hxxps://game[.]overwolf[.]com/lunar/?utm_source=overwolf-platform&utm_medium=crn&utm_campaign=lunar-giveaway

Analysis

max time kernel
45s
max time network
49s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 16:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://game.overwolf.com/lunar/?utm_source=overwolf-platform&utm_medium=crn&utm_campaign=lunar-giveaway

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4388	Lunar Client - Installer.exe
4988	OWinstaller.exe

Loads dropped DLL 9 IoCs

pid	Process
4388	Lunar Client - Installer.exe
4388	Lunar Client - Installer.exe
4388	Lunar Client - Installer.exe
4388	Lunar Client - Installer.exe
4388	Lunar Client - Installer.exe
4988	OWinstaller.exe
4988	OWinstaller.exe
4988	OWinstaller.exe
4988	OWinstaller.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Lunar Client - Installer.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lunar Client - Installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 682441.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Lunar Client - Installer.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
3020	msedge.exe
3020	msedge.exe
5064	identity_helper.exe
5064	identity_helper.exe
5924	msedge.exe
5924	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4988	OWinstaller.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4988	OWinstaller.exe
4988	OWinstaller.exe
4988	OWinstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 5960	3020	msedge.exe	81
PID 3020 wrote to memory of 5960	3020	msedge.exe	81
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2404	3020	msedge.exe	83
PID 3020 wrote to memory of 2656	3020	msedge.exe	84
PID 3020 wrote to memory of 2656	3020	msedge.exe	84
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85
PID 3020 wrote to memory of 3168	3020	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://game.overwolf.com/lunar/?utm_source=overwolf-platform&utm_medium=crn&utm_campaign=lunar-giveaway
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,8692993849962125943,10731170813249004356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Users\Admin\Downloads\Lunar Client - Installer.exe
  "C:\Users\Admin\Downloads\Lunar Client - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4388
- - C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\OWinstaller.exe" Sel=0&Extension=jilehohlakeokncafogkgnicgndeecdiengddbcc&UtmSource=curseforge&UtmMedium=ownedmedia&UtmCampaign=lunargiveaway&Referer=game.overwolf.com&Browser=microsoftedge -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://launcherupdates.lunarclientcdn.com/latest-ow.yml -AllowWindowsInsider --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://www.lunarclient.com/terms --privacy-url=https://www.lunarclient.com/privacy --silent-setup --app-name="Lunar Client" --auto-close -exepath C:\Users\Admin\Downloads\Lunar Client - Installer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
1⤵
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c32b6fc873c040253034fe4bf5037bd0

SHA1
fc58579eb5bf46c8d5246a45abae3566898c2e27

SHA256
8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

SHA512
e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f74f80cd052dc4903da98dd6916f375d

SHA1
3e3512884ee41291824b30b256670b3d0a1c8d40

SHA256
d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

SHA512
bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
511KB

MD5
99c6382727232c42016b4be45f847b33

SHA1
96bc5ca0f5f0ed2459ca60c2b3a3bbfac129667c

SHA256
9274515e7a734d60f6b99bdec94eadfdee2e0590f3680f64132c206b5576a3c9

SHA512
48d0c3ce5801cd0894ddb17bc11f6519468f9ff16ee78b5a980abd0c605b3b0fa24d16cf3eaac2b7b101af484bbc0828a6baf72a9f42125ec31acc9fbf171e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
1024KB

MD5
105efc9ffd18d082a2c63d4c996cd6a3

SHA1
3a945f72cb39bbdd0b21ebc13bb4dda032288ebd

SHA256
2b46810ea288df6a317750658f7f01031795863a05c2ab61fa44d93c312a0ad6

SHA512
6f0e41544958d276a7bb98f0325f1db3884ef7ddaec0ff25f9eecc588d009557783575a61145d02942d76bc9b74684e3c71170fda03eb0b7b747f3f4742ffd68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
93383115d3bfafc5fcaca2acb109f94e

SHA1
a8cb8ea052e7fdc9175547fe7b0fd6c81d56754d

SHA256
297805278f77e06f3b1a97926d6b962b858da1e76dbde23b5a8372c4eeefcd89

SHA512
0fd0384cc6abd6860625ba77ac14ce09c014ff28d65d7a9c0b4859f30c6062e38fda253c5d2762cd8ee7bda0e5203cf9c48976d0b4f9427d7d4c733504feed20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a329e1a90e8947c6aebd57556147058

SHA1
c9bf3ec733dbece996c85f743c71542a4fe18117

SHA256
2542acb01940f18736c2d56932bcd6919c47f5891b525ed97941531f4c77cab9

SHA512
61ca7809df64f74e8a748266ebc035b402c41cd689d6bef3f2f29f2c284d07285a0f183c8728c91707fae97d59a71b8b167da36278b5a20d65916846c48f4f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
982515c4e0dc7ef9306061f18c9faae0

SHA1
51374b66620279d7e9f768e3c0ed67da54f38cf5

SHA256
a421d82eca807aec18fd7c190d12c23ec90313805c0ba4f40b145d96390efeaa

SHA512
1a6e1505c999b489055613671541416a6ef17502500dc5083c8b1f276a637f5ec33a38f7eeaaf0a710541933efdb63284df8f11eefdb2b6233eb46aab9173c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
37b709a8e79db8678f898bdd33dc34f9

SHA1
f5c33b86933e55c5821f6a7c2d886797cb9feecc

SHA256
5dcbbdacfbda7bfceac93162571bbcaf0d14130b0f459e0145e44b9ed25a133a

SHA512
cc11c18cbc277c69e9372ef8f9458ede20aa3aecbb983a1bb12c03030c30138ab88b4c35d0ab5f71f129372f46f02b4dc6868a4c5394340122f91ea690b52bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4fa7226b8094a56747e0f4764ba57602

SHA1
c0a55431f5c83457c68cdaaf311383c5a11b114e

SHA256
71f15023b9f78663665e95268c70948620af11afe0b27966d8a1e2fdb21574ae

SHA512
a2959c711c023bdd127a58a9b3dde3dbf44bab6a2b5ce795881a72d5ba6631246e53817234096d2c8d6fc5b02b2937f35294268589833b29113cf28d620a36c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5c3d7765ba43bd1edee4b831682a4b15

SHA1
85b74a85860b724221380ac36104c4cee5ed4b38

SHA256
c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

SHA512
9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
28e1d7e469cb70aa68b231787240fb3f

SHA1
b8d6d009b59f8f24bfa1e7a08c454acf8f1700bd

SHA256
0d30abf9e40a4d965e0c16a9cfc8d220a9963d945eddcc34ec4f5effe6ac46c1

SHA512
b63ae0f2c1b1915ca49ecaa2f92fa6ee9d298521a63c0733fbbce4fff4d4afda340cc65c24f32feda83d94785cd323c494224eb701f6a844d3f5366cb1e471f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d10d3b5eb5764885238ede0eaba24ac0

SHA1
881ced0ee869a88927a318bd2744df0ae77782c6

SHA256
641901e3668fe795ae442d14f96c342973b332ef4a3697d0fd70e82c25feb7ac

SHA512
41ecdb92af789711777f2340dbd46eb822c074d42023dce04dd783b33adc82bd9db565a3dfa7c2ec8e68299b1f5bb26d491173517dc9040728830502853bf493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
333ef8de63ac1758c6686b804aaa73cd

SHA1
b264145e467c3406e1229ef0b95fcec3d88066d6

SHA256
427bdbac8340575fa2bdfdcf25c75e3940d8f6b7a40b57135f978ae033c11603

SHA512
aae02549ffb368677367176022278d74784c0938d1f93420d44d049e7ed98de55fd129340988efaf87bf3a19ae125dd01c385a9e108af10c2504e74c70f4883a

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
752B

MD5
65006c670e82d8cac66e93baee98b0a7

SHA1
7b44b6d1bb1052493a4d5025c5a053c6d5e74829

SHA256
e0fbb5562a3c53bd7a768f5d42fa6aa066c0c720d39250f9e751fd9dea7610d5

SHA512
6af717e537771a272ff4d3b7afaefff9cdd24e6d728c53a0063ea1618703fec07f9eb3163bb23636d860fe2a61ab94a136b003a57b748825208405d76046f6a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\CommandLine.dll

Filesize
68KB

MD5
e550d515162f5cb5d56f71fe652d25ae

SHA1
003c4cd7d0ea8e633a95d042126c227664d1c8e0

SHA256
77312de4bac21a5d6310161b2394d2a8cae4e320e27bda5d98cb8b6dea4b30dd

SHA512
ab1eda50d9cdfacac6ce7706eb1c54253b048858628a8915381b7fe2a40fdc22a239f52d1940015f75d31b331f5e25a01398b35099d9e73181f170f61fca1e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\Newtonsoft.Json.dll

Filesize
692KB

MD5
98cbb64f074dc600b23a2ee1a0f46448

SHA1
c5e5ec666eeb51ec15d69d27685fe50148893e34

SHA256
7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

SHA512
eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\OWInstaller.exe

Filesize
301KB

MD5
1a0b2f9b187d7bc784d8e16587b13ff9

SHA1
58d323581c8e55d17b92246257d8d2b01fd37500

SHA256
074d2777e3c62bffbd4bddf8c1f40ee28da9ec65686a1f967278ad0a13a79609

SHA512
2e27b76a0ad7d5df9bc80e4adabce9bf7999baf5b0a111973f55e24fd7fe55143f3f6153613243f8a4ce167105c43ff19f44d7f083ce9f1a1e16d64ddb5e856f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\OWinstaller.exe.config

Filesize
632B

MD5
82d22e4e19e27e306317513b9bfa70ff

SHA1
ff3c7dd06b7fff9c12b1beaf0ca32517710ac161

SHA256
272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827

SHA512
b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\OverWolf.Client.CommonUtils.dll

Filesize
648KB

MD5
aa259470b9b4ea103f4c7b4f85d62d7d

SHA1
49a0ec666318cbccbf97973db434e954dc7e7b72

SHA256
8eec8d3b6ce62f517348e1f4e0e2f7a4462221368856c18baf4319be5625b6a8

SHA512
e8e78076e8aadcea23c9b26a0ddf71a08d3022a3cacd0daee5bcce1ba111c3e56b600ab851ee27b0e4f3a4a08697c75b3578bef80a896b1f6a2ff08e7abe708e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\SharpRaven.dll

Filesize
80KB

MD5
bae5ce65b183b31b483adde07e60f808

SHA1
ed443d8ac29dcd19cb4c1043b1c4688c97a4485d

SHA256
e69f6a5ae80a01bff6fdda19f9b9183b2f7a5fe77e586643f40e06d909d19df8

SHA512
40edc835bbe7bbbbb1c626ddba2deb312525db6adfb52545a342c5ef51a87e5889ca37415b7260eee38a69ec01e064f8f306822e39b1662bf635cd8f72f6567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\System.dll

Filesize
11KB

MD5
7399323923e3946fe9140132ac388132

SHA1
728257d06c452449b1241769b459f091aabcffc5

SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\UserInfo.dll

Filesize
4KB

MD5
9301577ff4d229347fe33259b43ef3b2

SHA1
5e39eb4f99920005a4b2303c8089d77f589c133d

SHA256
090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

SHA512
77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\images\icon.ico

Filesize
149KB

MD5
af5a51fc5d3cf1861f2a470711355265

SHA1
bb6ef7a49986f46b1347f007a327b7b35d28e4c3

SHA256
70e7e734171c8c32bcfe8967bb3d91fbe259952ec9c92b6562095614ff465a1b

SHA512
c3de8de1db9177521e87cb099a15ab4897e5d3a9b8b4086a555689743d9945fc23bc5c9a2409f26b2d120031e355ec6949ead3017c3b44cff7b701ad72073b8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\index.html

Filesize
20KB

MD5
423d2e2f7e21b856cb5f3ee3dcbfa5a0

SHA1
eda0e357387913daf57a0c683c34b4b8a5d7baf7

SHA256
cd59efa2fe7cbe222d03a946c34eaacdb3761e922763952d7be4555addf8572c

SHA512
c403307549af9bf7cfd34295a8b1020e7b7489d104b5fdaf4320b495f85977134796774dbf4f20f8fd0b2d1f2188b881a1cc35cec56aa64a3dc84bf1c2d21b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\block_inputs.js

Filesize
789B

MD5
b5b52c92b90f4283a761cb8a40860c75

SHA1
7212e7e566795017e179e7b9c9bf223b0cdb9ec2

SHA256
f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

SHA512
16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\libs\cmp.bundle.js

Filesize
346KB

MD5
75788eef24727a1387ea0db9ffeea4f6

SHA1
c222936daa52501bc6fe4a7a72c989f73d69d4a7

SHA256
38536d86fa0017a0a64148d6976f601eda336faa417c214720d2039e7e3c3a58

SHA512
68b8cb1b6a401103500167a6c19c6ac94fa7868bce043ae490613aa60e1601a218a4dfe959d42b61af61eb48bd930b7c520ea4e9bc7dc2fc1fd7690b89002532

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\libs\jquery-1.10.2.min.js

Filesize
90KB

MD5
44e3f0db3e4ab6fedc5758c05cf27591

SHA1
2d408aa1d35661019c95adcc60b78c0727ed25b4

SHA256
bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144

SHA512
4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\models\notifications.js

Filesize
5KB

MD5
85afdf9897bb1236eff3afa40d15ece6

SHA1
4362bdd139458eaf4a2dcb34294b43e2d53f4a26

SHA256
9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32

SHA512
4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\utils\analytics.js

Filesize
4KB

MD5
525281e9959af4c1c0d11b9243c798a1

SHA1
237a84c5b57bd132f48446d718b20640cb28c263

SHA256
c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d

SHA512
fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\utils\commands.js

Filesize
13KB

MD5
a25b49d085333ece9aadd1f285795925

SHA1
53341dcca297a969a8ff37265935488f1790307e

SHA256
acbf59ce6aa668880f65aab2bfe62305415c76301b40bc7f72777f0b08840b71

SHA512
0a2cb6f4e1af0c4205e38ba1e12c208e6ea4f8f8e3956c9d10b312aa9a6929b99ec967aee7aa1f54da97ca6ea354f8bd7f624359cfd05c6241a5f4bf59843b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\utils\cookies.js

Filesize
1KB

MD5
6c60e675f8c8c68c0174b644d3a63a2a

SHA1
3635a3fe07ccc4a6f33a986ddb690522d0611abb

SHA256
9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287

SHA512
1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\utils\modal-events-delegate.js

Filesize
1KB

MD5
117e4fdbdb0ecf211c8bd909efd337d1

SHA1
9f8684d856b7c95bdffb139217dfd89f41373187

SHA256
267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857

SHA512
f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\utils\strings-loader.js

Filesize
5KB

MD5
9c94eb933d8a43dd3825e67a7e30c980

SHA1
7ec7b16af6f399219209ba5967d377040486a11b

SHA256
96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf

SHA512
a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\utils\utils.js

Filesize
118B

MD5
a0952ebeab701c05c75710c33d725e7e

SHA1
1da8a2e889f1213d481ae3cd5571670c01e64adc

SHA256
b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246

SHA512
5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\cri\cri-controller.js

Filesize
3KB

MD5
4e4b4a9e2d86ae3c108105078db6d730

SHA1
826946be793c999316af6c1db10523950b18ea2c

SHA256
cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7

SHA512
1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\cri\template.js

Filesize
1KB

MD5
76c1ef0cb437db144c2bed53a5a8a5d7

SHA1
aaab8fff649f8e46d1e9510018118ee9abe01498

SHA256
505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e

SHA512
822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

Filesize
1KB

MD5
eb6d6bd7e05d4477e2704dd87b57ca35

SHA1
f42672ec1e23a3f4bcc2952746d87ba8deff44be

SHA256
5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5

SHA512
1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\finish-with-recommended-app\template.js

Filesize
681B

MD5
d1cb34b57cef7e28b9286454b197b712

SHA1
f3a964b319bab82d4eda07e126bbfd6dec35c349

SHA256
b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42

SHA512
3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\finish\finish-controller.js

Filesize
1KB

MD5
138240ea22084428e9e25583e9156568

SHA1
e8bef7eab5b6e7040b996ec9504436e073444bd9

SHA256
4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec

SHA512
e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\finish\template.js

Filesize
1KB

MD5
f092de7ea66d8e920b345f38537fa35d

SHA1
82d107a409f18878307ae0cefe24074db64937c4

SHA256
b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f

SHA512
14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\main\main-controller.js

Filesize
11KB

MD5
15b665a5c915004e1aa7e9e11a710f7e

SHA1
7821924e42bb19d60c572ff80bbaaa04d7aaeefb

SHA256
84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653

SHA512
dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\main\template.js

Filesize
3KB

MD5
a118c7724c208f12083240cafccfd10b

SHA1
f89c676a215b869626737862a08c9eb07d440211

SHA256
63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc

SHA512
9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\modal\modal-controller.js

Filesize
2KB

MD5
b04bdfd1c7d09bdbdb94a2455fdd677b

SHA1
f000ba4866ff16d75bfd6cf446763498e19b12b1

SHA256
4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1

SHA512
3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\privacy\privacy-controller.js

Filesize
2KB

MD5
15bbec339f5046f525e3aa96d36c30ec

SHA1
f73d40bf06584737fe327f1eec6f4b0446545226

SHA256
14d9c60cd97f18e74fee2dd80b6a190eaccc526085991f356feb6b4d330a0fc3

SHA512
2b0edfd2d5efb3f739e56eb6f3bcfae4789af3e1639f5f8e5f7530f5af10eb1a61464d665c9d9b2f4eb3796f2445108599d8bea75f1709aa562feebee519da4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\privacy\template.js

Filesize
655B

MD5
cf8d2c26520d7c84e560dfa79e31dcd3

SHA1
716f2ec17480d5cc9c145bc147833fbfc39d36f0

SHA256
95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8

SHA512
d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\progress\progress-1-controller.js

Filesize
1KB

MD5
82f0b997ed552c52a510a9f2ab29dc3a

SHA1
92aec3a656053c71eccdde610130f5d8008fa96f

SHA256
838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105

SHA512
ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\progress\template.js

Filesize
242B

MD5
92b145e6649ba0add3dee9a69d3fa91e

SHA1
4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d

SHA256
a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab

SHA512
747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\settings\settings-controller.js

Filesize
6KB

MD5
378c18dd7d5cee6ca7c4ddd0396b535b

SHA1
d5f81d4fab29201fd1629dc4d8e6f918c0c30479

SHA256
b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35

SHA512
c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\settings\template.js

Filesize
4KB

MD5
28513de0830383a516028e4a6e7585a0

SHA1
d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5

SHA256
8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f

SHA512
0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\welcome\template.js

Filesize
1KB

MD5
17f54fca6723b983875d940d931e0afb

SHA1
01774cd5cea36bd74c80a708d6f77567e8091024

SHA256
42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb

SHA512
401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\js\windows\welcome\welcome-controller.js

Filesize
2KB

MD5
50f676754862a2ab47a582dd4d79ecf3

SHA1
1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158

SHA256
6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b

SHA512
ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\app\manifest.json

Filesize
691B

MD5
e403eaddf76009ad431410b02424f255

SHA1
07367a5faefd49fdb10e2a135db56341b4cbbdfb

SHA256
940e82de80943e0db937dfdca247a0a479a3924f005fbaa393442eafce01974d

SHA512
159c3b43f9fd6650c9eba340ce70d13cd62a728c5d9dbec61008a79e84eb5898194991af5ccf9158bc09a0145f6d140edc812d054d15f275aad9cb92cd73bf4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\log4net.dll

Filesize
270KB

MD5
f15c8a9e2876568b3910189b2d493706

SHA1
32634db97e7c1705286cb1ac5ce20bc4e0ec17af

SHA256
ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309

SHA512
805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\uac.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc249B.tmp\utils.dll

Filesize
55KB

MD5
aad3f2ecc74ddf65e84dcb62cf6a77cd

SHA1
1e153e0f4d7258cae75847dba32d0321864cf089

SHA256
1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8

SHA512
8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

Download Submit
C:\Users\Admin\Downloads\Lunar Client - Installer.exe

Filesize
2.2MB

MD5
c429328e852a41c163ddd2999b5b89c7

SHA1
37b2330fe0310a1b75d76bbbc3bd56100d86474f

SHA256
c54712230e87de905d53015a441df5e61057219866b36aaa11382cc7a6de6e3b

SHA512
9c14133350884e2b7d51cfd9b06a3824466083bb052db4fbc9cfe38ce3113fccf2acacdf799afa7ea88c3a827f4609927a8d1418a8752999d42cccfc112aa5ad

Download Submit
C:\Users\Admin\Downloads\Lunar Client - Installer.exe:Zone.Identifier

Filesize
66B

MD5
cc9122305e70aaae73402775aeec265c

SHA1
e9e16eba592ca2837be84ad39b1362e1b9437fa3

SHA256
6a7f54cb0820c1104497b626ac3bfabb8a9af100df288ae19bad726267f71215

SHA512
29de4257a9b45486aa3c1c379b79d66f3dd8921815fa63639ed752df1fb09b821f95b623e2647bede7c2e1bd1a120a79f24f1067269219a781efd664238a16a8

Download Submit
memory/4988-415-0x0000024DF3790000-0x0000024DF3840000-memory.dmp

Filesize
704KB

Download
memory/4988-397-0x0000024DF33F0000-0x0000024DF3494000-memory.dmp

Filesize
656KB

Download
memory/4988-393-0x0000024DF0DE0000-0x0000024DF0E2C000-memory.dmp

Filesize
304KB

Download
memory/4988-399-0x0000024DF2A10000-0x0000024DF2A24000-memory.dmp

Filesize
80KB

Download
memory/4988-400-0x0000024DF39D0000-0x0000024DF3EF8000-memory.dmp

Filesize
5.2MB

Download
memory/4988-402-0x0000024DF34A0000-0x0000024DF34E6000-memory.dmp

Filesize
280KB

Download
memory/4988-476-0x00000255F67A0000-0x00000255F6F46000-memory.dmp

Filesize
7.6MB

Download
memory/4988-406-0x0000024DF34F0000-0x0000024DF3508000-memory.dmp

Filesize
96KB

Download
memory/4988-435-0x0000024DF3710000-0x0000024DF3732000-memory.dmp

Filesize
136KB

Download