baf16e419e71ab5eb34d5955cd9409f5eacd1022e51dbf2d5e82f366c1368440

Analysis

max time kernel
93s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.html
Size

276KB
MD5

325ca36b13a2e26c70b2b0c6f1f9dd5e
SHA1

7b2c7fa573bf9d3c605a07c83ee629d920a6c2d5
SHA256

baf16e419e71ab5eb34d5955cd9409f5eacd1022e51dbf2d5e82f366c1368440
SHA512

3743a166278fc3f537235d1e4b4fea9ac81740be8ce4c5918bb185fa4293ac602524ac225be4894c33d1152628c4a150905ff868638c433b980fad5db7fcaa58
SSDEEP

3072:AixgAkHnjPIQ6KSEX/wHhPaW+LN7DxRLlzgAr:hgAkHnjPIQBSEoBPCN7jNr

Score

7^/10

pyinstaller

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

cracked_lunar.execracked_lunar.execracked_lunar.execracked_lunar.exe

pid process

2460 cracked_lunar.exe
1236 cracked_lunar.exe
3980 cracked_lunar.exe
4976 cracked_lunar.exe
Loads dropped DLL 4 IoCs

Processes:

cracked_lunar.execracked_lunar.exe

pid process

1236 cracked_lunar.exe
1236 cracked_lunar.exe
4976 cracked_lunar.exe
4976 cracked_lunar.exe

pid	process
2460	cracked_lunar.exe
1236	cracked_lunar.exe
3980	cracked_lunar.exe
4976	cracked_lunar.exe

pid	process
1236	cracked_lunar.exe
1236	cracked_lunar.exe
4976	cracked_lunar.exe
4976	cracked_lunar.exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\cracked_lunar.exe	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1604 chrome.exe
1604 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

3852 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1604 chrome.exe
1604 chrome.exe
1604 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe

pid	process
3852	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe7zFM.exe

description	pid	process
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeRestorePrivilege	3852	7zFM.exe
Token: 35	3852	7zFM.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeSecurityPrivilege	3852	7zFM.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe
Token: SeCreatePagefilePrivilege	1604	chrome.exe
Token: SeShutdownPrivilege	1604	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe7zFM.exe

pid	process
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
3852	7zFM.exe
3852	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe
1604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1604 wrote to memory of 2608	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 2608	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 572	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 2684	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 2684	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe
PID 1604 wrote to memory of 3664	1604	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6ac9758,0x7ff9e6ac9768,0x7ff9e6ac9778
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1904,i,9646911221306346239,6886087918360106771,131072 /prefetch:2
2⤵
PID:572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1904,i,9646911221306346239,6886087918360106771,131072 /prefetch:8
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1904,i,9646911221306346239,6886087918360106771,131072 /prefetch:8
2⤵
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1904,i,9646911221306346239,6886087918360106771,131072 /prefetch:1
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1904,i,9646911221306346239,6886087918360106771,131072 /prefetch:1
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4876 --field-trial-handle=1904,i,9646911221306346239,6886087918360106771,131072 /prefetch:1
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 --field-trial-handle=1904,i,9646911221306346239,6886087918360106771,131072 /prefetch:8
2⤵
PID:1156

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Lunarcrack.7z"
2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1072

C:\Users\Admin\Desktop\cracked_lunar.exe
"C:\Users\Admin\Desktop\cracked_lunar.exe"
1⤵
- Executes dropped EXE
PID:2460

C:\Users\Admin\Desktop\cracked_lunar.exe
"C:\Users\Admin\Desktop\cracked_lunar.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1236

C:\Users\Admin\Desktop\cracked_lunar.exe
"C:\Users\Admin\Desktop\cracked_lunar.exe"
1⤵
- Executes dropped EXE
PID:3980

C:\Users\Admin\Desktop\cracked_lunar.exe
"C:\Users\Admin\Desktop\cracked_lunar.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4936 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:3496

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
1e313d1c94cff7297121d693a9f9a774

SHA1
f2ff462c1a9f3faa66ee9cecb62f45c1ee694a85

SHA256
7b56dcace2bc8a9d801ca6660a8cb176e773de4872a6a5cf940d719692997d9b

SHA512
5c88646ed4fd271835d1d3ea066a8850da1d1bc4776bf5cea4102e31a47c54bf10ab8dfca1dc5287f15c80c69103e2f7481138bc69e2b7ae60ded99bb377a498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
871B

MD5
db1007c2e4c05310e17bcf91c2cb2801

SHA1
bf785030702bf372becf0e3005ebc4e001bc7656

SHA256
00d50019bab5cd5e2e2dc9c9c5de3995321cccea2b0bfa54369540b7f81b4f3e

SHA512
94b95ad14003c408667af903783fa3704e078361e117549c7e0fa67d6264b0490d7251bd3ce0b7e09bda70ea328b477b61dbbd070f7ad5bbab06a05743448eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
aab67bbd104dd269b3e6f3ce6160746b

SHA1
72afa27b90e75ab206424e5941c0f7267546f860

SHA256
7851c682b680a735c4c762d78de887bf86aa9117ca4f153b15f68735be3649c2

SHA512
c0f2881d591e37c2ee57fe451f342e82fa14ba9ba4fbf848910b7a7d8355b1fcfd3f160dd2a48eb16f2589238205f1ada9baaac4d0d3fe9d820e87444d7ce6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
010dac804edf87e148892d95d9c429b5

SHA1
bed94f1e2dc546246318b8168ee7c63f801c6763

SHA256
f084a19d738b648e2f2e1c91b6763d90c540f8bcc042208a758d7af888dae1c7

SHA512
048ec1e5ec5320ca427672a9cdf040618348bdd060d2a7eb80b4a76f229488df3867378f94dd5367cb137d7b82007f2fecccd4339c5c16b02101c58663ae9af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
eb774a51bb34ccd5179fdcf1bba24df9

SHA1
dd83747568a15b456058c9b4a89b467517397b89

SHA256
3fe9fb1ccc8bfcbf84edffa09c1366a5586add089f0f5a5eee8d49d26837b34a

SHA512
e9a4768b85c4b2d6d4173156de0148df18c906bf6f10095b28f72db8eae2ccaa53186c27f083d804096ac5f117b6d31e512d1572bf09c3218d320ed74a07547d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a87fe53ab42c4cf18912df0f2b596c3b

SHA1
6e40dfcafd8b2515afd5e0339bcf01368084de00

SHA256
9528ac049a7f8151cf7c5f3b740c35931350f73c18c3935a099c1db81fddd15a

SHA512
b087416828595f24c45088ebd8a378d92c8aedf9f211a5cabf1bc7287601ce3f795a57db1410aad728c7e567c56de0eea16047ec0c1ab970cc5428a04d9e3683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
3fc49916dcdbbcd9a77aa9be83f33ca2

SHA1
cdfb4985ce8cc1307b7fa0a2d5304fc256632bed

SHA256
64b68c1f9b244ec383efabe5e331fb818c8a7474851ae11ed11fb22c1b71270f

SHA512
64442ff75138f64acddd414ef1150e6d54ff52b84aa0c00b3333f93d47ea5d9afb5afd67c2920119ebe3049c4d5b26b8f9c412bb674816021d53b9f7d142d4f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24602\VCRUNTIME140.dll
Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24602\base_library.zip
Filesize
1.7MB

MD5
334e5d6e591eccd91d2121194db22815

SHA1
821d70c44dc7f25a784e9938d74e75a3471e1ad0

SHA256
9e830533f6e67b84d9dbc502db38a6f25d3c984f1a6a195a50f838d48d5b3ba5

SHA512
bac4a1283745e5eb4db953227bbf00831c8a0c3c831f5889e0d0630841e59c8ad96c3386ce3ad48300f4754fde188212edc79b78c9c98f76bca21987c1c05866

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24602\python311.dll
Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
C:\Users\Admin\Desktop\cracked_lunar.exe
Filesize
6.7MB

MD5
a935a661746292c72c43f96a685fb148

SHA1
464e4e832670ced5441b507a85fe79a4bdeb4802

SHA256
524753508a50c33f404a87441625e1d9967d0c1a11b31c534e2d60b838fb1589

SHA512
68e9a17255eab3ad2ae27442d1921a084c882ec59b6a498fbf3e8ab3e6b06b8c78a9e33871051b5bf9e5c974cf5b381433b1fdfd3b4ba2369ca91269de52bcf3

Download Submit
C:\Users\Admin\Downloads\Lunarcrack.7z
Filesize
6.4MB

MD5
e05822f53fa00743b894e0c586a7710f

SHA1
e498946f94ee3f9306f2e3bfcb5513c7a215e670

SHA256
d0c57190baf1285707e6728e82ed076e4cfee87cf901049fc2c24fc3cddf49f8

SHA512
e3544d07758853e57309d4c7c74dff37009aa678b7a2f946bec4c6f98b8f8815159face12fd9916d8e17dfbbe46002edfe10e05765b9a9c7ddc8f0dbc832fcfa

Download Submit
\??\pipe\crashpad_1604_LPPPCFNAYTTPYVBP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit