5e92efd5d |
| SHA512 | 4eebf9be5a8c317d2d2e8e9b1e607774f5c7c35af7d8bd6c80326fe3c6e2e05089f04485eedde8be8c7b71a7b49e407289f361361d86802c0463c5b6b296f2a4 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\fr.pak
| MD5 | 8e21cec6cb5732fd2baa28f3e572ef7d |
| SHA1 | 778228dee97f5475b9982375740d6f90e8e5fe0c |
| SHA256 | cd21cae54eb6cb115771d1afe14d17822e13332759f8710d6386a6e4277c11c8 |
| SHA512 | 07726afa312f6104e3d92c6be13fc4b0e728a4a21f643c9552a961784063d3c8a9c52e5649ffaa9fd6a083dc5de37316e0d2cc10cd1a6fbeb83789c385ae990b |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\fil.pak
| MD5 | 2e6a6728bd5a09339ac01a38bf686310 |
| SHA1 | 619e27f30c99eff8f2df3ba2287c6f7fe0b5b063 |
| SHA256 | e8f03c2e9c88adb04648ef93f9ea3cff87641638ac97c9a6752b751e7f7a8a20 |
| SHA512 | 0452ac74eafcf971265de92041659c006b5e559919b895b41795bb1307ee7c302e873440b006485b7cffcdab0f6b908a119683fab40a664d5bf3591239427c00 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\fa.pak
| MD5 | 87a2305436bad7556fe7abb68767802a |
| SHA1 | 0edad3677b0872321a1f8f3d391c17ab373aba17 |
| SHA256 | 9068dc6c71fd8bbc1a4f3b2009689472d1fd2c096b7e8afb3e089a46b98d8b38 |
| SHA512 | 6c32b1c83e03b553843faabb5a9c1b63c769b13de60841d2bc81f2c9514b30ebf16551acf33262ef8abaa4a5aa3955600a35a045b0fd446964109c58a2734969 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\et.pak
| MD5 | ccd361017778964de23bf1d741cb888a |
| SHA1 | 5b0305538762987901b7a8332635f3d7996c09dd |
| SHA256 | 41883af1e49cc180fb48e02659e75b0169d974d77373cf7bb2a4ea02dd654e26 |
| SHA512 | a9d7c99c07229d382e8ba7cc3199bc66fc39df5fd9b58e6a76e423b865f8c05f53398125a17a20c27462b2db595f3d778b4d94b1853121d8447b771f9284e5c5 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\es-419.pak
| MD5 | c753cb5296cc411ae72964735ce0de78 |
| SHA1 | 4151545bc2cb9fe4330f3b238aeb28e9ff0dbd6c |
| SHA256 | 5fcf21564ceec93eb64d2002de165a55c1875859975e0bf9035cbe96f258b50d |
| SHA512 | 5688e1f406125f939840e8308d950a741a02ef24a006fd3619f3e943595630ce32010b51bb7a37768f1c595f4c77b104bb7483ca24ff599eb04434974d894c1d |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\en-US.pak
| MD5 | 06d28839ea0b3aab4597ba8646a53a96 |
| SHA1 | 9c6a74aae8c783546d613c6f38cbfc8f5e3736f1 |
| SHA256 | 69c1a2e1b30d83612decf1a8dd7b124a04f58e9f2465876726f02f7f7d5eb54a |
| SHA512 | a432542dc98795ce0ea6fa4a6bbcbae8ba126f1fda025a9ad6ff3fa67eee85dcf7afc6678f5100bb1543c4d00ac75043ea92e64b65c9ef6bd946ce3dc4d5ae71 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\en-GB.pak
| MD5 | a32f3f357725ff256be9026398a1cd06 |
| SHA1 | cf492e3e5c18e9e8c8cdd6b964e987541cc46505 |
| SHA256 | 914b7bec10c1e8c2a9e461edaa498b2b344aadc130a30321d4116ce0c4c99ad3 |
| SHA512 | a96b2b00ad6883c205224770bc2cfcc93a5cf29b41bc8169117771f36264a8a89ad4e5bddc0c50f85c0979f3355188ba86c915f0b3b1013b3ecac9383fa8b192 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\el.pak
| MD5 | 7f92f844b9d8bef68dadbdb85a084bd6 |
| SHA1 | 96c508fc2b624fe9c2945e2d673a645fe39ad3f2 |
| SHA256 | 87f0a26d73fea2ebb5017a95e937e08d7c347baecbe93514c1b866c1e28dea32 |
| SHA512 | d47eb475f9ca60bc1e7ec33fe2e2a395bb8ef3f109bc4b769fc2e03e2ddc04bb3391b10f1b382b7497555e36ef02fca31cd47f67c03de43d275bbddc3bd8e7ac |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\da.pak
| MD5 | ba54e3345d61d5cf431db6a0d649f792 |
| SHA1 | 32b2edc19df7e14e6567e0faf671c038f78a65da |
| SHA256 | dab543bcc1a8abf057f720f9f448e45ca5cfd1c424826bce8933174bb2eccad7 |
| SHA512 | 5f858c4c876e1d15d4929464b7d9bc2cc497eea93d887c3cf0cc1c651a0f5a81d75f04f7a0b4277dc43bd9deb148d147d35fa1aa2dd218d404fa2c8c389ecb5d |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ca.pak
| MD5 | 2cddd012546caf0aed6775cdf5cfdee9 |
| SHA1 | cacce951770feefd1bcf89de5be97bb39606e7ee |
| SHA256 | 02d60b97f70c31f5c5003108321fc3ac3c79bf39a36392c3adaf7735b9cc1c1d |
| SHA512 | b75d9b2946b11b9fc7430c5773835422aae6e716504d7841c1b08413ec18d454d9d6faa5ed63e19c59ab2e1ee919822283fd7e21a97f54482685d541e4dd2519 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\bg.pak
| MD5 | 080cffa1d4032b7d4bfa217aa00c4f47 |
| SHA1 | 525cf2baf62ec4c90e3a1d89cce37c9f433c61e1 |
| SHA256 | 3fd27d562e32f1a052e924b6c468486acf0b2af42dd1ad2270e83d115d4b3f65 |
| SHA512 | 9470ea433a7c08331ff26df00170c81309e72145e6f32c16e7c2c1e53c54b3974b991ea128e636138f8212e276a2fdf94c344d9ab7fcee35ec231543e08196b0 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\ar.pak
| MD5 | 7294148ba219909a4909613381ea45ac |
| SHA1 | a8a70e589760b5eaeae1a95fe51723cce48fca87 |
| SHA256 | acc1b352ea206c25afe88a614346b468f4f78bf23f886883a38dae905d121dc0 |
| SHA512 | cabf320e827067ef8efb7c021ff098430054d125fb50540c06d12167c7d1c6d08449e6a1b33fa4a092ce6c81a600415711005e100b1b756a199e05ca18dbf3b7 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\7z-out\locales\am.pak
| MD5 | 4cb4b30911e9fbfe6c1de688cca821ab |
| SHA1 | 58cc2d8e954b5c74a902f13c522d1f6836769623 |
| SHA256 | 685ecdff01d4ae92be1d900ef00fd8632616bc41f18a56e682528f312d4a5167 |
| SHA512 | 6629af841c52463c46dbeb03e3b4b1cad550c2db790c75365d63512e039b3369cdd9f18316e9c50dcf3aa77aa4d2becb6a87570f3b538b456af3041d60393434 |
C:\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\package.7z
| MD5 | 8eb164b91493b13cd9154ca02591232c |
| SHA1 | 8382caa47741910023926fe6d1639ca5d7393945 |
| SHA256 | c42bccbc74c3c055611c79801a32b4314513d03bce4ed62b0f44d580cb755b8a |
| SHA512 | 39165dc737dbc84506427f7bafe3336e9b3ae95426d0ca16751624727ab9f77ed667a5ba79c0b9c2b7b2b62fd2aae9af3cdf4578046e2e364800e03a6ca67825 |
\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | f211ca1599838f38d172d69d3008ddac |
| SHA1 | 77e21544e3a96ffb19c79e324e69fecf9dc59822 |
| SHA256 | f4f46dfba33d234f97deafe9fba2ad3c6ea414605517b5985f4ad8fc72e5667b |
| SHA512 | be3175e709dae1060216796e027b2c82764e930a745dce9308cd184f0e6075d371042388f8fe139f88f257cb9a125fdc112f82e8ded9957fbee8497a2aaee7ce |
\Users\Admin\AppData\Local\Temp\nsi2BA3.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | f58018dc4258e2526e59b959111a3003 |
| SHA1 | 835c24f77efc737cb368ee42a3205a4bbd132aa5 |
| SHA256 | b4fbe8be631992f1c03a4c557a04af4e0b5b70050b2260b13f17a3eda95a4eef |
| SHA512 | 58b968a4d57a0f5cb97572ea277482a26fcd3ae321e80d98b122dde9bdc7387e19e1873c23fb958dc81b9cd70e9969e6f06c21e37d8b7da3cf85872817f38932 |
\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 91c69ad6f7e5ef7ec60ed00da5f741da |
| SHA1 | c69e6da56b4895e78ce51ff697930840b7088676 |
| SHA256 | d6a98d5bcf70ed57d72f8c92cfa4dca009b2a62aaadd43047ceb594cfa2ee3ff |
| SHA512 | fdb20f4ee74fb8f144b2d85f6d1cf9d91e1da1341c72deff5912c87a682ea410506820a28dba3a32b2c7e6de1b148dd7ead502e7c49962c7ee1008b0c4d70f3f |
memory/2332-640-0x0000000004290000-0x0000000004292000-memory.dmp
\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 5ce494838c08434c667378cea94a5c95 |
| SHA1 | 2369f5ece173666f00e4f8fd37867779654b6cea |
| SHA256 | d8d8410de6572ab1fe8274976a5e433cca57ae7a05938ca07804d2bda18188f3 |
| SHA512 | bab875cd15299c685fafd144523227e17efef156cc39e759846fc976dbc4d558506dd58223c79b11eaf98c2b1f011ef20847cfd27b627cadfff1b30b314a6776 |
\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 955acac2b2b8813def06617f6ab72fcf |
| SHA1 | a771e3bfe199592942807ba59c54482204a95571 |
| SHA256 | 5458a332479a123cbd8e66c618a4b28aff377061fb13d73e554840504fb5d536 |
| SHA512 | 9ddc9b762e192051de5562619fed83b4e16efe9f880ca269e86388cda1d93061fbba6292a340d555595ce322f3b11df76e2d5d96569f3794c542a53cfd9a87b6 |
\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | d91815c86f526fb17ceecf473dc2799c |
| SHA1 | 0529e7b4722ac7df1aff44798aae4c6438fcc1fe |
| SHA256 | 09b20b23b12bd64203f3740ad178e88839fac331df0be7ec0c6dcd9a6b152914 |
| SHA512 | a7e77a832ec76d3baa3ccf81c5fb7e63647fd14ae1dc3a8dd773a050393937506f78f6a04720b15df654c1fcd6bff4a12ea5ba69cdf372f427de100c931267bf |
\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 14b38de510cd67d2a2fbf80795109973 |
| SHA1 | f359dea30dc2cdcc883d9ccab2537998b93e3967 |
| SHA256 | 278f2ba82a73cb6f8382509fdad9486e5eac52460c9c20212398dc4aa5d8d545 |
| SHA512 | f36f39677e7a62d77e7fa55a912ee960bd2fce80a75cf2effd227cbef40313d8c5d38bafb74b0107a321e0860aa02c711a3e79d47577248da7b9397a8d49e312 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | a6189aea9c8e877801a4a7ad98e1b1cb |
| SHA1 | d4649162eec2c4a0fdf724e65be4cf9bccc461f2 |
| SHA256 | 909178df3d272eff5a07d5acf379bea859531d883113f8101627d3b9239332d5 |
| SHA512 | 2f7c069123aabccb373cbc4af86222a8465f2517131d4d12adf76cb705e0f5ca09b414662432f83d782716848931a5f8feaca0558c9b43cca3ab112f99b10da1 |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | 7aafbbdf98aae535e224cda6a9d3e848 |
| SHA1 | c4c6e8b58392c06418020c2a10fc7c9a4f1cdf1e |
| SHA256 | a43c70a3d7e0c540aee75291d0e7e4d8aecbdde4902402941eb17bb2e1283a81 |
| SHA512 | 4097d5e4d7185fecfd7982663174ba25bb2e0d149d6a25c555f62020a523d525b263cbf760aa15e8ed3a2a20fccd14c6fe1898a7c16d190ae048c43c0bff46df |
\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | bdc12dffa70081077c165af01d412f49 |
| SHA1 | efcecaed02d43dc9d73940c7b0fb21db824a8956 |
| SHA256 | 5bb494b93304d16e83945b2aaa3cc3a3943e72ef87ff008ce7ee7a1570448156 |
| SHA512 | c6316bbc9691ea15356849f3f6f4e77a020c58f19c94fe709a4edd24ee23f59c42291112adcd697a4cc45b73496c19fc34eb0801c3de279e3588c88ca4048486 |
\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | 7df444b21c1f857f719aada1d5a2c602 |
| SHA1 | 5d88049f2b4f651078c44ddc3847734e924c715b |
| SHA256 | 261c6258dbd8406afdf6cad5f24a8c82eb8a02ee74edca98745f78d9e6d5eedb |
| SHA512 | fc3c66c92868f2f5e78e8adbbedfe091a45f23cbbbfe58875a68e82a8a81f7db39509668e79559c9071c0137048bb96517bd69da787f184d313f1a2fad928147 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | dc3664af435a88d60134bac5834f6bf7 |
| SHA1 | 335b6199fab733b704141d990738e6dcecdb6cf2 |
| SHA256 | f466522b2779db5281bdb6813898c4b44d3eaea30f19c128474ce152147a5990 |
| SHA512 | ca9f1bdd419b0bc0b3f46809fc8b7ba6524c7ca2fb3ba0fdf3dda513cfd9c956404ad6c39da0255902b340d96f5eb25bfd7278fe18ede03dc66e8ba5458dd172 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:21
Platform
win10v2004-20240226-es
Max time kernel
560s
Max time network
565s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lunar Client = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\launcher\\Lunar Client.exe\" --hidden" | C:\Windows\system32\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\lunarclient\shell\open\command | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\lunarclient\shell | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\lunarclient\shell\open | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\lunarclient\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\launcher\\Lunar Client.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\discord-562286213059444737 | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\discord-562286213059444737\ = "URL:discord-562286213059444737" | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\discord-562286213059444737\shell | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\discord-562286213059444737\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\launcher\\Lunar Client.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\lunarclient | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\discord-562286213059444737\URL Protocol | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\lunarclient\ = "URL:lunarclient" | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\discord-562286213059444737\shell\open\command | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\discord-562286213059444737\shell\open | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\lunarclient\URL Protocol | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client v3.2.3.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Lunar Client.exe" | %SYSTEMROOT%\System32\find.exe "Lunar Client.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Lunar Client.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Lunar Client.exe"
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "chcp"
C:\Windows\system32\chcp.com
chcp
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\launcher /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\launcher\Crashpad --url=https://f.a.k/e --annotation=_productName=launcher --annotation=_version=3.2.3 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=25.9.8 --initial-client-data=0x528,0x534,0x52c,0x4bc,0x524,0x7ff7124dd208,0x7ff7124dd218,0x7ff7124dd228
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1888 --field-trial-handle=1892,i,12878973808672826546,17325347917463302220,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\launcher" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=1932 --field-trial-handle=1892,i,12878973808672826546,17325347917463302220,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Lunar Client"
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\launcher" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.moonsworth.client --app-path="C:\Users\Admin\AppData\Local\Programs\launcher\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2512 --field-trial-handle=1892,i,12878973808672826546,17325347917463302220,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\launcher" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.moonsworth.client --app-path="C:\Users\Admin\AppData\Local\Programs\launcher\resources\app.asar" --no-sandbox --no-zygote --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2584 --field-trial-handle=1892,i,12878973808672826546,17325347917463302220,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\launcher" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.moonsworth.client --app-path="C:\Users\Admin\AppData\Local\Programs\launcher\resources\app.asar" --no-sandbox --no-zygote --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1892,i,12878973808672826546,17325347917463302220,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\launcher" --standard-schemes --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --service-worker-schemes --streaming-schemes --app-user-model-id=com.moonsworth.client --app-path="C:\Users\Admin\AppData\Local\Programs\launcher\resources\app.asar" --no-sandbox --no-zygote --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2868 --field-trial-handle=1892,i,12878973808672826546,17325347917463302220,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Lunar Client" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe\" --hidden" /f
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
"C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\launcher" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4004 --field-trial-handle=1892,i,12878973808672826546,17325347917463302220,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | launcherupdates.lunarclientcdn.com | udp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 8.8.8.8:53 | 96.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.lunarclientprod.com | udp |
| US | 8.8.8.8:53 | analytics.lunarclientprod.com | udp |
| US | 3.132.241.35:443 | analytics.lunarclientprod.com | tcp |
| US | 104.18.28.130:443 | api.lunarclientprod.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | r1---sn-4g5edn6r.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5edn6r.gvt1.com | udp |
| DE | 74.125.153.198:443 | r1---sn-4g5edn6r.gvt1.com | udp |
| DE | 74.125.153.198:443 | r1---sn-4g5edn6r.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | launcherupdates.lunarclientcdn.com | udp |
| US | 8.8.8.8:53 | launcherupdates.lunarclientcdn.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 130.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.241.132.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| GB | 216.58.212.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| DE | 74.125.153.198:443 | r1---sn-4g5edn6r.gvt1.com | udp |
| DE | 74.125.153.198:443 | r1---sn-4g5edn6r.gvt1.com | tcp |
| US | 104.18.28.130:443 | api.lunarclientprod.com | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.153.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.28.18.104.in-addr.arpa | udp |
| US | 104.18.28.130:443 | api.lunarclientprod.com | tcp |
| US | 104.18.28.130:443 | api.lunarclientprod.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 104.18.30.194:443 | tcp | |
| US | 104.18.30.194:443 | tcp | |
| US | 104.18.30.194:443 | tcp | |
| US | 104.18.30.194:443 | tcp | |
| US | 104.18.30.194:443 | tcp | |
| US | 8.8.8.8:53 | lunarclient.com | udp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 8.8.8.8:53 | 194.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.13.18.104.in-addr.arpa | udp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 8.8.8.8:53 | lunarclient.com | udp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 138.91.171.81:80 | tcp | |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 8.8.8.8:53 | analytics.lunarclientprod.com | udp |
| US | 18.224.222.0:443 | analytics.lunarclientprod.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.30.194:443 | udp | |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
| US | 104.18.29.96:443 | launcherupdates.lunarclientcdn.com | udp |
| US | 18.224.222.0:443 | analytics.lunarclientprod.com | tcp |
| US | 18.224.222.0:443 | analytics.lunarclientprod.com | tcp |
| US | 8.8.8.8:53 | 0.222.224.18.in-addr.arpa | udp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 104.18.28.96:443 | launcherupdates.lunarclientcdn.com | tcp |
| US | 18.224.222.0:443 | analytics.lunarclientprod.com | tcp |
| US | 104.18.13.46:80 | lunarclient.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\INetC.dll
| MD5 | 38caa11a462b16538e0a3daeb2fc0eaf |
| SHA1 | c22a190b83f4b6dc0d6a44b98eac1a89a78de55c |
| SHA256 | ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a |
| SHA512 | 777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Programs\launcher\chrome_100_percent.pak
| MD5 | 443c58245eeb233d319abf7150b99c31 |
| SHA1 | f889ce6302bd8cfbb68ee9a6d8252e58b63e492d |
| SHA256 | 99ca6947d97df212e45782bbd5d97bfb42112872e1c42bab4209ceedf66dc760 |
| SHA512 | 081f3ee4a5e40fdc8bb6f16f2cfd47edde2bd8f3b5349775526092a770b090c05308d4289ecdda3d541cf7f0579ac64b529930fd128edad9b0991dfa00b0e9bc |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\chrome_200_percent.pak
| MD5 | 81b5b74fe16c7c81870f539d5c263397 |
| SHA1 | 27526cc2b68a6d2b539bd75317a20c9c5e43c889 |
| SHA256 | cb4fd141a5c4d188a3ecb203e9d41a3afca648724160e212289adcac666fbff4 |
| SHA512 | b2670e2dfa495ccc7874c21d0413cfbebfd4a2f14fc0217e823ec6a16ac1181f8e06bfe7c2d32543167bc3a2e929c7f0af1a5f90182e95913ba2292fa7cadb80 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\d3dcompiler_47.dll
| MD5 | 9a73bc8379dff2d0f5fa8761b08e260d |
| SHA1 | ec12e94857b92e70f1a843236148baf59afefaf9 |
| SHA256 | 0f0a44dbae618df6c5795cd1a0f7e7dba1b7ad95c95de0ab486454529b2a8587 |
| SHA512 | 37bea6a2ca2596953ecef763994f0cdae184dbc4f14dc7df2f41e751ed23ee14deea18fb5251ef74c12a29aee0d43b7a3d7abb1d96f4fce460e67760c6b2a687 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\ffmpeg.dll
| MD5 | d5e1f1e9d0ccfe7f21b5c3750b202b4d |
| SHA1 | 74144ac93c0c58a9b9288bce5d06814c9a1b1dc2 |
| SHA256 | e1ab367644f72ebcdc8eb3fcfe829ff51719559ac2a43a1600e712b16871ad65 |
| SHA512 | dcf70d43f1a83c424be99c38e33e520c72115c3d30945980e5e394d460462251bde309e543213b2b08dcbe9769d11d46792e1cc99aa42777fcc34d6f3361a3d2 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\icudtl.dat
| MD5 | c3b72038e928c7cfc39e78b99f6c6889 |
| SHA1 | da7d9d0fcc9c5c75b6ef10ee675a10464e5b6f38 |
| SHA256 | dc714e1450db928b023e7caa09979c00662987674e12d62e711dc2cadfd19e85 |
| SHA512 | 676be1f1757b9b3cdf75881a2778c00d31f7e2622f5877f162f6d310858d0ab951a865ead25c0d7e95a26db058b8ae67b89761a4449a6e4c7c741130fd305d1b |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\libEGL.dll
| MD5 | dd78b86b3c92d61c37b44ef5b157cfe0 |
| SHA1 | 4dcf9ebc3ff5ca552c0e83469b921153b29aea1f |
| SHA256 | e142752e073c0051a0beb963981af70263ed673959515545521a7941d3230838 |
| SHA512 | 9d071568dc56db2ab93d034d07a11a477aab8ac50d9ea3c4db3ac4866fcd3c2f3002ba7a3f2c55589a9d68463181fc7a03327dc164310d7e80e30cc6f6bf2423 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\libGLESv2.dll
| MD5 | 22778040aeb14a3df88a3e9b3b74cf4f |
| SHA1 | cb601f6af265dc02169aef259f2585437093f4fa |
| SHA256 | 6abc57b1a95fc4160f567acf7ad0a0512d37785cabbba474ef4ceb68f684a484 |
| SHA512 | 81d2dbbbadcb6aea3c509119d6550688d024c907c9b6313e48bac664db95a7b3f9d85ad3bc2188e2802f0db57663ec4c68f7c55329a503f5f92594bb1dbc313d |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\LICENSES.chromium.html
| MD5 | 0e3e4362f785aff0b9e1852b1064c0f1 |
| SHA1 | a42ccb51e72bdcb5bb905a62efaa28857def3a17 |
| SHA256 | bd3ee49a5ab19d15ddc44b421b0bdefce587790786989ae77cf3ddf1e6a2ba8d |
| SHA512 | 193b57efc5f5971fbd9e4ea1a80b34aadcc2a814ff49c4c06afe972bf327e98ff0498217a8bdef984b10fdec6e7858a6fb88c0b14936e0c6b404387a426b87f2 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\Lunar Client.exe
| MD5 | eb81982733502bcd7b825c1c19188310 |
| SHA1 | b7958dd5fe2f788299b39a4a34895191f75951ab |
| SHA256 | 26bff976324030205c1553eaed083e8b46aee11a18c563e98646a4045642b739 |
| SHA512 | 45b64e945460329fd1bfae61a590bc95db2b38fd9e96b513df7bc1606d3cdd02c9bf76e4aa2c7ad338cd7e271611e36174d3f0a7b7dfa52dce79382b2ffbee90 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\resources.pak
| MD5 | 043dbe3eaf0bde424185a3843e321f83 |
| SHA1 | 580ac5fde14e6d177d6f45d2e40d435cc7edc8d0 |
| SHA256 | 0c967cb604d5066f1ab609e81895c1271475a2e1b4b3d5930eea720fc218781b |
| SHA512 | 44814aaec681922594528d0ed1a4d2e935045220d09e065647b53455931eaeb3b737c87032b611d7ead621379ae653a9c5d6d87c828c1961c54129124234ebc3 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\snapshot_blob.bin
| MD5 | 3a4095538e021b84396b3ce25affafc3 |
| SHA1 | cfc20771227b3c1f3197ff6a91cee68555afb247 |
| SHA256 | c1c9145735032bff20b2fff50a4b92ae9cf47290f433e3f3b32e3b232d610c59 |
| SHA512 | 7b71083180f237f5f37cbe7a9755f6606708b959986562f9c5880cccea17b80a5187649fc0cb6965a8b40526bcb2cb6d980d364be528465290658b4d9084348e |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\vk_swiftshader.dll
| MD5 | 47981d73a37f80d0f60f0a0763b06744 |
| SHA1 | bc67ffbde9fec275efa613aa59cccf8cd30b8200 |
| SHA256 | 9e7f4612312e285aa6d231c36aebedb9f0fcc19f0fe83a6a8fe9e04226a6248d |
| SHA512 | 805ae48817a9237a27649048253d5accf1695d7d682eb57d92009bad17b97a9a67e192b52dba9b452d47574181063e184e58465d2a5f551239dfaf2a87b9132c |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\v8_context_snapshot.bin
| MD5 | 5db8a5bb87c7999343f30128979057a1 |
| SHA1 | c4177c2fe973a495db59b6228ac26264eec46a4d |
| SHA256 | 5b1f69f39f3d5865dce13ee3bdbc1af2938f5cc4c056dc9f9e213e9af346ad4b |
| SHA512 | da2d516251376952729a33de2cd23764290d400fafc49642f2ccd799e3f989cce4d5561a76d380a950b77b53b50148dec9089c30de6c3dc38666237e196e569b |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\vulkan-1.dll
| MD5 | d562628f9df56ae61770ffdef79c8d05 |
| SHA1 | 2423105a960fe0ceb038ca36d6a37638ebd32b6f |
| SHA256 | 5789ca1822f3a5a67cd2c24e6ff0307e688b76a2e99831050bdcf8b8d155956d |
| SHA512 | 739f9f41d8e3e48dbd20bfecfc5679f38e59b3fc8cb406a77c384fd5146f19efafa1e4f23f15071dbeaa1d0dc71e125966e19fb757fc39e6abe953159669c096 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\af.pak
| MD5 | b293cc5ea7db02649bd7d386b8fa0624 |
| SHA1 | 32169b9d009b7a0fb7ecdaf650c989e956291772 |
| SHA256 | 7bb75adef02d28819f1bd3b42fa46ed56d6dfbeae072341997b09b8c1f52d8dc |
| SHA512 | 496bc72e7b798d02e453eb96d20566b91405bab774521527ef882c1fcb58f25e2d0718013ddc0d23f7fad883f4cde93b57c6caaeba8cd18a09665c9f6245f557 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\de.pak
| MD5 | 46a45fb8e7880802e1624df86d254973 |
| SHA1 | 13778b3bf0101c3894fcb228080c25ebd47dc046 |
| SHA256 | 6283ec48cddd08c387a36ec71fff87c2ab0ef27449e8971eba2d76a6136b1708 |
| SHA512 | ffa8ebaebb3f057440176f123442b13b6f96842b9688efe6633c0014f0dcde982e667b0f2dc84a1f6450e310a8e05a13e35ddc24b1de8d25ba5a711d8b07d357 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\en-US.pak
| MD5 | 06d28839ea0b3aab4597ba8646a53a96 |
| SHA1 | 9c6a74aae8c783546d613c6f38cbfc8f5e3736f1 |
| SHA256 | 69c1a2e1b30d83612decf1a8dd7b124a04f58e9f2465876726f02f7f7d5eb54a |
| SHA512 | a432542dc98795ce0ea6fa4a6bbcbae8ba126f1fda025a9ad6ff3fa67eee85dcf7afc6678f5100bb1543c4d00ac75043ea92e64b65c9ef6bd946ce3dc4d5ae71 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\en-GB.pak
| MD5 | a32f3f357725ff256be9026398a1cd06 |
| SHA1 | cf492e3e5c18e9e8c8cdd6b964e987541cc46505 |
| SHA256 | 914b7bec10c1e8c2a9e461edaa498b2b344aadc130a30321d4116ce0c4c99ad3 |
| SHA512 | a96b2b00ad6883c205224770bc2cfcc93a5cf29b41bc8169117771f36264a8a89ad4e5bddc0c50f85c0979f3355188ba86c915f0b3b1013b3ecac9383fa8b192 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\el.pak
| MD5 | f7a841e8654896437d4b456480b46d3c |
| SHA1 | 484ff872e3270ccee8dc6c4d33ca2534d17635b7 |
| SHA256 | 3a75013b87347d54b168f54890317a81cb0eb72330d62f5010b1a6fc987cba58 |
| SHA512 | 70c6f83dc3c21ab9d158b8fac840b51d20f491ccf9989fff66705b75fe27035cbcd0f96061a9f5802d52cc1d6a2500eeeb17cf5206776b68bceb5afbcca2ee74 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\da.pak
| MD5 | ba54e3345d61d5cf431db6a0d649f792 |
| SHA1 | 32b2edc19df7e14e6567e0faf671c038f78a65da |
| SHA256 | dab543bcc1a8abf057f720f9f448e45ca5cfd1c424826bce8933174bb2eccad7 |
| SHA512 | 5f858c4c876e1d15d4929464b7d9bc2cc497eea93d887c3cf0cc1c651a0f5a81d75f04f7a0b4277dc43bd9deb148d147d35fa1aa2dd218d404fa2c8c389ecb5d |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\cs.pak
| MD5 | 6d43974c98037eecee8691520de4d63e |
| SHA1 | e15672b3ab22a059b976d245ea3f59d35c3387d1 |
| SHA256 | c1020222b90558a6a8a07f24756b183594641ef77562d35e7899e1489d0ebd8e |
| SHA512 | 64e76499d56c3e32cc013bd05e2d3eaf5618527b8035bd5a37f5018a1e6072cde4a06f7c66921b9b087e60ff686ed63b7321f0295a34451443797ffa8e5cea35 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ja.pak
| MD5 | fc6222f01f13457d2abb99186c27bf85 |
| SHA1 | ddd87d86deb6f5f2cba840d22461508027f7743a |
| SHA256 | 27a86b00e24aa51b0b24fd1c59ce766511fbb31959a9fe76fd228c570df11e10 |
| SHA512 | 0aedda28827f379e6087d3ddee6359a65365d44dc8947a886f2d159164ee64a3bd0461cd42bb3f491f4b348a60328fefa22461a282476647a6ab7ac6abc64a8b |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\it.pak
| MD5 | a3d9c76a4c54a76b6f68c9797126e15a |
| SHA1 | f1ea71738706c3bbdd4ca95b73dd700dd27d2bbd |
| SHA256 | c4f100e4339ac3adc29212bf8f7bd51d90ce8ed8ab16c1dca1040b809563c8d5 |
| SHA512 | dcd783596974af4e83415448b1d204e918a985859e2c3454688a7834fa1fe51b3df97d721a79679e1b2b7707044dd3f76b7461951a9bd532348d35353d49614c |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\id.pak
| MD5 | 3165f6541d6f63e76073cc21df23d02e |
| SHA1 | 033db776dd704eb2311174bc56db6de4d406993c |
| SHA256 | 750c31fb9c5ace80cfbe0ade9479935424cf507952bbc740b8d599e0149084a1 |
| SHA512 | 32906f6e09f4ab5567706ada41f653e36017efc41b093660242184392a4c4c90e8b2ca9d61c219a91cba6549f9de9223bf6a5e319bf8783b39d4c597553a9f2f |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\hu.pak
| MD5 | 3005b14668596576a68c6f4d5746cb07 |
| SHA1 | a44422c46718160092d6b4dc5ecaadcb156938b1 |
| SHA256 | 6cc0d0badf9acf04630ea90c49bdbedcf374cdf1d04c6e79291fd3448de031a5 |
| SHA512 | 004ad9e9e9183da8776a761f5cc5a5343b41af176eebcf8bd02f6b6a0d799e1d35f8963225b67c762db5347423dffd2eda21ec7975c72a9f5f2560ff74551370 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\hr.pak
| MD5 | 9eddf655e662ed3084032c85b09eaaa3 |
| SHA1 | 9f972ea2e93f51d0d026a71a351311dc3511cbd9 |
| SHA256 | 97df75d22eb09118fde85c0051af4a7bbaa466a52a673475e9119463f75554ba |
| SHA512 | b2e720d6511f361bcd86a1f14347cb9a0fe7966c773711ced814ae92fc9449f772f83d8dd56ee140181e80a47df1c080b0001902b34b739ddb1cd46a1af6f8f9 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\hi.pak
| MD5 | 28f55d43639b0075fcb7f77c66312a54 |
| SHA1 | 59c0a431398dd432297e195ad35ecf0530fc237c |
| SHA256 | 3275944fad03180b615fcfd953a1d2de7f14fc673ff5366e5de75977238c0796 |
| SHA512 | 10e1a9f1fe44624a13cb35dbc3b4080efc0e3197c86d9a843dd8ba9ae2c227017802fdc6040f036d058cfe9bcf448141e6a647f86879486b821b5e2419593476 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\he.pak
| MD5 | 4ff92f44200ed35043981c897190c2eb |
| SHA1 | 88e0e924d92916090031600b9877505ef10bf70c |
| SHA256 | dbb5520b1d325ec5067587e914ccd76da54c300baa9d5f8d65c0511a68d02804 |
| SHA512 | 34ede91fedf8ac44119fc3141f815009fe68257fd6ca193d259cb0e8619737f63c2845c27b8690e2284fbd66526e0c1e2279610a2451aa85aa393bd5e4e379dd |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\gu.pak
| MD5 | e16540284bcc8452d4700191954bbe0f |
| SHA1 | 5d3500dd9704e12166347a3bfcfc07f6a0883a46 |
| SHA256 | 88858e1d3e5429f6f2a643512dab9850a66f2ca3635cebf8eef0a791963d901b |
| SHA512 | 1a541ab530734b6084f95486df77ee33d74d69d64219dc1c2be0ac0bc2a2618645e95d32d15c244342dcfa30f6f797e7ee2f2cfc46d5657442686c590d0734ca |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\fr.pak
| MD5 | 8e21cec6cb5732fd2baa28f3e572ef7d |
| SHA1 | 778228dee97f5475b9982375740d6f90e8e5fe0c |
| SHA256 | cd21cae54eb6cb115771d1afe14d17822e13332759f8710d6386a6e4277c11c8 |
| SHA512 | 07726afa312f6104e3d92c6be13fc4b0e728a4a21f643c9552a961784063d3c8a9c52e5649ffaa9fd6a083dc5de37316e0d2cc10cd1a6fbeb83789c385ae990b |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\fil.pak
| MD5 | 2e6a6728bd5a09339ac01a38bf686310 |
| SHA1 | 619e27f30c99eff8f2df3ba2287c6f7fe0b5b063 |
| SHA256 | e8f03c2e9c88adb04648ef93f9ea3cff87641638ac97c9a6752b751e7f7a8a20 |
| SHA512 | 0452ac74eafcf971265de92041659c006b5e559919b895b41795bb1307ee7c302e873440b006485b7cffcdab0f6b908a119683fab40a664d5bf3591239427c00 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\fi.pak
| MD5 | f87a1ccbcf3db6988e95e94333bc5a4f |
| SHA1 | e85f8446eb74d8bd4318354ec98135c17afe3248 |
| SHA256 | 052a72c9d6f2bb55f02fb1c5c4c68525a32b8cc9120c270d07d7b813d604f7dc |
| SHA512 | c4a7ee0552b343010fce8ceeef70620acf672c9ab56fc24ccfb88abdbad23aac4cee65c8b241c594b7ec92d0841087485aeda583d2e887cf4c823a10b2e7cd3c |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\fa.pak
| MD5 | 87a2305436bad7556fe7abb68767802a |
| SHA1 | 0edad3677b0872321a1f8f3d391c17ab373aba17 |
| SHA256 | 9068dc6c71fd8bbc1a4f3b2009689472d1fd2c096b7e8afb3e089a46b98d8b38 |
| SHA512 | 6c32b1c83e03b553843faabb5a9c1b63c769b13de60841d2bc81f2c9514b30ebf16551acf33262ef8abaa4a5aa3955600a35a045b0fd446964109c58a2734969 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\et.pak
| MD5 | ccd361017778964de23bf1d741cb888a |
| SHA1 | 5b0305538762987901b7a8332635f3d7996c09dd |
| SHA256 | 41883af1e49cc180fb48e02659e75b0169d974d77373cf7bb2a4ea02dd654e26 |
| SHA512 | a9d7c99c07229d382e8ba7cc3199bc66fc39df5fd9b58e6a76e423b865f8c05f53398125a17a20c27462b2db595f3d778b4d94b1853121d8447b771f9284e5c5 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\kn.pak
| MD5 | 74f0e9c7c670a981d3651e0d189dfc47 |
| SHA1 | a2fd3037311f36aaa348805d57172f9e9b0680c6 |
| SHA256 | 0c8e0b6a8398d7b9ab9cac634e4a7ce4453540358e79ac6e9c5633efb4182fe9 |
| SHA512 | 2c555439f7de3902b2b1a940cd43977558c4d9239c449105fc24777952af8de592ba86a7476567d190719c66d38f7a7982c9b94278c0594de1b427dc546f2d89 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\es.pak
| MD5 | c9e0b58f2d9e087b2e8e92d31be2a3e6 |
| SHA1 | 59a43b7021860db2d2a7fe8ced8fd1a4b0c8322c |
| SHA256 | 468e0143c978a948c62d4a3dc743099a4147d39773a6112b303692d0e335810e |
| SHA512 | 16160e6375fdde1ec2e17ba8622c9c953a46372143d0b09a33ee55852b2b9f037c1c16dd5bb6bd1f2454559dcb172c8317aa8b6c6b26d44e8da706eb16ec5f07 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\es-419.pak
| MD5 | c753cb5296cc411ae72964735ce0de78 |
| SHA1 | 4151545bc2cb9fe4330f3b238aeb28e9ff0dbd6c |
| SHA256 | 5fcf21564ceec93eb64d2002de165a55c1875859975e0bf9035cbe96f258b50d |
| SHA512 | 5688e1f406125f939840e8308d950a741a02ef24a006fd3619f3e943595630ce32010b51bb7a37768f1c595f4c77b104bb7483ca24ff599eb04434974d894c1d |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ca.pak
| MD5 | 2cddd012546caf0aed6775cdf5cfdee9 |
| SHA1 | cacce951770feefd1bcf89de5be97bb39606e7ee |
| SHA256 | 02d60b97f70c31f5c5003108321fc3ac3c79bf39a36392c3adaf7735b9cc1c1d |
| SHA512 | b75d9b2946b11b9fc7430c5773835422aae6e716504d7841c1b08413ec18d454d9d6faa5ed63e19c59ab2e1ee919822283fd7e21a97f54482685d541e4dd2519 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\bn.pak
| MD5 | bea57ab3921250ff4dadc9f42f8202d9 |
| SHA1 | ace7fc0579a946d32419e8c5ff9bc64d40e53364 |
| SHA256 | 2bb70dc94361267e755169dde430ea31aa21b4daf31b5eed78901b27bc596a2e |
| SHA512 | 164f5c081bf23def7378450dfaf4db1ceb49595351de5d933375d9b1b409f7bc2dc96c4f228a7f024b7ac891a27603ec174ee8b3a7937bf678d61fdcd3e4c7a8 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\bg.pak
| MD5 | 080cffa1d4032b7d4bfa217aa00c4f47 |
| SHA1 | 525cf2baf62ec4c90e3a1d89cce37c9f433c61e1 |
| SHA256 | 3fd27d562e32f1a052e924b6c468486acf0b2af42dd1ad2270e83d115d4b3f65 |
| SHA512 | 9470ea433a7c08331ff26df00170c81309e72145e6f32c16e7c2c1e53c54b3974b991ea128e636138f8212e276a2fdf94c344d9ab7fcee35ec231543e08196b0 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ar.pak
| MD5 | 7294148ba219909a4909613381ea45ac |
| SHA1 | a8a70e589760b5eaeae1a95fe51723cce48fca87 |
| SHA256 | acc1b352ea206c25afe88a614346b468f4f78bf23f886883a38dae905d121dc0 |
| SHA512 | cabf320e827067ef8efb7c021ff098430054d125fb50540c06d12167c7d1c6d08449e6a1b33fa4a092ce6c81a600415711005e100b1b756a199e05ca18dbf3b7 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\am.pak
| MD5 | 4cb4b30911e9fbfe6c1de688cca821ab |
| SHA1 | 58cc2d8e954b5c74a902f13c522d1f6836769623 |
| SHA256 | 685ecdff01d4ae92be1d900ef00fd8632616bc41f18a56e682528f312d4a5167 |
| SHA512 | 6629af841c52463c46dbeb03e3b4b1cad550c2db790c75365d63512e039b3369cdd9f18316e9c50dcf3aa77aa4d2becb6a87570f3b538b456af3041d60393434 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\mr.pak
| MD5 | 1675668911fd3063e092fe34579c210c |
| SHA1 | d1d09041778599002d07a89848ddd79cf5f4f4db |
| SHA256 | 436efbdbce605c23f855644a9ff1b04d9a3eca37de3b18de8c3e589930d54096 |
| SHA512 | 61c7aabb00700773bb55522e7ae9482d1d97ace936c9bbfeaef3215a976c411a51f41a2d5aa05f2b286b0d112b5616215b9fa3632eaee38b1ec090dfb29391b1 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ml.pak
| MD5 | fb1a6e31dfb4f4c78a50b4dbece0e1c1 |
| SHA1 | 367c506478380f8bab411747a906f8f8c60df30a |
| SHA256 | a7afb3ebfa8f4d2e35dfdd5554ff2702182e73dad0fd82f8b4207a61563ed134 |
| SHA512 | 18afb816e974c9f0d669af7cb6a5d8761e1c5af69317e6ea293559876549692baf1567657b356ba9d52ecdf4d117b7ee7fe003d1820286470d43af89321e3f6d |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\lv.pak
| MD5 | f8a5403bd91f231db58e77c9d4514e2f |
| SHA1 | 7d29e2d8459af6fc3082cec0d9638daf5275bf3d |
| SHA256 | dfb9b5ee446977dc0435cff4d66402d3a9426edb106effdbb7d86379527c5956 |
| SHA512 | f491cffdc5cc588f7ec70f87be84615aaf5b39e9c990cd9c835e65beb27f26334517abac1af7419f2b7b18f94c369037c8df4c1c8e26a5fed4288d477dc0874e |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\lt.pak
| MD5 | 06d8db8aab68c565af14bfe408ae4daf |
| SHA1 | 0898fd0ee4d7380b93b8fb3d4a1816eb810ea9a7 |
| SHA256 | ecb4ecbd96575f6f984f60e85ab1ebb0067e73174ff9912941ee1aaa28516d93 |
| SHA512 | 1ebc04cca7e3bf005f9befad5a81736fc572383a636c7237e4206e75b05befe49f967427f912c97758aa392f9cc2dcbdf07c471562cb4ccc90f7d8e951c3ab9f |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ko.pak
| MD5 | c90a42bb27bcbf1bd345dc998f9e410e |
| SHA1 | 66f8bb72db6b38e2d288959bcee3c43caefdc59a |
| SHA256 | 56100d20a59fe6cb333f57ffdef90157324ae1b90194e852478daa8c46d29de9 |
| SHA512 | b5912c895a6a3b391555efc10b15d45fe9a84473c8687327b7d2fa033711e437e2f160345daefd554374357e0afbaeda4a25f4f69ca74e498d7081062f299b46 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\nl.pak
| MD5 | 54817be286dbfd9de461f42304eb72cc |
| SHA1 | 79386881a11e6c7d49f2d117822c29d7631f3830 |
| SHA256 | 3c682e37df71cc036c2b5e91064407fed8091c0306a856121e28c19e7110e1e4 |
| SHA512 | d8f922b028b03c6379911308cf240d104b40a9c46f67a6ddbbfcd20110c287e8106376cd6e8295915d054e05b2a8a045b3ab8d98932c1be97b1f258525db1a68 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\nb.pak
| MD5 | 23ecce10db7753622fd7cd956aa55212 |
| SHA1 | 52affc68e91448d8aecf2396f02ede77d4ea664f |
| SHA256 | 29f38d3720c948fd261a2aea7d195e861a73a1313071bd2cbf1ebcbba77c63e6 |
| SHA512 | 553543bef496052995e33e2f3e8bd66ac845351cd292623479a303261900c393cec35af3e0ecd57db84197e6f7653ffa4eeaf4950647ae2d5304f961890deba1 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ms.pak
| MD5 | 2c4056d84b980267faadd69d52c17086 |
| SHA1 | 3b3c5fcf182d86a170c8f35c041bf3869a82b362 |
| SHA256 | 163eb7ba5f0c61acb6443709c24e38ca6370a33f89a12e13d0a57c258a87ca16 |
| SHA512 | 47285ab42b46cf7d6556eac2a8f7afb9a9c9abe8cb026fe847b2504e4dbddd481a98c1ea959c74e31f195ecdbb618a3d93df8f20b797411a8bf2b3856fc9b963 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\pt-BR.pak
| MD5 | 4f3f65f6639ae1905fa37b9b6ee2e4d4 |
| SHA1 | 07553f41c4f8f3d105eb92b65497c4976449a6b4 |
| SHA256 | b4e0a6064dcfe876c819ec4b00f9857b84ff52cd3e845bd0c48e31ad43a23db9 |
| SHA512 | 85cfcaed8fa2026c13735e7d4b6852bf794dd4a8ac078889d5ef46ec2ff7173ae443addcb0b0c711f6a31f80469fc1df5af1a78da6397d9df5e33cabb354fba2 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\pl.pak
| MD5 | 41cb68de75d011281c7936194ef8457f |
| SHA1 | 6bd3efbf5142769c6fbe8478185edf89f471716a |
| SHA256 | d52358b8fd70f1f18b3f8ecc4aa9c791591dbb698ef8d8670312e50f024db451 |
| SHA512 | ceb90fa9f723c3d8d522a401cb46545c72a2ddd1d04f091e9d7ca5212cedcc641c54cb8fe19595e9c823b2ed374757e5ba7d1813cd763bbd8d726b1e2ebe0407 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ro.pak
| MD5 | f03e21d5a49eac0ee0d5fe0cad7cf9f9 |
| SHA1 | 0d9b8e39ca9e71de59985df0aecb536315a529ee |
| SHA256 | 3c1330b47c142672441ce08322335935f69576ed45cd2c974e9b4455505e6726 |
| SHA512 | c72bb401db542148cad986f3fa72c92415cf536c93b5e348a23e53f9fbbfe4c0f9952fae385821e4156d44959c27c7f7a1f146c6e39e1b522eb5ff5ae17de974 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ta.pak
| MD5 | e2c6713486c2a6c70bc1fbf4e7e5bab6 |
| SHA1 | 78c34520f4a135705be3d9063ad0e4a67eeb12b8 |
| SHA256 | 3bb0698b7aa148b49a9f86ce5e14ebb9f49cfc2ffcf6c8a6d15e931046c5ce77 |
| SHA512 | 6f31cd7368e3f66c11250696c8a18844e60140999fee261032d858c63302dba107643417bb41af46f91a1aac4724aaf52d4cc7a75e8c5da304214fc85091211a |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ur.pak
| MD5 | 8c99ff03d754001ee3a997a2e45d1eef |
| SHA1 | 84be526c0e3424b16691d83a62ef3a974951e1c6 |
| SHA256 | 3c73346c82312cf24c57099ef9dda0a7c6bd54aaa7ed26f4e97e88bbecc747ae |
| SHA512 | dd92ae9c8b5bebc4d3477d76b033ae3aa2d1118c3bc4eda3d9c18f0aee18b1f1943ee0ac9abe1916b5a1cf5dc95e38f2044294fe5d8a90c65523dd323f87e690 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\zh-TW.pak
| MD5 | a2bfd0194f75ce03451751933112a7b1 |
| SHA1 | 35aa6dc18e45096e6acf1fda43f818e65721e2b1 |
| SHA256 | a3e50b34cd911d2f78072e4fada0c106ec70e7f8537a5c4ff24cc8413e2598cd |
| SHA512 | bb6bda348c407a227065ac07a1f6a946728baad7d1c1620635e023884812500a87b0d91eb20043c628748e18d284f1dddd0e222d192d1da7e22b64337a3731a5 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\zh-CN.pak
| MD5 | 539702354479016c53541def5b2f0812 |
| SHA1 | 25326af126d4a85a3ae590a763d51b0c6b5e1e47 |
| SHA256 | 0cdea64bb05adb46a31c375593291d74c98ae3c1d4316a73bebfd7be01a18d49 |
| SHA512 | e80ec8b88e46d159cbcd684ae0a69d84962ae2f6c7d80deb1c74627e2fee139a18ad20b74e91bd38546e68e68c8a3d22c73505cdde61b02c4eb0c7ed6f1b39d2 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\vi.pak
| MD5 | e1cc06b54a5da4611f9c6c0084dcb2ea |
| SHA1 | 3ce1e9fd2a677ae5489b81bdc4c7430460db659b |
| SHA256 | 22aec91931b82e5f6adcbeef17242ee28e5942d8be1a30b351755fa05bea770d |
| SHA512 | faf723417e1c9ec989e2f0215b649597ebb0a2eb293dde12467902a36bc93b1fa90ddc4fb11c2bba24b354b2b685cd73ae7d24565da12d318ae59d3ab6927514 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\uk.pak
| MD5 | 4fea939c095dde044c19ac55d173d052 |
| SHA1 | bcd269da03865358900d1ebccbb4f1a1bc588072 |
| SHA256 | 7a3c4c94e0a63a54bb5894545bd06479b36ff42162f0f4021eec0a6d61a4470a |
| SHA512 | 7017bcd9f78b8edf4a0ed321dbc7166353f9bf3406c1632ebe52666b56257b562e90a9bddb54c43cbfcb06d64b52bc47a8aa9ec0470d4ffaadc83538a419105e |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\tr.pak
| MD5 | 418dc1cdd7ccc10679523665e1626280 |
| SHA1 | d4407ba9bc55153963150e6e30f23cc5b2304e30 |
| SHA256 | 26fd3317bedd4080038d7a0003d73923fc0edd40283ef11b5ba80bb27f946c13 |
| SHA512 | 4a907bf14dc9cd8ecb2f17152ff5ea0a6dc37034c95ed31a445395bcb9ad6fc23d4117e81f94ac82d767869b0b828738eacd33b810df87dd41cc3ec2d5b92e94 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\th.pak
| MD5 | 2376dc182234c3f1188dc0d6e1840453 |
| SHA1 | 2dd35d89e79512e37b721fa697cb2e9e07a1d1cf |
| SHA256 | 610a440605110f1aa18b1134d116c66cd2050da53e0360924a3171d0850c27fc |
| SHA512 | 7c81fe0c2172ff49b6ad9236762fe81e0a786991ca6c6e3549bd66f9cba3c14d96f8560e01bf3681355d6155a0b1b9cb5fa0177137f71ba3d8a1fb6fded29e38 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\te.pak
| MD5 | 51356402af92c1912f185b6bc9aa9026 |
| SHA1 | 60ccd65d7ef35e5219f2bd1eced66e1ba984a8cb |
| SHA256 | 11df9eaa9216b091fab01f66fd77bcb17c0bea0db3ea7a803bdf5dc6c6e18322 |
| SHA512 | 8ddc7946a9445a832b4b3b254d24e12d66c42af8cf7dc13add4cd3a9ae50b83e5178830300c0b08aa145d55d79b868efa9d95a116623044d7df8eac1a6556632 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\sw.pak
| MD5 | bc771a0e8398e14653d9a4373a73496a |
| SHA1 | 6e844c7daa666640ac3093d5e51276886a0f5a66 |
| SHA256 | 7a5d056fd317b7b60a4fbf0df39dfdd21829f2245393a21e1ddccf1a4e3b61fe |
| SHA512 | 79b916c737bc44051e6b4c0a9afdfba26928536034c5a5149586594454855b7074f6f8fdaeb98f0b7bde5c3da36d66988f683de8961e13c9c82301676f942998 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\sv.pak
| MD5 | 094d69544816535e4d040ef0ce923100 |
| SHA1 | 5891cdc73bc4c112855d099ee112da0c3e9cea81 |
| SHA256 | 110112c2f7ff5d3c8599036669d156e96ec19e70515fbba3bbcb2043ab994680 |
| SHA512 | 023037077a3482a3bf2ac076b5c00922d7039bfc2098797275465138142fea0f97c1e003f77de71b9ab88f786b7401182618603610c51f634ad17a123faf5bd4 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\sr.pak
| MD5 | 4d1ee9487f4ddfdc4471366d3965293f |
| SHA1 | 4e53084fe0d4bf4f46ea980f7423787084152ff2 |
| SHA256 | b75a222db70c3f5734a75042718da599881d5e84cc52b332e9162f78b32f4819 |
| SHA512 | a44a448203cc9388d8df4c39be9db5436546fa17add0975c18ce01ea0a5cba142692660ce6efbf00699793ca98af8e392e41a07dcd9c183fe03414574389609c |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\sl.pak
| MD5 | 1b02b0834b8bbd12a77f7fff09e1d81a |
| SHA1 | 1898cfedde55aae307f7578b88cb0bcaf61e1d52 |
| SHA256 | b36e1fe2405cc4b9f34587e30da2feadaa6f03124769b02f79333adacaddb49b |
| SHA512 | b1006053ace6f8842e9436c94934b2e7d1b502e3df9ecd1fe59ab39ae35e69e8f0dcff8728aee2c35a3a1eb7a27f0146d6113b4de0632dbab20eb0a37942bc4c |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\sk.pak
| MD5 | b88ec1f7bbdcf1b6690f2698b3dff738 |
| SHA1 | c5975de1d66827087bbf8cf0f4b3bda816a723e1 |
| SHA256 | 04b179b5c3a5468f495a0620a2dbc6e312ebd76ba32b98d8cc7daafb46edc21e |
| SHA512 | ef30ac14b17b71f5659f33778d8c4b017127c3c5bfb593dca919a80320a66dcf5e0a3f228dcf62b05df5d4d6929eb5401ba9c369affe89cf541633bb743553f0 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\ru.pak
| MD5 | 6092ff0430736682e24595b37b3c018d |
| SHA1 | 9d2b9822556ab1f33861c45b2f7f4236b3ea5f05 |
| SHA256 | c5264fa2b485326e91d4df7a6e39122554ed632c0c17fa1f130205ed50e2d6b9 |
| SHA512 | fdd960f3295c280cc57915f7cabd7ffde0c0cdf4cf6b671748a6f5b8b39376141f2a552afce3e2a428ba18057fb9890da9b95fc6b8367dbda5430e1b205a08cf |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\locales\pt-PT.pak
| MD5 | 7074036013be3839e218ec7b15d49215 |
| SHA1 | 7711ae4e96efd4f4676a3c0281a92af56329deee |
| SHA256 | 342381f89058bedd809991a0b416f48642df3c71aea10bb13e13bc15eaaf46c8 |
| SHA512 | 8a1e9cefb8a64b3664d9496e2d2f76e2281b3c427fe24ecb70ee74f78778d94def66787a7e35ccde6037ec061e29a6ac7fd8b4010f77b13945780e1316bb16e0 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\resources\app-update.yml
| MD5 | 9fafe2931214f36d81e3632b0be80774 |
| SHA1 | cac08ef88b787dfea0acc0d18e559fd9180819ba |
| SHA256 | 9161bcc9763091ff3670ef98eff99d004c0f67f13b5dd94715c661fae274cf33 |
| SHA512 | a671cec02c8957864797cad7657b4d2165b40980410db0696cb6dbd05b9485f0491065f1249461fb7777d73cba601f8d1035c9c2718a52a56a217da859c03217 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\resources\elevate.exe
| MD5 | b33d236ff8fb7aca592b9e1e12c9da4c |
| SHA1 | df6e78e4127f7e3060547b8ad17b2d49362e2421 |
| SHA256 | e439b50cdf14e2e9fe147a0d819ab8e675151f60f91c5c356cccd42edf4b22aa |
| SHA512 | 07439e198fe7c8ba96f9983202c1a7ce3f4f84b7a77ee8b8001771f74da595e8d11b7ffc76a4ae690d43aad158a3441ba65a82568441753ff7e8b72086c19838 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\7z-out\resources\app.asar
| MD5 | a8d2703870f24a0b8216daa8d6096744 |
| SHA1 | b8cdce592a5f1bf4148f2ca69f51631edaba97c8 |
| SHA256 | 586d3d5b2dc649f980f3479e46472e7db3eeedfad013d31eb55816f92913107a |
| SHA512 | e4292747f3e7d6f47018b3e4fb24908f245cacb2b5702e5c2846d1b63232fd20e298a2274e66d409a5759fdb589c6d25723115d66aade9ccc42b656b85c85bd1 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\package.7z
| MD5 | 562ced702cf99147a7538ed54036e450 |
| SHA1 | 5f81a7fa82b986f1d7b46cf893cd4e63164de0f1 |
| SHA256 | c7651e73ed015da0040ab858667be6425787604fbfcae248ccbd5342d82976e2 |
| SHA512 | cd72bbea3b33297b7b1732f9a023aef21a368ed63308870e48a7ff4ea4fe7d9b8c400232915bc31653ed4459b7c7a35809b5fd80dea548126ecdbe536f6bdcc6 |
C:\Users\Admin\AppData\Local\Temp\nsg638D.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 426eed51a5b0745fa0c3aedcc9a3c437 |
| SHA1 | 69e84acf2ed6d0ca94672376468ad549bf6e7e43 |
| SHA256 | ba02672e9aa5b87d70d2bf8cb4c94e396910775160805d4960c256b3ea4ff85c |
| SHA512 | 8e0597ae7bd0ffd708f96df9b0907e162ba4fe8dfa6f09dc972fc01e5d10078c2ab1e9e50e0a9d32a3f0e8a32a3aa61cc13a4a75ea35b63dffb6cac9dff87a52 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 2b7d992485122b4afea9df68fc53dca3 |
| SHA1 | bda11d34f32df7cae70cec8e5884f6a2dbfa5396 |
| SHA256 | 7e4f1f0976c832f753c3412b6bd3cd9ee5762e8e71fd31957e3cbdf13ddb1b1c |
| SHA512 | acd15757fea6b859b2531b798e13ff32b16bba6578654401fe6f21474f5bcc23f205e869caf35193078b6c9a68f2e9466a606db17c1df582abb452a6f9d4d24f |
C:\Users\Admin\AppData\Local\Programs\launcher\icudtl.dat
| MD5 | b263f810e0b0316fa54a8d09eae25e80 |
| SHA1 | b48a8bb66d41d76d718b719e13a9c7bc785a258f |
| SHA256 | 99aa32311a582e116938dcc0973a6aaa50e148650d965a7029f33ec3896061fe |
| SHA512 | 054375c93e3981e9cdcf1110286740e410c6f2ab687ffa6d4aae82e4b9cfa61e11a253028943a0ebda6a595ce7f7be9bbc3dfe66cbb629bc92b04a1ba65235de |
C:\Users\Admin\AppData\Local\Programs\launcher\resources\app.asar
| MD5 | 922dbbda4e7c34da8479b0cf6b69e2dc |
| SHA1 | d5aeb022a42426a990f9542a332e4433d30cc1a2 |
| SHA256 | b033c8050207074b33f706f9f0b9dc780c3791dfac31e774850e15c4338c199d |
| SHA512 | 35b13335ab8a9c4cbf9bfefc5f615c9b49e67a1f33dea8c8bc28e95cb9b9771a98f6948525aa3273c14280718642683efa4bcf960b97f6338440b397a5143da7 |
C:\Users\Admin\AppData\Local\Temp\a2b0bcf8-8f6d-43d1-a7d0-daa5c1381466.tmp.node
| MD5 | 21b516d2f425d6a7e0a70ecca543028c |
| SHA1 | 732cbba5aecab1b52486817261ee2618843afff1 |
| SHA256 | 7031bf1b506c31245a6505722a4be79684bca41ea65b271b314d4466032530b9 |
| SHA512 | 2367692e74a2c2aba5cfd2b94504bf4e661c41431a06025010794b133a3d6d9cad38fbbf356ff32db228746a37034c69fde3e9efb8f13a11d8643f1aa88fc358 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | fb933c7b64f236e4f15e1091109726d0 |
| SHA1 | 4dafeac71c44ad94bb049d967b339faa4720ebf4 |
| SHA256 | d890a0fe815ae5a5df70383b4b613b54d516503b5c732bef037d1777c8e16645 |
| SHA512 | 9194502c15bcb93da544dd92be155997ea39509c36a7895079dab9d296a34d78a5ab57b4148e2be51b3c3bf033dd0ff46fe09706a8eab4c17c619cf34f19104d |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | a0c3425fa67cc5da3f1276eca5a1e9cb |
| SHA1 | 9ae3242a152325ffc1f3630ac0d0842aae90c06e |
| SHA256 | f142586d3864c6e6f958b89d4018517dce0937b9440bfd23b80ae3fd363f310a |
| SHA512 | e58099ea9949fbac677c5ca3c832e58969468f2418155c48c48f9c3de07b15d6c9e4f5bdf5a8126b05a3e22bb284faa9f11aef4976696a65692d56ea758c337b |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 15d6ddf978a6b5ec2b9dcac065ce7be8 |
| SHA1 | b3d2867cd6ffd1808a5117d84bd1a2365af0478a |
| SHA256 | a7b7f2886cbb7bdb258982c6e622ef4981a2d43d198572aa6b562a0ddc68d60d |
| SHA512 | 31cc2f5d2d50cbdda2c940ed7dbf8d7fe1925a00dfa32d08d62c9e95b1af848fb839f27ac72d1e8da24a2a93f9dd5504358de2669d90e02f629e5274fa48bef8 |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 8c3e835a6d6140cd0de011cdaf7f9eca |
| SHA1 | 1d30c6a67cbfae5353219adba2b2798c02f8bd35 |
| SHA256 | 328c458a470476769f6def18d380d5c39b9183a751749c550d0bdd72f2920990 |
| SHA512 | a5e30a88d0edf22a464593f140da813c0b4c4b63ab6e40b7a14b93571d43e264875a8a42b47b1f28337e5888cb64b91f264e9505687571aec69973a0a99c3490 |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 475b1bfc7d297dafa00515d486d4613e |
| SHA1 | 265925cc674e033b2fe4021f1a45165e6fd5782e |
| SHA256 | 90a3990a8043179b74ab487249567de2c9a557f2d5df306823e2e86333624dd5 |
| SHA512 | 5a0646caef21044aa6b1e67d5bfa43372b67e04c3c0d7d8ee5e958127ce24992f1243c081ec0dc162ebce4ccb2598a9afe96ad5e80a952ed4d9f5f8eba282c65 |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | c7704f78fff0355962298a66d3beda95 |
| SHA1 | 6932227a0d1f61844aad87a7a70382b300ff4f80 |
| SHA256 | 2801fcae5837560a7bfa1f060f378a0daab06fa9cbec20c7aff8955eea3bbe6b |
| SHA512 | 38deb1cab4e64f252c3121b0c0a6db97fa884ec6adefa8647baf7de527b5d73611e27969968fa511446d67bafcb396194124bcdf1ab714e132132c7959fc4679 |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 87f05c35a0c776159698730d553b8233 |
| SHA1 | a7a7cf32615a1a381bdcb5ee9657df5aedb101b7 |
| SHA256 | 00187c609a5820897549a13145638cb0cc68bf1ed9287ae7bb8817c32103a258 |
| SHA512 | 1a9165788a6e04ff6a874964805bce38982f2ef8245a405c254b585d37da7f46dd406adc67dbeba74df450c8e4d5f106e3a733217fdc1a7261913f64f200be04 |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 2571d11d356ccd80350b7eacf6f0f0db |
| SHA1 | b51ae45c4a99e37c83bd2f077ed180dba918e604 |
| SHA256 | f69efa0c895c4de3ff79c6359061a1ff9c7e3279c822785b016170fb79e7404c |
| SHA512 | 7996064c0323a99c938e08ea56acdacb8b5d0f17b088a82f84230c5b985ba90bbbf2fb7aa5c585dafbc1d4eddad023ee7410d2545328d53da089467d375ea43d |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 2d58af64a92eab7761aa07b74465310a |
| SHA1 | 13edcc364ccabae358082e80ea0845f90a463d59 |
| SHA256 | fb9646b89d9e862ffe84daefc47b3eeb9698817e6540e9bc137a3fd6c5a46489 |
| SHA512 | c7f45399c01473d8f19d41e1e3be8212d7c0e0d06b7ae7a0d347395617780b624936c6a3fa76207ba41011b0952fc68ac02f3fb7a5c40aae1d295df045defd3f |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | b58155278c71207812b5546dd966ae85 |
| SHA1 | 7543fbb652f2c47be73d0db4aa91033772989c4d |
| SHA256 | 5e74cdf0066dcf159b9170d5d63a7d4aee92a60b42ad90a476e5d0bce52b4f4b |
| SHA512 | 34265bd865d0ae6b5efcce36b254425bd87c14580d0921cdad98ef9a0a4ecfe058288eb056bf54021495ad0e4c05593581bc5d9e6a4d472ea277a9a2e6f804e8 |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 478318d6dcc8e2cb2da8366d3b76b0b3 |
| SHA1 | 4715118a7973d1c201faffbf2a0463e2ca1f6deb |
| SHA256 | 883f1e90544dc10e68ebdc371a28978d54ccd6c3049579d9a661d4ca91bb572f |
| SHA512 | 8ca65048d969aa1b65dd2e7c4abf6efd5cf5e22c5945dcadc1d46f50c65fe8cb73d7cfa0694133d7adb920390c36d0f4b1e893df0fd6d713cabd1886ca364f98 |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | db09ba92a05b25668dfe4f17e1ab971f |
| SHA1 | fafbe8b9eb10678aef9fc5cf217aaf33ab7245c4 |
| SHA256 | e9acaf2d3ac9a4f96fcc58a07f1f050dea36fade75a34d482c7b3e2435ded042 |
| SHA512 | 581f65299844527681985d6c7da0c0c2afb66f0723fac1aba63e60872a62f6b9f7c8d10741d13ad01f33dc1cb600e14095dc302f6c8a0d26db70ca3c97ac68eb |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | cfc6a2656fc256d6540b6b3a2afe6bcc |
| SHA1 | 9e5997b1cec6d9eb8c5c766f51ad0ee441937c33 |
| SHA256 | 71efbffe605718b2ca9076bf1078aa8db3ce00037154430becd33fba59ded9d4 |
| SHA512 | d1f193d79d57499e9708b4d424c1d319aaf452fc80bf02d4cc5f309e2e38e7c16cbfde510f11c5964da49c4562abaad8b4b3cb603d7507ced8e16394c8cc937c |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 5db6731a0812acc0b58b5eb041113e57 |
| SHA1 | 07280a33c6a346072fe9571047d89a658933fdc8 |
| SHA256 | 9969d06546fd4ba4f6f7445ad4d43e197145c45c0a257e198bf6a82b8e354ffd |
| SHA512 | f881fdcab4485a8daa4d3888b69b9abc83e7e9c09f588f6bff8d0e10ca9802b9d041e366101220d2700a90b1a72329c02b3003189fc609e8a74f1ebe0f5812de |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 84ad40f22d333ba1dd77aa2690eb594a |
| SHA1 | 86e7c2b961d27d8e88260f09bee7bb585a5c510f |
| SHA256 | f980e4439488418ce3126dc8993219397d2f5a6b512ba97a850cb540518bc5c7 |
| SHA512 | 5137411ff1d7b6f74ae2c30284c5096ea37483f33d99c95d6f0178c2405567af9f6170e199422ff4b4b19c72c9ecda834aa7764810b6e58bd3a40f3f6c7ecf5b |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | 69b3d234dfe8fee627f0e365132c5145 |
| SHA1 | 7b94d3c2b5eb2a2fafbdff0af8823914ed839edd |
| SHA256 | 4734adc8eb67baf767efb55559fcab6ab8cf1704167f681dd74a3519d8b32c3c |
| SHA512 | 162ab36de5b121d1daa559c8145dc2dc3e50c6797b64f702ebfdf08913c217776772d0e3fbdb5e84dc0b866f8a0e8fc1bfd4216c86119c3be5ca01d45ffed51c |
C:\Users\Admin\.lunarclient\settings\launcher.json
| MD5 | e8620d728292c2e6b375ead63770fd14 |
| SHA1 | 84e14d681e9bb75de0d8fade27b554fa4107b352 |
| SHA256 | caf404f600bb11236e70cdca602bac80a746b3a3a9666f590e5df77ba9cda525 |
| SHA512 | 50ecb5d0778ecc64e2ee5308ee8f9c726db4baf0f0b773e6804d36c9bf015a1b465370ff54580691536add38a2e6f8afb61ac0a60f22c055a6c3d2a099716140 |
C:\Users\Admin\.lunarclient\settings\launcher.json.tmp-941759532721b959
| MD5 | bbd74f2e1deadd43637c7eee8a93799f |
| SHA1 | f32fd5fc6072fcf41df6bf0f83118d9eef2f03b4 |
| SHA256 | eecd64bdd261d03e461c3537c383086fc5e1b0ac37a14144cf95df29b51d44ed |
| SHA512 | 179b9a39f0f5068f77a96efd194b6724ec4a13696b19d571f2e7473599c3d8ba79d3fc29b67f184862d2f4730c4ee2df190cb70726c7be06807c05f66648f113 |
C:\Users\Admin\AppData\Local\Programs\launcher\resources.pak
| MD5 | eeadd23c8d83137ef70286deb8003c49 |
| SHA1 | d777bd2f49bb3cec4872f9fce04774b8050e02fa |
| SHA256 | 4268285f4e39bd4483a81ebee3a523fc595e58153a8f933aae1d0d4eac2c5f32 |
| SHA512 | f9f04f19085b57fc9972048c4bdf4b4956536a6bf558a697a044b7fac69980bd5ea96b6bd718e16e273ca8914a9e84ce0e4241feed13f8c221e8f9c28140819c |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | ac8998171204a2de23ceafb7bc9647a8 |
| SHA1 | aa7084239d6ff370f88232f0e2f5a6383e84e47d |
| SHA256 | 48399821b095c85f26c1416b7cfcb838acc3d2b51db63502654427308719e0cf |
| SHA512 | 3798f4584dc9072632b1449e7a31141002407acbd7add91d4dcabb541e0dba819bcad2b13ec30b7984a160d1be0734980e447508fc279c8bbb79935806b94930 |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | 94424ab75e6b356b01982be267290d78 |
| SHA1 | 387bc0aa8da1644de6d09e118c73abe0b5f871c2 |
| SHA256 | 7ea664b0cb2614ac39171cae663619f0715468fe5cd41bc6baedcb3c0a8dde30 |
| SHA512 | 2f3d4c4209caec614ce587e39837a9896330d8eed2ce0ede7ddc3b790bfcfc146ea5b8264f7b5873575b1c14a7937a557934af34a1fd5cae7e1e9916f4aac63b |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 2645eb579ecde78e7c5083a225996c62 |
| SHA1 | f41a9d5a2480cb2762a58e5668c8cdce895ddaf5 |
| SHA256 | 2abedb54cf6c4a84fa5be1d8661f40ab8ea0172f301b916d62bd21c76dd9cf6c |
| SHA512 | 912c1493dac8bc8711c691bd9bf6ab8b9ee6f15102abc49c39ee96dfaad1a71b62742d12f5a0a46773a1229e1e1c34f10e40c634b42bab51309188f4d4670646 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | b686e273fccbbd9c679e41cdee9faacf |
| SHA1 | b31f065d2206f3d5105a66a6977c7037c47a9b65 |
| SHA256 | a714ed4f660267d9062dd8db72099f2538c5959b27bfbcfe9c4789ca3861de0c |
| SHA512 | 07b35b03f51ec4923b28db72f81f50afd415feeb6617e9773b6c1c13c208cb77ab83c10ff8919b5a6a4a99f307bf32bd0c7a6880e9c4f0969189f99fc752a012 |
C:\Users\Admin\AppData\Local\Programs\launcher\vk_swiftshader.dll
| MD5 | 7bf32e4ca90af584d09664a12da350ad |
| SHA1 | c1e7c9a07b8d3665839f413203a80bfc3ecd8efd |
| SHA256 | e697629bec1d851dadfaed01367cef3e3be56ddaab07567e0827d5a5b4867768 |
| SHA512 | 73e0e51375f0d30381d944fb2a11562c1907fa6da9d7405b99246555af7a0520a1b9f387996664e4fe0b0be210440c01293806a00b15435307c9797232e0b12b |
C:\Users\Admin\AppData\Local\Programs\launcher\libGLESv2.dll
| MD5 | 67034e0ade2805b41b775aa8d5c04084 |
| SHA1 | c89f974710a13fabe026ec7916151ecd02f97c99 |
| SHA256 | 82e20fd1a6c104452b9e7e495cbdb02d4f115977f3ef31d9dace5bf515193bc6 |
| SHA512 | f30d6d0b9a35c49708f8ee532734499027f5c8b516446e40205151ba6bbbb201a80caeb170a633668734493d86e35837930067f2dc254c8d42f434166bf2264f |
C:\Users\Admin\AppData\Local\Programs\launcher\libglesv2.dll
| MD5 | 846dea6dd439c81cb905066ed209b232 |
| SHA1 | e1e99995fa0ed1847f86818ca8235cf255d95870 |
| SHA256 | 66123dc8e1eef626511326de2bde11ef403a67324bfd5e850d60ffb6b74d725f |
| SHA512 | 7a33a254c9b3d822edb9ee7cbb1a037ec346dbb861f5842ce0a7fbf32f35ec48f54f1729e15394ced031f5ae93b401c9cff48da5249569d5dd6db11036e3d19e |
C:\Users\Admin\AppData\Local\Programs\launcher\d3dcompiler_47.dll
| MD5 | 53f4e2e95b03a5341a881e43189042d1 |
| SHA1 | f957aabb2b75da2ec280127713ba4851b7d48f64 |
| SHA256 | 878aeaa20c5efea33f33f95f0b90772ed77828190422c177f17deb331ea8ffc5 |
| SHA512 | e64c914ff8f8bc51b1c0df17ce9e18054a22bf3c8f6d63d21c26358cc880ec68ca1171938a4dcb1bf01ce9415d2aa5931b37ac6175478c8ced0511af1361e7ec |
C:\Users\Admin\AppData\Local\Programs\launcher\D3DCompiler_47.dll
| MD5 | a0bc158572b13c0c308813f4d6592318 |
| SHA1 | 18653eb615862a868aee646bef478a230c23dbbb |
| SHA256 | 0788b8e858886481ee2f1c2269348f288af026df4ba8a1d642b33888ab8f2bfd |
| SHA512 | a7cc4b66b8cc7b4fac25253c54fd40e5d13f35d8ea7b7f4fb549e8d50e919b04a67d39dd689a2fa2eb9d0f3e20822f736cfa8b5e39eb704a372ca769e165b180 |
\??\pipe\crashpad_1512_TUUCSZVFBGZXQCXO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | 1a6e69c45d32e06389f8dcb82f8ffc65 |
| SHA1 | a80f40f593ac6531c89d04c35f44f6369a6f4e1d |
| SHA256 | 0a4d2122fba01e7fc8ccf3bb9be997d052e97e187dfaa91d5e5f7907117b4700 |
| SHA512 | 575d413a89fb9bfaa2378d693a3e9f16f63168531e8bcfcd8f2c4ea208c5738f293114a1f93d6c7230cf24c8483d2933a94e6acce42e796228d0aa80668bf600 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | eda11b550214303bffcaa85bdbbb97a5 |
| SHA1 | 3e6c88b5033908144a4e78fbb49233aea7d9e1c2 |
| SHA256 | 016cf97353dbf248e509b0e0af3f111c53ae878e4e327ef7932f20f24b5eaee6 |
| SHA512 | 591e175494ed6e2e9baca723b6af00e456bb6cf5228c61fc8c9f951616876fc6057781fad29ea3098c08683e71a895f3a1212f2356d45b22ea94f43f6b59699e |
C:\Users\Admin\.lunarclient\logs\launcher\main.log
| MD5 | 925ff8bd19275d2490471e37592de804 |
| SHA1 | e593b1ec91efa0845c815949ba245a7d8bbee55a |
| SHA256 | 99cd54360aac76e16322f02370207ddc8dc4de84630d30e43012d0682554a6ac |
| SHA512 | b0b7f4ce3629fd17f49a3bc929783645dcbfe74cd30aa971d0ee2755fccda48b73a1e84854d8a72e6e089750ea131c2e5172590e02f3cc278a698639c3fc2eec |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | 4186e27e748e17184e1d66a2d920d912 |
| SHA1 | 8cf7dc3933cd859a597c60be19a5cc475e6275fc |
| SHA256 | de2e0f0fd793a2c0e3ea95166a3145bf9c7044e2009afdd2a6a2d047e9d73e20 |
| SHA512 | 3274d03973de44d8e4ee1072968f195743e086cef977792593c704a356f6b19c18623ccb5a727eace51a0bd86f649b9637739f88620baea1b1a61c3ad19db11b |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | 5f5b2dd80078a28ad822d3b7b796dbe1 |
| SHA1 | 7188bbbdc2c10dc671dce66b7103e6e5c96e73de |
| SHA256 | badae86977b7a9ebdca85b60b7355c866d0ed659c30674b2de8c2381a256e3b5 |
| SHA512 | a62e46aa6b443622584879ce133bf0f0f6c043b89c5750c31476c9df963086136911b42d8fe80c9cad846f6fb9d601dd97d30c68439b88ce52d2ac2a9b493e71 |
C:\Users\Admin\AppData\Local\Programs\launcher\ffmpeg.dll
| MD5 | c6f776c388ef34caf23c8a15adb7568c |
| SHA1 | 4cdcfb55519b0f28f91d01c6f53374edcf867598 |
| SHA256 | 4f4bb57104f4acbad2ff636925939697b68a4b1dd16dbc521ad9125478481d40 |
| SHA512 | 4b7e9e787e821a98d31ae8ae9421f7ea01c25d8ce4eebaf11e61b511db564a1435ca4b60974b84c166221221e57340e3dada4f6028aded21d2f4166990e7c879 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 70b5ea8d98783fc379dc0020c2ac04eb |
| SHA1 | 1feabddb1ee86edd530722a91d0e7a610ff761b0 |
| SHA256 | 60ff1e75b8d849f977aed9f7947488a4d0cfca5b3d34452f6af8f581b48dec0e |
| SHA512 | 100db21b7a05139b73d6849e627fe8f103ace226649e02435915508783d6351f45b7123319c5aaf9d4ecc8532fb9e91b58b5597e5b3f24fdaecba66fe7289a59 |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 5684f22ba8a5feddb8659fba23981a9f |
| SHA1 | 3a66daa57d588e268ef984ad75ec3a1cfb54993e |
| SHA256 | e2a82bb077620334df1b82a43bd73ce0352b1d4a9cad0094e9bb20e491f92600 |
| SHA512 | 718dc2e4a2d4ff50c49504400eafd8eba545aa4f8a0645376c57f23447925223c0cfe7e5ef5e1bf283e367adc3723bd950603bcd6e4618eaa9672f491bbd0550 |
C:\Users\Admin\AppData\Roaming\launcher\electron-log-preload.js
| MD5 | 42a6840e0196caac4cedbdfbc79009c1 |
| SHA1 | 460c41c3e2448ed459243a27b88527acf3259eb6 |
| SHA256 | 35bdda0208c923186b6f0e1dcd7520bf24799f28602f463a389fb91d4b67f21f |
| SHA512 | 96856905007865ee987ea7ebd64bb0c52fa6546a3ba02af5d13f0bedab6485890d6a5fae2e843cc8b51e3da98a609aa0f7eb71045e0540316b1b15b390c79c08 |
C:\Users\Admin\AppData\Roaming\launcher\es-ES-3-0.bdic
| MD5 | 471061756215fd1f387f076ac014303c |
| SHA1 | d8397cb5900f52a5cad2416ed8ebf53caa1a3adc |
| SHA256 | e6334dcf080aaeca679db70565762a2c296ff5780c1af263530ac7345736bfa9 |
| SHA512 | ba9d0f2deb2fcd77e75bfe8a9c6241da25c7eb9012d0374ccca8e9cd9cd1c9615efd5f3980166b0b3431c7e3e55ef013cbc37f0d53bd1e2411afb9363ceccb05 |
C:\Users\Admin\AppData\Roaming\launcher\22a8b778-55df-4e57-8383-9c30a68e35d6.tmp
| MD5 | 217c781be08416f5b6fa33aedf027293 |
| SHA1 | 0e76955a55f31406fc64e3b136f1bb9214bc2d79 |
| SHA256 | 3de8ead96083d18355eed62a5b8089a61f6c7f97ba3dba04cbefae364f0455b0 |
| SHA512 | 964b588d2bb87d3e19924cf8a16f1c35807c45ccb41caa00be9dd4e34b9fdfa0625973828a9df1f5f56354f00bf13939e01798c40a8a7089c9aee4535e45b099 |
C:\Users\Admin\AppData\Roaming\launcher\Network\Network Persistent State
| MD5 | 458b9c8c5f15a9ecf49a3ad431ace95d |
| SHA1 | 503d3e4a46cb6151916cec0d73b0e7c5a64175ca |
| SHA256 | a8ce240c71c07c3429c032c571439d9ebfd9bcf69d32edbbf01cdc3972a6aaf6 |
| SHA512 | 23bb12cc2b039171563f45755cbe97b666a956d20634ee1243cd4e52c306759ae1e859f139f4afeda1de1b1da50d812075a6d202054b52853f094508eb6e32df |
C:\Users\Admin\AppData\Roaming\launcher\Network\Network Persistent State~RFe5a0745.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Programs\launcher\Lunar Client.exe
| MD5 | 693e11dbea7c403defd2e8d3b2db8111 |
| SHA1 | b9fa5623ddb5641feeee8dc6d47d79d629b70cb0 |
| SHA256 | 4da8f042c17c91f71db62ce5e7c5d20e71a5427d48adb4d36cfbc1a47965e712 |
| SHA512 | 84ac98821ab2c4079488f6a63e004da11c6ad2865d7617c247a94446c2db202a687cb31a1f03055033691cf8d740a45095986a85e4c6849cf0e401249b3d0da5 |
C:\Users\Admin\AppData\Local\Programs\launcher\vk_swiftshader.dll
| MD5 | 7f0846b0abb7395cc2a84e901824d3c8 |
| SHA1 | b4087ec1e4899a84bd86e57c37a0391576df4ad5 |
| SHA256 | 24f4886c927b37aa25b46ab36c738929c1078f4a79ca0e1842c14b301206086a |
| SHA512 | c253c432eba08337bba62c01ba65fddb6e6950e7983c278ca7f1199441cff7e031c9644da08a9c21319d8126640166127c6d075e242e4d3f84eea4ec1e2db2ba |
memory/1252-1511-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1512-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1510-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1516-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1517-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1519-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1518-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1520-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1521-0x000001BACA520000-0x000001BACA521000-memory.dmp
memory/1252-1522-0x000001BACA520000-0x000001BACA521000-memory.dmp
C:\Users\Admin\AppData\Roaming\launcher\sentry\session.json
| MD5 | 6e2188257382cab896fe283a4e95e869 |
| SHA1 | d3dfc4f9f9eeab2afa1a588bf9f15936350df9fc |
| SHA256 | 89e211220e6633caed9773a3dae0d6f45cf7ff03ade7e9d067a09fe3675132d0 |
| SHA512 | a2679a77941cb975512543f8b3cd04c5a3134100f097a86889a52b6bc1d43e7eb365f96dc9e7682769182f5320bb523e024bc6e41f9957f3fa2a6b65910b5117 |
C:\Users\Admin\AppData\Roaming\launcher\sentry\scope_v3.json
| MD5 | 80980874dd9aab0b373a2f3a604f1095 |
| SHA1 | 6e7bcf10386a05e47e1986b8157fecd933fc126c |
| SHA256 | f69c64abc8cb37e2992eec1979e3e54d504b937c8aa1ef34c585961016e352fe |
| SHA512 | d866d0a257b889dda4b7712dbd6254ae432a7a1e44db92358069967569a7122cc38ab987020964c6ff9fc836eac2571100efcb654d1cde046ecbabffe9c6ea73 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240221-es
Max time kernel
1561s
Max time network
1565s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240220-es
Max time kernel
1561s
Max time network
1562s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 220
Network
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240215-es
Max time kernel
1561s
Max time network
1562s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2212 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 2212 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 2212 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 2212 wrote to memory of 2908 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe
"C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\$R0\
Network
Files
\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
| MD5 | 227c1f9fe7c7f6fb24a451a5ca84e722 |
| SHA1 | 9c34be548c0b2affd930d05c1b315a5cbe9bca45 |
| SHA256 | bafcf2b563e935de1c9d2d55413d25b9a06a8ee8b4cdab49ba7bfe0bfb5c668a |
| SHA512 | 1fde79719e176eaa9f23211f9679d5406c219b2ae074227306001ea88c3c2f10c1ed1e0e52b10bc1e0ca9adc4cdc82d2da474ce7e59defaae816655ddc0fce66 |
\Users\Admin\AppData\Local\Temp\nsy1B8D.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
Analysis: behavioral20
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:50
Platform
win10v2004-20240226-es
Max time kernel
1386s
Max time network
1176s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1616 wrote to memory of 4628 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 4628 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1616 wrote to memory of 4628 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4628 -ip 4628
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:50
Platform
win10v2004-20240226-es
Max time kernel
1756s
Max time network
1174s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 916 wrote to memory of 1588 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 916 wrote to memory of 1588 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 916 wrote to memory of 1588 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
Analysis: behavioral23
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:50
Platform
win7-20240221-es
Max time kernel
1557s
Max time network
1563s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 224
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1385s
Max time network
1171s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2000 wrote to memory of 216 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 216 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2000 wrote to memory of 216 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 216 -ip 216
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 216 -s 628
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1373s
Max time network
1160s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2076 wrote to memory of 2224 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2076 wrote to memory of 2224 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2076 wrote to memory of 2224 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2224 -ip 2224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 612
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.192.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.192.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:50
Platform
win7-20240221-es
Max time kernel
1560s
Max time network
1561s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 220
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:50
Platform
win10v2004-20240226-es
Max time kernel
1382s
Max time network
1172s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3352 wrote to memory of 4408 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3352 wrote to memory of 4408 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3352 wrote to memory of 4408 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4408 -ip 4408
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.178.17.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1800s
Max time network
1806s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1284 wrote to memory of 3980 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1284 wrote to memory of 3980 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1284 wrote to memory of 3980 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3484 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3980 -ip 3980
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 624
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6044 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3756 --field-trial-handle=1984,i,6250324430674571549,669234090731242346,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.128.123.92.in-addr.arpa | udp |
| GB | 51.140.244.186:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 51.140.242.104:443 | tcp | |
| US | 13.107.6.158:443 | tcp | |
| GB | 216.58.201.97:443 | tcp | |
| GB | 88.221.135.81:443 | tcp | |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.16.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| GB | 92.123.128.148:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 148.128.123.92.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1388s
Max time network
1173s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3372 wrote to memory of 400 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3372 wrote to memory of 400 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3372 wrote to memory of 400 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240220-es
Max time kernel
1561s
Max time network
1563s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 220
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240215-es
Max time kernel
1561s
Max time network
1562s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 220
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1383s
Max time network
1170s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4728 wrote to memory of 4748 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4728 wrote to memory of 4748 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4728 wrote to memory of 4748 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4748 -ip 4748
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.98.74.40.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1794s
Max time network
1812s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1340 wrote to memory of 3860 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 1340 wrote to memory of 3860 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
| PID 1340 wrote to memory of 3860 | N/A | C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe | C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe
"C:\Users\Admin\AppData\Local\Temp\$R0\Uninstall Lunar Client.exe"
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\$R0\
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3660 --field-trial-handle=2236,i,3767879903388292704,1374608533225245713,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=2236,i,3767879903388292704,1374608533225245713,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.42:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
| MD5 | 227c1f9fe7c7f6fb24a451a5ca84e722 |
| SHA1 | 9c34be548c0b2affd930d05c1b315a5cbe9bca45 |
| SHA256 | bafcf2b563e935de1c9d2d55413d25b9a06a8ee8b4cdab49ba7bfe0bfb5c668a |
| SHA512 | 1fde79719e176eaa9f23211f9679d5406c219b2ae074227306001ea88c3c2f10c1ed1e0e52b10bc1e0ca9adc4cdc82d2da474ce7e59defaae816655ddc0fce66 |
C:\Users\Admin\AppData\Local\Temp\nsm72CF.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
Analysis: behavioral21
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:50
Platform
win7-20240221-es
Max time kernel
1561s
Max time network
1570s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 224
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240221-es
Max time kernel
1559s
Max time network
1560s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1964 wrote to memory of 2032 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1964 wrote to memory of 2032 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1964 wrote to memory of 2032 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1964 wrote to memory of 2032 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1964 wrote to memory of 2032 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1964 wrote to memory of 2032 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1964 wrote to memory of 2032 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SpiderBanner.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win7-20240221-es
Max time kernel
1559s
Max time network
1559s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 220
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-03-02 22:10
Reported
2024-03-02 22:47
Platform
win10v2004-20240226-es
Max time kernel
1386s
Max time network
1175s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4444 wrote to memory of 4020 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4444 wrote to memory of 4020 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4444 wrote to memory of 4020 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4020 -ip 4020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 612
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |