hxxps://www[.]lunarclient[.]com/download

Resubmissions

24-08-2024 18:38

240824-w96cnavgmp 7

24-08-2024 18:34

240824-w7v4xavgjk 7

Analysis

max time kernel
103s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
24-08-2024 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.lunarclient.com/download

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0009000000023519-913.dat	acprotect

Executes dropped EXE 8 IoCs

pid	Process
4228	Lunar Client - Installer.exe
4524	OWinstaller.exe
5632	Lunar Client - Installer.exe
6136	OWinstaller.exe
6072	Lunar Client - Installer.exe
5072	OWinstaller.exe
5852	Lunar Client - Installer.exe
1900	OWinstaller.exe

Loads dropped DLL 36 IoCs

pid	Process
4228	Lunar Client - Installer.exe
4228	Lunar Client - Installer.exe
4228	Lunar Client - Installer.exe
4228	Lunar Client - Installer.exe
4228	Lunar Client - Installer.exe
4524	OWinstaller.exe
4524	OWinstaller.exe
4524	OWinstaller.exe
4524	OWinstaller.exe
5632	Lunar Client - Installer.exe
5632	Lunar Client - Installer.exe
5632	Lunar Client - Installer.exe
5632	Lunar Client - Installer.exe
5632	Lunar Client - Installer.exe
6136	OWinstaller.exe
6136	OWinstaller.exe
6136	OWinstaller.exe
6136	OWinstaller.exe
6072	Lunar Client - Installer.exe
6072	Lunar Client - Installer.exe
6072	Lunar Client - Installer.exe
6072	Lunar Client - Installer.exe
6072	Lunar Client - Installer.exe
5072	OWinstaller.exe
5072	OWinstaller.exe
5072	OWinstaller.exe
5072	OWinstaller.exe
5852	Lunar Client - Installer.exe
5852	Lunar Client - Installer.exe
5852	Lunar Client - Installer.exe
5852	Lunar Client - Installer.exe
5852	Lunar Client - Installer.exe
1900	OWinstaller.exe
1900	OWinstaller.exe
1900	OWinstaller.exe
1900	OWinstaller.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000023519-913.dat	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lunar Client - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lunar Client - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lunar Client - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lunar Client - Installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 447191.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2604	msedge.exe
2604	msedge.exe
1620	msedge.exe
1620	msedge.exe
4016	identity_helper.exe
4016	identity_helper.exe
1456	msedge.exe
1456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4524	OWinstaller.exe
Token: SeDebugPrivilege	6136	OWinstaller.exe
Token: SeDebugPrivilege	5072	OWinstaller.exe
Token: SeDebugPrivilege	1900	OWinstaller.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4524	OWinstaller.exe
4524	OWinstaller.exe
4524	OWinstaller.exe
6136	OWinstaller.exe
6136	OWinstaller.exe
6136	OWinstaller.exe
5072	OWinstaller.exe
5072	OWinstaller.exe
5072	OWinstaller.exe
1900	OWinstaller.exe
1900	OWinstaller.exe
1900	OWinstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 3380	1620	msedge.exe	84
PID 1620 wrote to memory of 3380	1620	msedge.exe	84
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2324	1620	msedge.exe	85
PID 1620 wrote to memory of 2604	1620	msedge.exe	86
PID 1620 wrote to memory of 2604	1620	msedge.exe	86
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87
PID 1620 wrote to memory of 868	1620	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.lunarclient.com/download
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecceb46f8,0x7ffecceb4708,0x7ffecceb4718
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Users\Admin\Downloads\Lunar Client - Installer.exe
  "C:\Users\Admin\Downloads\Lunar Client - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4228
- - C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\OWinstaller.exe" Sel=0&Extension=jilehohlakeokncafogkgnicgndeecdiengddbcc&UtmSource=site&UtmMedium=download&UtmCampaign=none&Referer=www.lunarclient.com&Browser=microsoftedge -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://launcherupdates.lunarclientcdn.com/latest-ow.yml -AllowWindowsInsider --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://www.lunarclient.com/terms --privacy-url=https://www.lunarclient.com/privacy --silent-setup --app-name="Lunar Client" --auto-close -exepath C:\Users\Admin\Downloads\Lunar Client - Installer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4524
- C:\Users\Admin\Downloads\Lunar Client - Installer.exe
  "C:\Users\Admin\Downloads\Lunar Client - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5632
- - C:\Users\Admin\AppData\Local\Temp\nstA7E4.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nstA7E4.tmp\OWinstaller.exe" Sel=0&Extension=jilehohlakeokncafogkgnicgndeecdiengddbcc&UtmSource=site&UtmMedium=download&UtmCampaign=none&Referer=www.lunarclient.com&Browser=microsoftedge -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://launcherupdates.lunarclientcdn.com/latest-ow.yml -AllowWindowsInsider --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://www.lunarclient.com/terms --privacy-url=https://www.lunarclient.com/privacy --silent-setup --app-name="Lunar Client" --auto-close -exepath C:\Users\Admin\Downloads\Lunar Client - Installer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15572014488214326501,7178649634790676660,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:6004
- C:\Users\Admin\Downloads\Lunar Client - Installer.exe
  "C:\Users\Admin\Downloads\Lunar Client - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6072
- - C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\OWinstaller.exe" Sel=0&Extension=jilehohlakeokncafogkgnicgndeecdiengddbcc&UtmSource=site&UtmMedium=download&UtmCampaign=none&Referer=www.lunarclient.com&Browser=microsoftedge -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://launcherupdates.lunarclientcdn.com/latest-ow.yml -AllowWindowsInsider --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://www.lunarclient.com/terms --privacy-url=https://www.lunarclient.com/privacy --silent-setup --app-name="Lunar Client" --auto-close -exepath C:\Users\Admin\Downloads\Lunar Client - Installer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5072
- C:\Users\Admin\Downloads\Lunar Client - Installer.exe
  "C:\Users\Admin\Downloads\Lunar Client - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5852
- - C:\Users\Admin\AppData\Local\Temp\nsb20FC.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsb20FC.tmp\OWinstaller.exe" Sel=0&Extension=jilehohlakeokncafogkgnicgndeecdiengddbcc&UtmSource=site&UtmMedium=download&UtmCampaign=none&Referer=www.lunarclient.com&Browser=microsoftedge -partnerCustomizationLevel 1 -customPromoPages --owelectronUrl=https://launcherupdates.lunarclientcdn.com/latest-ow.yml -AllowWindowsInsider --disable-change-location --disable-ow-shortcut-ui --disable-app-shortcut-ui --enable-app-shortcut --eula-url=https://www.lunarclient.com/terms --privacy-url=https://www.lunarclient.com/privacy --silent-setup --app-name="Lunar Client" --auto-close -exepath C:\Users\Admin\Downloads\Lunar Client - Installer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
fc950ea275910ed70442bfe7dacf5609

SHA1
4eb3aecd8e1f651622bfb055f1be486b054a3d3b

SHA256
0aee41e7f13f24a64bd444c4067cabac0596a419b9b835bce5b113b5d8fe422f

SHA512
8c71eae997614850a2c8181eedf2c0a26e48fd8311d74ce27a16054c207368394e65c7ed2cef2649a3fa3a5c7799db0dc14c5e1a63b452d3dd6329c93d8ce246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
b6ee3945e0b00b1312270dc708c5c1ec

SHA1
dbec72781fc037ab739ae7cc86d374a1855c0e0c

SHA256
73fbf6e7b53d47d4b015a348fa24167c88ef9138111dd16f3165f193ade6284f

SHA512
21a56123663d5ac2d6b488c99c1d8576c8ad5c8d587a9602a735a8dc7b4caf1f65b64c3854c85c175215e92195f485fb588ae8df0de4851f7d9e25ccd8b36160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7cac7fc06f2b6ee2631d44f9347923e4

SHA1
3718275a0fc14a6b3d049e741940f5e3989f5b64

SHA256
08ef50a8532f6490bb30f220b323cc5e66204ac42d0034fd6112c2891733f4f4

SHA512
fc7e6cc093fd19513902be6e773d6678d5520886bdeec423b3c1e03f7a25f441f391c273b86d63d97dff7429fd56e9b0369f89b00cc9bd67c8fcbef612014db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
38c04bd6b2750174652e5d5bbebc9f6a

SHA1
a40e9aba709a6029864bda8d97c9a287af67c586

SHA256
c3f210aebb2fa46f245460bc84a36d74db71fb1a082844577d9fd3a334905301

SHA512
4571d54dabfb41c651561eaa97b81480699f491548a3cd5004fa4a9afe6a1b6fd9ddcc1c638baa9f17258fab70ebb8d082e37bc9344ddda24bbe632521b93f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2844961a3c4a8a7e12e1254e8e24a6bd

SHA1
9984a7f3d17c62078de0113b41cff8d592f53ff6

SHA256
5674a8398c5dbab4fddf8d827e40f7e96312ede036e81a142f2a1f8c2c82f522

SHA512
b08f78af3a75d23c3fe6c826bb200ba37f83d5a64be8562319c5109670a33025f13bc79d9436c7dfbd2d6ed57a806be325a2e9beaa10b169b25dc2fcc9f8f77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d31588e673951bbfc8105a7036198a9

SHA1
5400817084d18734f11cc2c55ffdbf06fe3ce12d

SHA256
bbcc51d9f9d1ade03dded69bcdc3427ca4e4a0046b976b83b8245668dd29a85b

SHA512
80978cca4cd10fff8006a205def1923cc0ed88c4784cff34614be34848b300980edf35db6a8cf61a27f8dfb787f9cb0de34eae7d137feafbeb46b74963d50fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5fac11ee66cf256d5aa35e3a2d9c90fd

SHA1
9815d8d6a5e137cee5cf2c424999f5d69c6b4654

SHA256
476a8dd656f45f5b2ddda90a2f7ec262ea1e6d36af5eb1cc18ee16d126bb7963

SHA512
2aab08b4742c60adc1895808416d139bc703aeed0da9a87ace8337e18c4ca19f3f5ad5f0c02f3052e9b6aeabdb59e1c271d805872960a45cf9f601c6f9b1099e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5855ad.TMP

Filesize
1KB

MD5
adf812ea70814a21e7e3a5eb1424350b

SHA1
092b36544b1e67269ce97684ccd0a9a76ba99e88

SHA256
7f9db9f8acc7c5d56e3f48c31c8982d189db660ba900c7ba5551a697c1d0a7fd

SHA512
0d78ffea99905d9258d0dd042863c50721699fe077830c6d60d4dc72d2771da5fd75328aea6fbd8e139dd7a6df5138846eee556dd6abb3940f67c16e94b87793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
47b9424531dcc98c86bd2e4da73c9adc

SHA1
0c50173c08f4293f85beb3f97953cfcfdfd59984

SHA256
539b7f32ba7524a4991db94ef12e6da6fd9da365a44789e3699ff6c35169b675

SHA512
de84e7bbb487780e5abdd51ef079ef33e3d449e525069288a33a8207514465803396888664c9e640c95eb44107cbd83a9bb39dad0a14f859f50affa099a6cd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
755b4b235fc994cc9d48d744c34ddfc6

SHA1
3b305b09b3eeddea2fc58ec20f3aef804d7c2f38

SHA256
8dacaa8d1145422c415e6afd0170bc43687c6966bb1260f8126d79a33aa7f2aa

SHA512
b8c8f7fe9352ba4d50ea8f5654ec36808f57171af316efd212950ac29e1f95463be77186efe2d32c0ec0cd3e8de1cfba3dd51dba57202b8bd13f96de2eb4205c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9b3a3c311616a7fa563282d1807913d

SHA1
19d84e69f963d0cb815edd3876dfc7d95403a162

SHA256
6eb786cd19ce0dc609783f32b9be506a4e1b52808e599f57a3f1547804e9be70

SHA512
7eb69e8714980adead77ed509126949ec7d7879004c8b3d2ae517e6dcac92db9d795d5be04d599414f981c876e1f7ecc2effbea13a506da7fbd73a9365c1fbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d514a89457e63b2c2f47a235435f912d

SHA1
11bac1809b22663c8c4c709e9bf17bc736f07e33

SHA256
7c3291a42b35f6ed5c061dc70d028dcf53c4fb954810dd0cf77a05dced10540c

SHA512
c242f7b763028b72776f6fd8daee5ab9d7bc39fa31f4f3d296b7272647e3d4de246989edfdfc99b45e7045a9da7325772c93a5de85005c3898a789dc2954f895

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\OWInstall.log

Filesize
18B

MD5
07e605d2d7609cf336ea1708e86b5a0c

SHA1
e7454461893e305ecdb72556e16e001617d718f9

SHA256
c69ad6c6a1d6d89336e18db86a6c852ab60c0ceb367c79922807e55de7be49dd

SHA512
5a8933d0b2e3441b6cc6e1881bd513d0f5fec939f0108b46d3578a6315283d44af65b60329e5cd528bac308dd21f1ea71daa618a9553a06b77ccba278d23496d

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
752B

MD5
3db425440d8618321103a11763458197

SHA1
faeccb9a066f3c08b72f7a709e37e5ceff30367b

SHA256
ee60b06638c838a8258bbd0adfd8f2703a5599c75b908a9a0eeb160d3fd38255

SHA512
e7f1e77ef6b755332bd7c1b7cb7d75dcb0a52cf3f2581e734a21e259928e2b481b1836e9752e1a51b83f229be283282c06b1304881d9a808a22374145eae16f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\de\messages.json

Filesize
12KB

MD5
9ad7bb13a28acd7b7be3d35adf80de99

SHA1
0fabddcfd82faed51bb071fcfaa213db2583cb37

SHA256
4442ce287dfadf8d2019e4e975ee1c876d57d847c04715fd215ce03b24d36225

SHA512
9af9d5a66c4d9f39027eec20288bfac7170b43944fc58d6a05359624827a3847c4d90b232d3f1f621eaf3f5dd35172efcc96e763b1ca733dfedf02d4df084951

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\en\messages.json

Filesize
11KB

MD5
02b3d4da2acbe118b1c7752cbc73c563

SHA1
f4dea02036c91100d1d8b641259bf1c261ba795d

SHA256
dad27dea69e2e18dad4489ca8ad16c2dffa6448919ad857375f54463740ffae4

SHA512
bd37a83255fedbaff54e2bc9abcf220e8daf0ba7e76f7874e0415420b6ed3543f29f7e1c3370048af10400fabfe6c061ddddf726ab4ec906793c02ebf852690d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\es\messages.json

Filesize
12KB

MD5
424b1b7afc6cea984341e80a1d5ee07c

SHA1
af56baa273442a6336acf7ef873a1f64423534f3

SHA256
382e9709edcbe0faa5509ec6891beb1063840ff0a6cbbd04c9aa94a376ba4503

SHA512
2347b5e2d5b1f95be3c59461c01b6a3f9d52741510d790a812d61ddbeea5b05f01a67e918862790cf1697a106f9aad65d8035626880c7cba1e1c87456ed473f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\fr\messages.json

Filesize
11KB

MD5
418a72fba9141b5fad2daa67eac89ee9

SHA1
c0e931a1e76543dde2350b2a93fb7adcef49b194

SHA256
d10d6f0c35af598decd2bddb3945ad5987cc8da310446b16a63e9856fb635999

SHA512
1e756322ae19c9a82d66ff74fb48daaad3ec8d873aaaa63103cefc51e4db0c3de4f593f067606641e6027c4b5c256c7e558d4fb1684dc8241ce96c8696fbf000

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\it\messages.json

Filesize
12KB

MD5
14684a817dabf05025d1a8b33b0ec04e

SHA1
fa838b38356c26a345292786df9d868331dd5aae

SHA256
71df04a26c171ee7ed4e13ce7b8d0a7a8e50fe1d554d2297ea96f7371e4179c7

SHA512
194aa1dcec2c50fdfd7431699da3080977bf59198b404e6ffc96f06628fee01d0db127ce041a4be0fe22568760b9fd2da517cb67ed5efc283ac28838f5e7bd23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\ja\messages.json

Filesize
13KB

MD5
d9dd8119873d6e831fbfd768343805f6

SHA1
c4b2c24b8bba9238c10616ac9c01cef088cab092

SHA256
20467128e0afab919e9874dcd7e2d5dd94fcc16f33aa50d0d8243e81d6c089f2

SHA512
b5c456f7655bc3ec23aa733e91940f25cd5f42284e97fb51a95b96b927c75a96ea163628486cb4b890b24ebd6277295fedc79bcd14a2ce7b19471490d9b32a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\ko\messages.json

Filesize
12KB

MD5
17387fe103d0789991d057984b130284

SHA1
1a847b2f82a002a3e3567f4dacf39632b1e2ba35

SHA256
0d483128b1714e8df8d61a3396ea4ffa6e1f6865ad7b5306214d811a2028ea0a

SHA512
123a84497ac56dfde0cb4d52c7c778b1210132662164e1553be98fba06d4b49941b8e11c105749aac1b140b6886a33bd2647d0fcfd7bacbbbfd136ea4ab2cfd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\pl\messages.json

Filesize
12KB

MD5
5ba0db597f102d2b7560631095128f1f

SHA1
10de6855b2c26d00bce493ad5049d030eb7c22f9

SHA256
b8c9eec03aac551f33de55f0be7d5b915d64730b11f0574fed1666e656f2118b

SHA512
e74fd3ad2853f4cffe3bc188d535b86ee5ce81b3a884ddf0c51ee823fb91b30b3d62dc3bd4d38db080d97bee73fbd48102896d76c3153e307461aa82d5e0017a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\pt\messages.json

Filesize
11KB

MD5
3159b26555d81ef9c9d0d153e775c708

SHA1
b855ba4a1f25e6dff65da71b407df1a91180435a

SHA256
7c09f5f4f909d30e1a45b92a517432d296859825876d4e9852a8f509f96d2480

SHA512
ad1c74542a4177fc8e200d2e7943308025a2d691b0b421ffcb580c88cbdc925ef50c43d17bb665a2a59c168e1fd21897d8fb000a71695036533bec4d907c7184

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\ru\messages.json

Filesize
15KB

MD5
c22702df74eb2c41ed92cd3f1fc46cff

SHA1
ba8b25078d053f44c5bf58f8b761baf7984de527

SHA256
764419019b8da2bc3fd0af5ec8ce8899b3a24d90c1abf69087b71fb55acc0515

SHA512
facc5db35301ef8e405561d09dd1e4353ffd665d0577678d63d33a45362277556fcf2ffd930377bbf7631fcb6a32371dd658b45916d990fff3abacf2856632c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\tr\messages.json

Filesize
11KB

MD5
b7695e795776ecf9ac9299c0f30f87f9

SHA1
00361bc0899720beeff341282f2aff5ac43899f5

SHA256
7840b3b78294030927731f914a64e17a2010cb0699447339c2fcd47e909e7d4d

SHA512
a8574f7cc659694ed585580a135baec7faca82162e6fc9c19a88ebde15cb952878d74e43b32012f7f7dcf63b67b097fe62d68db8eb6753ebf353bff8ed07315e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\vi\messages.json

Filesize
13KB

MD5
ff03f3797fcdc074fd32a57f8ab36d4f

SHA1
07d382fa4558607d502aa6a6d2de797a0269b4e6

SHA256
231a647e4ac1fcc53c008c7a07af4ddbf6e7faad38cf6eb593974ad9cda444b4

SHA512
7e85fccec49f0e3df37c410a49f689293abadfebc55b9ac3f5a47b7a868503175c0efe957e7ea422bb0d58eb6a200422a394f530724d0fcb6e5d7b5643a12df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\zh-tw\messages.json

Filesize
11KB

MD5
363616514628c643de23e2b9b596c2a9

SHA1
4cd78e19d704d3eb470ebe0b4789bce6cdee64ec

SHA256
d10b26d1cb08ba5b4c9ac17439a641f82b7404823f4ab8bc3d793c0c4bf01117

SHA512
d1609f3a4ffc45b3003056e6a66ea39be43ee73aaf1d6488b4fa86f37e176388191d3cbdb30506c0472c3d98d3c1c5b3f62de028dc495b23abfa57f84015614d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\_locales\zh\messages.json

Filesize
10KB

MD5
6bfb7e28c38ce417f9ae53b9282a3e90

SHA1
5e7723fc7e5e965fe84a1fb8fc22fc07eb19bea7

SHA256
28ec01002632aa8e3a46078d590c4cd707faf2a2f0e4071d6f8572d4b90a4ea2

SHA512
126ad8f28af186b9a7868497ec1789b85031373c0ab3e9f7df84d7a6773064e490ab1fdbb94c3bec19626080bb455a2231ec4a45de2a24e041d4478a52bb4055

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\assets\fonts\klavika\KlavikaWebBasicMedium.eot

Filesize
27KB

MD5
ddd851603ecdbf74a113ae2e741fb487

SHA1
36449c0d56578c22df9c6918840d808aebd3e97e

SHA256
41146279fcb503008ab14c89e3e9a1737dc92499b07e36f9bbbd40b82dc3a793

SHA512
67b84413462158a114018c413bc8a32731d00f439d6998ec1577fb7d27df4316edd9acf9c94dededb918fc7ce6fb8523af85e03dae0b94e5a2b505e6998e0053

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\assets\fonts\klavika\KlavikaWebBasicRegular.eot

Filesize
30KB

MD5
8c176ec2a2ccf48958f8cbfc5114818f

SHA1
dd93db072bfb8ade37da99c8e56bda5c4259feb8

SHA256
83f615ecdb758eb2fd5357b89a9e0424bba9ce66ba2f8ccd93986f7d03998b5b

SHA512
c2ea009102f1a47313ed3d85f391ea23a9bed3378f965f4450befc5347b086f752fdb5b41ef0f2f6dab674f3095e7dda2837294b4d21ea9268551bffbcac5c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\cmp.html

Filesize
5KB

MD5
d7b8b31b190e552677589cfd4cbb5d8e

SHA1
09ffb3c63991d5c932c819393de489268bd3ab88

SHA256
6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

SHA512
32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\css\styles.min.css

Filesize
14KB

MD5
a205363a8b123d65909896daf16a2eb2

SHA1
17d99f7889d61b56a44509e45465fe413ace29d0

SHA256
ef423e07b8a0ce201d438ffb8501899c6ae9d20fee079707b03b32bce8857591

SHA512
c65cd1f376838ef700a1826117c61d10151c06a8d1e869a2c5c2f0f282cf00a8dde4d6ee74df01a34824e6f84d9c694217af23354f490eafd5814493e4837521

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\game_detection_database.json

Filesize
27KB

MD5
336d26d3e0ab31e8dc102ea86c48fa26

SHA1
aa0a6a940ffcf7cdd9cfcc86a382890e18fff5c4

SHA256
f30b571b8bb396aa0bca9aa9b80638416ec638de5c4788bc281ac67d3d54ccaf

SHA512
ee1d4ae3236964e0e2aea7c33aa82f44b2b25d9fded16452e00ec09f867031df0539be19fe52c4d638332dc50698b526a7cb11056f5fbf765eb7e0cf832fb49e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\big-icon-fallback.png

Filesize
413B

MD5
435663128120e807ec9c33d5b277198a

SHA1
6de278d5f8850da54405fc3a444cfdf8054f6a05

SHA256
46b318ffab431aa7f0559560632c0eca28a0527fe9ec766e947d3b49708e3de5

SHA512
97cd952ab6833cea217ea6b5f5a83624f4ae1311ac0c4d66f2bb7d61a6c224b7cfb6205074e008ea33aaa7b82474fed4230ec3f4f8f085e884b716ee992624e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\bottom-arrow-hover.png

Filesize
294B

MD5
f5d76b21fcab6cc89fd0ebc1089c2c26

SHA1
160645c02dcfdcd4d6d6a8339557a62b80493e40

SHA256
3b8043e64994a53126afe1250b80fa2934196c3305bf93fd3e7a6963867a6eb9

SHA512
4c4fd737cd771e8e0c025295c598aeb4ffb2d20df10658f7cb992aa49b4817be5d291c0c6530b4e9aaa241ab76df3c52e01a40a505e7b60d1d968a96fd4de991

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\bottom-arrow.png

Filesize
279B

MD5
847fab99890ddd7460e758ad8d463ba9

SHA1
bdf8c1e45993ee33ee0bf9a2e43d6048df71cb8a

SHA256
46bfb08af2269108c681b78373c98e899b4234adce39394322c7dfd6d40dcdac

SHA512
0bd2075c61eafc2946a9431bd4fbbbb141f3743144782376874640e4aae1ee97a05844589661b3a0912b23dacdf57e0a667d8ffa8ccd0f4358e5802e653aef1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\checkbox-checked.png

Filesize
161B

MD5
cb392a851c11a74c80c9a6b7a2804cba

SHA1
750b03afd6f6da79ae81164b5a64dd2c3f4937f1

SHA256
b0718ebac6a1666f75492e0807166ea1b257bbbeed87d64d574e45adaa768173

SHA512
ca3baf5ac8cc1008c3886d68501c49a750efea4c891d85615a8881ae604f1c9205ee71861a8bb615b5978b239aa4e3b8619a56a646ec4d812e0ee7c1dfe05af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\close-hover.png

Filesize
185B

MD5
d07493ccaf895ba1e5a1b230789b06a8

SHA1
c62f9f464db25969516ad57a706b222e100667a1

SHA256
5c95ffffdef5de89cc7b04ddacba9fa4c1280a192fda4138460c72433f0d0230

SHA512
ec5640f9b97ee9d22f8dbc1d685048acc6c67338eb701c42522a0e72edd3b180677405d458c49cd73ee23b8ebef85beabd66909a6572665abc1b25cb6d0f074a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\close-normal.png

Filesize
330B

MD5
1acb62ec3fa5a82347c330512f2259d6

SHA1
c81389f19687e791bc4ada896620b17471371c04

SHA256
e8bd82cb680ae552f587a3f0bdc1df18fc7624dffec501840cc508d327baeec3

SHA512
a6693f68c41f8a7c137f3129403b14144329c132b99956ff2c1cc5317b046eaec70aef82c7c05b9220c3c3a7f2a417718fb65bbbe486250c05191778456f602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\header-logo.png

Filesize
1KB

MD5
b51f37fbd94cb7d7f45dab73fa5bcfb9

SHA1
2c3aae0f065216cfec01339da2c60282312079c0

SHA256
e83b38f1f699ed4df739fa632d55a422e6d35b19261081a5bfccd2bc4669c5de

SHA512
4a7c0a654c3d4da9b9b77aad46d68d2da370b8b54fef325e6ea8972b202541c134ee937db6d71dd549d405241fb15a043d2dce0734312f72222cf5a21e5827bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\icon-fallback.png

Filesize
213B

MD5
3880ad80fd07870118b0aeb8fff308d4

SHA1
37b30e87d89d3bc56eb5ca3f8ec6c7f22e5ee6a1

SHA256
772fe7450824cb84dbcbc9cdb401278dec1a511ca3ae2cceb073e8bf4dc8fa61

SHA512
3917e7b6623f284a0378702e489a5131c3ad328827a87e1332d24a89d6e54d68e7dca3e5bfeb0bb22fe54da1572d2d8a9107eec8f36b9ba7db1f50c0a5205d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\large-logo.png

Filesize
486B

MD5
91c31a155e202e8ad2c033e61d0bf948

SHA1
3fc81f5f368f90e7104b65adf6b8780d71005f99

SHA256
1bfe389c41dc9897a4b1b5a0e495570a0f3671fad73d42307cbde1a82ae1be17

SHA512
ef89b9edabd3e1f3e9cb8e2ce919b4d29a31ab112297fa6b9c3be2cdd0df548307e3f800de2e027b907422ce87a5edf638d0a410e9afb6de85318ac0173f1e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\minimize-hover.png

Filesize
171B

MD5
f4b8851b9ef5a55b0d45392baceb31fb

SHA1
03a87a04dc75579a8568543d40db963b6e9f4051

SHA256
d84b877f7a2d601b1d71cf878b33ff78c94c2d144a0f4d72436a7dcf64e712c2

SHA512
a849659d4ba4e40b924108cd567a58f4b1569afc5c7517a10c26fd6d64422fa61812683292da1c3b19dbe91c63aacd5cd1c5b342ccce98b6815e94b55767ce4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\minimize-normal.png

Filesize
150B

MD5
1bcfd10e50ab56ac335a463ec19b8d33

SHA1
b5054dd1cdd714a6771bc11e43291df361a16ccc

SHA256
aa2b021cd0dd9563705503dad48866eac926c7ace608ff8d00f755afc509f39b

SHA512
7257c401db826ed1f4a549b1b899d0fb4a5bcc3c599ced49b07a64fc308b08fb208dc378a32d9c3cd193b4d603ae76f82bb297334998ca6abb790081a5467edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\more-info.png

Filesize
539B

MD5
c6911391ca719b6ece307854f40d02be

SHA1
451936edbab150559e38a81ec88c75de052bb14b

SHA256
b110d583d920fb1065fc7eb587e4f2a256f99d55eb8a562924e088d9b7a971aa

SHA512
9728920dd81f2554a37119aae1755751e08ce8d22be5df21ad1b8205d3e37f027cbcb32c25193faa6fa6e270574c7d4eff529ca08bf57565b764b338ea8b1c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\plus.png

Filesize
178B

MD5
28a150c80834701792d39b58fe16e741

SHA1
f7fa88204163ee7a0df768eb6759bc02b8e1c030

SHA256
d25235a308d7b16b6a8694a3eb8935393d124dd3c58380a6c67d4e4f3382e47f

SHA512
8222a493bae3316a851b66573886b3c63f8d63b68e4da56ba25f37fb46cdc27ac7dc4e10ca1c3912352812eae5ce4492591fbce09ff7ba1a228ecfb2a49f0c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\progress-01-overwolf.png

Filesize
12KB

MD5
3d98876bb3f09090568aa3ef90a84dc0

SHA1
5f98121ef031920b8c8ecab21435cc64bd531c19

SHA256
4da28ba55f43cc1d03d5cf1eeb040985d3bb5fd2a7230667c871254f006c512e

SHA512
2bfb612a6aa0061f123e8d342ab4d049e2f38b2c111f2662d4da8c8a22a73893c5d9743a337766ff2e6346cb04ef2b4c63ea72e5e749b34593fd372889033d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\progress-02.png

Filesize
9KB

MD5
3781b597e18900a6b779ab588d8a8e21

SHA1
0fd2084a62f507ec802646f7423c9714ba547d7f

SHA256
130eafc5dc7ef993134d0bcff40bfbf11b99d41c63a5c6ad1d70c7ad4db2a5e7

SHA512
22f2cdc6cdd81503d48f8f23c84abbd23c6c9e3a137b7e4e91846823d957abeee348f4e3cff88667a263503ca310d80253187d699f733975133d08b5729e647d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\progress-app-image-01.png

Filesize
2KB

MD5
6276c4f73df3a91718a12878c63dcf24

SHA1
a86fe5338c78dc396f680e489766f8186e6cbe81

SHA256
032335dca37195df73cef1fc5f019bc8705284c3226dbdd54f81d61b714c4915

SHA512
11a4e465614e65a04e72b5d6b80f0c5643d51757a06595168894d3e0a419bd68ad31152221a22ec1fd6db03c5c159d31aa5054f1f4d8c633099477afd6f92607

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\progress-app-image-02.png

Filesize
2KB

MD5
9626ec7a1330f4fa65abb37f08ff6421

SHA1
914801589106fec21ff3d7f5673aa035bb5bf129

SHA256
9363bf7bf35a32278d95b8410bda989c63d9cd09fa17fdcb04d93aef1d433b3c

SHA512
f43caa916f385158cb3a3fb20193a80ce8ee84f1063e6497fa0a9265dd28b8983750d0c44006936aefb9d6b16230d92105bd344707bda8d55e3283b344ec792f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\progress-app-image-03.png

Filesize
1KB

MD5
38ead88ccac4d4f8077e265aafc186bc

SHA1
eb3c2de5065ab597c8e9799a3c31487545ce4828

SHA256
827f9bd53d624da1397e0f8d3a68fa96bbe7146b74f6ea8af5cd6acfc3839cd5

SHA512
a473af7f5d1dd87a670b1d7f1c9e34d66d7bbc77647dc72d540acf97e1d296bbaa59469663354ae4223423688142d6d828e35f571d37bd7ae813274ccfcec519

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\small-logo.png

Filesize
523B

MD5
ef0803e881fe7bba90e5e9ec1678d950

SHA1
43e9ac35b2f4bc22e404bb2362eaa7bfef24f9bf

SHA256
0ee19b8f79232886f6234cc6dc21c0327e90df94a189c5effe1d8a6444543726

SHA512
11c6126429f4fc3ea32edf6132dbad840a1df35f58237c8730f5171c491588425190897f4370545bcc4ed4d42838dd95a2789a3b6ca20cf8cbc7bef78472f253

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\tile-fallback.png

Filesize
935B

MD5
0148cc4040f730247ce079e723fc030b

SHA1
ee316fdbaa54a7cb5cd350adc4919787e7edb63c

SHA256
d173d88df0d31e3d4f83b299cba4ec031dd286dff2f963e58d747617649108a2

SHA512
a441046265ccbc2e8e25bba5e10a46d65f28d2a9100ee12742e0ef5da943461996cc036f57031ef6c21fb0929ebb941e27874a08e53677e46ea28c097136cc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\v-check.png

Filesize
885B

MD5
cdd7415f59e5c003dd5956b971a3cde1

SHA1
89a3cd6591cd66fde5fe389a216272cf11d7696f

SHA256
af10225db6ff7d4b67d00b12f37b211c1f368bb99ae900856b023ce5999dc9ae

SHA512
bf36f6ed5f9a5bd9da0bdcb0baa03ad73e12e4d30ef64752e14c307280825e994deee50c5436f683048711104634f0410684188d47f5698dfe5309ae4f55b2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\images\welcome-logo.png

Filesize
995B

MD5
860785e1633b7a170ec443f4d36551c7

SHA1
f5a3401fdb22bffabbaae7f912f93cddbb7ea148

SHA256
2e3dced384fe419468973dcb074794b1444f48bce8f96217aa5e3a98c34e4c01

SHA512
217b2177b9f990ee27d1e169dca9f99da18e9bd41fc6d7a5ce7d01cf9e35a23f343763835424125b3fa73de196579054e56542e5885327c6922deeb34fd78e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\app\progress.html

Filesize
20KB

MD5
3cf16292a3b2b0a8e8be4d5dec3fe7fe

SHA1
aea7bb7dcd69e29bfd176e4eb13e820ce3a6f008

SHA256
9a074fc3a4e2b98ee4855e9ae491d0c004659bc2db623f90fdacf3f2e4b07761

SHA512
0464aab09429e9c5c09b757a4d588fa1714cc9fe100e41559659a2aea1afeb5a10c292182e1784c40a09557222200a2dc2010007f64678e5de7178616a38086c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\nsis7z.dll

Filesize
92KB

MD5
f5724ccabe538ba2022ce078587fdce6

SHA1
1aa30dca44b45d9f8dbe03efececac80c72cbeeb

SHA256
cd8a724de01094ef62c5233a8e07d898e3d7c375d1fa29500be7b5944c2067f6

SHA512
48a8c2249b31985eb1b596f97f947860eb75c58f4f0fba39dca948be626931910dc85c39b47ec72438edda4237beb3fac36faeda12360a24d4039a188b5286c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoFF6B.tmp\partner-custom-asset.png

Filesize
2KB

MD5
2705d292e2fb7609447714554c57a585

SHA1
68e385c6b314a3783aec8bb9de69aceab7b9fe36

SHA256
f9a654c702d0bd821de7a7f14bba34d0b6f7d85dcb004484e242e889aa90d77d

SHA512
0a3285189ead35b013ae8f3f2ea646be1e5a77efc154a264f266359a1ccde0b71c395db23687d6eb1f65477b80c569f9691cf2df0ee84c553509cb364c7531dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\CommandLine.dll

Filesize
71KB

MD5
0d02fc994e746bd86c05d23b95d4f253

SHA1
aad96fbea609e334010551eabda63b15225a9c86

SHA256
07ca488412d8789818fbef2a8e85a4fe9b59fd4d26de6bab2745ee5d0ec0ff05

SHA512
849ce93abf887d37c5d572432dc919004fb2174416aef4c2461c5ade9305d9fb2d92709a92478ea767dda310a67b84fea7125d1b93388364e63dfd7d4c23bf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\Newtonsoft.Json.dll

Filesize
692KB

MD5
98cbb64f074dc600b23a2ee1a0f46448

SHA1
c5e5ec666eeb51ec15d69d27685fe50148893e34

SHA256
7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

SHA512
eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\OWInstaller.exe

Filesize
304KB

MD5
9bfd26c738baa450016126dc84815849

SHA1
d918f92b295623ab1dbe7ff19c11c8a05714f365

SHA256
d9df18b606346691375924b975854e75173884e8490100e658de07f7d507f56f

SHA512
14cab457149ad37fffd9c1f0dd0e85e8b18bc20efea883d99c36e15edba805873dc1acb9b1ba7a41308afc0bb12e08149fe781230c88920a4bb76bc3a9f4443d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\OWinstaller.exe.config

Filesize
632B

MD5
82d22e4e19e27e306317513b9bfa70ff

SHA1
ff3c7dd06b7fff9c12b1beaf0ca32517710ac161

SHA256
272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827

SHA512
b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\OverWolf.Client.CommonUtils.dll

Filesize
650KB

MD5
eba7697389bc9bb42a47d7c146c8a2d6

SHA1
bae196a8bbb3a8fe7b38959b3e135dd1e0576071

SHA256
84643d194590efdc12197256f4bcc830a191db7488a3197f483085e848985495

SHA512
ece440a85e36ed05aa8a87ab82bf272e33913d5f3f5361c5a2f70c170d0c6b5d2f91c94d823f7b35193f84e3ec9326c8eed297a25fe4e71b2a837b65b1c7ea4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\SharpRaven.dll

Filesize
82KB

MD5
2ddfcd58132b030e5a1088cd23213648

SHA1
e050dcfe25b19b7110c6e6a3bcd978caf461a63a

SHA256
b57ac20aa37ef536dc5dc03b8b4b857e0aca95455c8348eb945ec6f4251ce4b4

SHA512
6d8658042c543d47f0c5cfb8446d6e653a97d294aa8a75adb42e585215305b70ac37dab78b285013240d487b71835e7046dce8e0abc2cd161fcab92ce1101b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\System.dll

Filesize
11KB

MD5
7399323923e3946fe9140132ac388132

SHA1
728257d06c452449b1241769b459f091aabcffc5

SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\UserInfo.dll

Filesize
4KB

MD5
9301577ff4d229347fe33259b43ef3b2

SHA1
5e39eb4f99920005a4b2303c8089d77f589c133d

SHA256
090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

SHA512
77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\images\icon.ico

Filesize
149KB

MD5
af5a51fc5d3cf1861f2a470711355265

SHA1
bb6ef7a49986f46b1347f007a327b7b35d28e4c3

SHA256
70e7e734171c8c32bcfe8967bb3d91fbe259952ec9c92b6562095614ff465a1b

SHA512
c3de8de1db9177521e87cb099a15ab4897e5d3a9b8b4086a555689743d9945fc23bc5c9a2409f26b2d120031e355ec6949ead3017c3b44cff7b701ad72073b8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\index.html

Filesize
20KB

MD5
423d2e2f7e21b856cb5f3ee3dcbfa5a0

SHA1
eda0e357387913daf57a0c683c34b4b8a5d7baf7

SHA256
cd59efa2fe7cbe222d03a946c34eaacdb3761e922763952d7be4555addf8572c

SHA512
c403307549af9bf7cfd34295a8b1020e7b7489d104b5fdaf4320b495f85977134796774dbf4f20f8fd0b2d1f2188b881a1cc35cec56aa64a3dc84bf1c2d21b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\app.js

Filesize
21KB

MD5
de88fce9253d26e0c61daa1783baa775

SHA1
07c5848354a247056baad369059aac9d3c940ecc

SHA256
993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba

SHA512
71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\block_inputs.js

Filesize
789B

MD5
b5b52c92b90f4283a761cb8a40860c75

SHA1
7212e7e566795017e179e7b9c9bf223b0cdb9ec2

SHA256
f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

SHA512
16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\libs\cmp.bundle.js

Filesize
346KB

MD5
75788eef24727a1387ea0db9ffeea4f6

SHA1
c222936daa52501bc6fe4a7a72c989f73d69d4a7

SHA256
38536d86fa0017a0a64148d6976f601eda336faa417c214720d2039e7e3c3a58

SHA512
68b8cb1b6a401103500167a6c19c6ac94fa7868bce043ae490613aa60e1601a218a4dfe959d42b61af61eb48bd930b7c520ea4e9bc7dc2fc1fd7690b89002532

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\libs\jquery-1.10.2.min.js

Filesize
90KB

MD5
44e3f0db3e4ab6fedc5758c05cf27591

SHA1
2d408aa1d35661019c95adcc60b78c0727ed25b4

SHA256
bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144

SHA512
4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\models\notifications.js

Filesize
5KB

MD5
85afdf9897bb1236eff3afa40d15ece6

SHA1
4362bdd139458eaf4a2dcb34294b43e2d53f4a26

SHA256
9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32

SHA512
4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\utils\analytics.js

Filesize
4KB

MD5
525281e9959af4c1c0d11b9243c798a1

SHA1
237a84c5b57bd132f48446d718b20640cb28c263

SHA256
c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d

SHA512
fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\utils\commands.js

Filesize
13KB

MD5
a25b49d085333ece9aadd1f285795925

SHA1
53341dcca297a969a8ff37265935488f1790307e

SHA256
acbf59ce6aa668880f65aab2bfe62305415c76301b40bc7f72777f0b08840b71

SHA512
0a2cb6f4e1af0c4205e38ba1e12c208e6ea4f8f8e3956c9d10b312aa9a6929b99ec967aee7aa1f54da97ca6ea354f8bd7f624359cfd05c6241a5f4bf59843b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\utils\cookies.js

Filesize
1KB

MD5
6c60e675f8c8c68c0174b644d3a63a2a

SHA1
3635a3fe07ccc4a6f33a986ddb690522d0611abb

SHA256
9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287

SHA512
1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\utils\modal-events-delegate.js

Filesize
1KB

MD5
117e4fdbdb0ecf211c8bd909efd337d1

SHA1
9f8684d856b7c95bdffb139217dfd89f41373187

SHA256
267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857

SHA512
f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\utils\strings-loader.js

Filesize
5KB

MD5
9c94eb933d8a43dd3825e67a7e30c980

SHA1
7ec7b16af6f399219209ba5967d377040486a11b

SHA256
96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf

SHA512
a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\utils\utils.js

Filesize
118B

MD5
a0952ebeab701c05c75710c33d725e7e

SHA1
1da8a2e889f1213d481ae3cd5571670c01e64adc

SHA256
b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246

SHA512
5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\cri\cri-controller.js

Filesize
3KB

MD5
4e4b4a9e2d86ae3c108105078db6d730

SHA1
826946be793c999316af6c1db10523950b18ea2c

SHA256
cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7

SHA512
1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\cri\template.js

Filesize
1KB

MD5
76c1ef0cb437db144c2bed53a5a8a5d7

SHA1
aaab8fff649f8e46d1e9510018118ee9abe01498

SHA256
505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e

SHA512
822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

Filesize
1KB

MD5
eb6d6bd7e05d4477e2704dd87b57ca35

SHA1
f42672ec1e23a3f4bcc2952746d87ba8deff44be

SHA256
5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5

SHA512
1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\finish-with-recommended-app\template.js

Filesize
681B

MD5
d1cb34b57cef7e28b9286454b197b712

SHA1
f3a964b319bab82d4eda07e126bbfd6dec35c349

SHA256
b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42

SHA512
3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\finish\finish-controller.js

Filesize
1KB

MD5
138240ea22084428e9e25583e9156568

SHA1
e8bef7eab5b6e7040b996ec9504436e073444bd9

SHA256
4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec

SHA512
e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\finish\template.js

Filesize
1KB

MD5
f092de7ea66d8e920b345f38537fa35d

SHA1
82d107a409f18878307ae0cefe24074db64937c4

SHA256
b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f

SHA512
14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\main\main-controller.js

Filesize
11KB

MD5
15b665a5c915004e1aa7e9e11a710f7e

SHA1
7821924e42bb19d60c572ff80bbaaa04d7aaeefb

SHA256
84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653

SHA512
dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\main\template.js

Filesize
3KB

MD5
a118c7724c208f12083240cafccfd10b

SHA1
f89c676a215b869626737862a08c9eb07d440211

SHA256
63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc

SHA512
9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\modal\modal-controller.js

Filesize
2KB

MD5
b04bdfd1c7d09bdbdb94a2455fdd677b

SHA1
f000ba4866ff16d75bfd6cf446763498e19b12b1

SHA256
4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1

SHA512
3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\privacy\privacy-controller.js

Filesize
2KB

MD5
15bbec339f5046f525e3aa96d36c30ec

SHA1
f73d40bf06584737fe327f1eec6f4b0446545226

SHA256
14d9c60cd97f18e74fee2dd80b6a190eaccc526085991f356feb6b4d330a0fc3

SHA512
2b0edfd2d5efb3f739e56eb6f3bcfae4789af3e1639f5f8e5f7530f5af10eb1a61464d665c9d9b2f4eb3796f2445108599d8bea75f1709aa562feebee519da4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\privacy\template.js

Filesize
655B

MD5
cf8d2c26520d7c84e560dfa79e31dcd3

SHA1
716f2ec17480d5cc9c145bc147833fbfc39d36f0

SHA256
95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8

SHA512
d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\progress\progress-1-controller.js

Filesize
1KB

MD5
82f0b997ed552c52a510a9f2ab29dc3a

SHA1
92aec3a656053c71eccdde610130f5d8008fa96f

SHA256
838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105

SHA512
ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\progress\template.js

Filesize
242B

MD5
92b145e6649ba0add3dee9a69d3fa91e

SHA1
4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d

SHA256
a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab

SHA512
747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\settings\settings-controller.js

Filesize
6KB

MD5
378c18dd7d5cee6ca7c4ddd0396b535b

SHA1
d5f81d4fab29201fd1629dc4d8e6f918c0c30479

SHA256
b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35

SHA512
c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\settings\template.js

Filesize
4KB

MD5
28513de0830383a516028e4a6e7585a0

SHA1
d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5

SHA256
8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f

SHA512
0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\welcome\template.js

Filesize
1KB

MD5
17f54fca6723b983875d940d931e0afb

SHA1
01774cd5cea36bd74c80a708d6f77567e8091024

SHA256
42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb

SHA512
401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\js\windows\welcome\welcome-controller.js

Filesize
2KB

MD5
50f676754862a2ab47a582dd4d79ecf3

SHA1
1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158

SHA256
6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b

SHA512
ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\app\manifest.json

Filesize
691B

MD5
e403eaddf76009ad431410b02424f255

SHA1
07367a5faefd49fdb10e2a135db56341b4cbbdfb

SHA256
940e82de80943e0db937dfdca247a0a479a3924f005fbaa393442eafce01974d

SHA512
159c3b43f9fd6650c9eba340ce70d13cd62a728c5d9dbec61008a79e84eb5898194991af5ccf9158bc09a0145f6d140edc812d054d15f275aad9cb92cd73bf4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\log4net.dll

Filesize
270KB

MD5
f15c8a9e2876568b3910189b2d493706

SHA1
32634db97e7c1705286cb1ac5ce20bc4e0ec17af

SHA256
ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309

SHA512
805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\uac.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq5EF5.tmp\utils.dll

Filesize
55KB

MD5
aad3f2ecc74ddf65e84dcb62cf6a77cd

SHA1
1e153e0f4d7258cae75847dba32d0321864cf089

SHA256
1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8

SHA512
8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA7E4.tmp\DotNetZip.dll

Filesize
467KB

MD5
190e712f2e3b065ba3d5f63cb9b7725e

SHA1
75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12

SHA256
6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f

SHA512
2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA7E4.tmp\Microsoft.Win32.TaskScheduler.dll

Filesize
126KB

MD5
9536848d62f4443d31bb085ca2e0a82b

SHA1
e76049cecceb5f533266483bb677750c1bb6f996

SHA256
5fa400e06961d1cb40e5d422a93616098307aeb5850855b0e718f25bfc620ca9

SHA512
726e63d38c62046aaa1463706c6b9c898f6809371d58e7eac9f7248dbc3ab27ebeee30bc4f8aef481ebf99d65305ba5a24a367ebf663146dcad457c792e015d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA7E4.tmp\nsis7z64.dll

Filesize
514KB

MD5
284c46af1fd2ec3a60ee0c28f276f2a4

SHA1
4d4d41c0af12d928e4e553ab6b80e6b4ab8007bc

SHA256
2368be6d8b21e0047146d3f61f90966a71d0737eed0146bc692b59f3cac97793

SHA512
ca9e4ef79c9c7c5f2282ddeee34ec39a51cddf26dcad4e9f2e42230499b0b898ac2dfd33f25438aa995741d23037fa01a0269823c283b234ecec0f155d3c05ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA7E4.tmp\websocket-sharp.dll

Filesize
270KB

MD5
4e32fa5672b661d3787e9ff6ea9c774d

SHA1
3aaff8e496bc24668f8fd3d356900f2add1a0c5c

SHA256
1e1af0058fe14d3f74102411ec485ca94a96d80b8ce55a871b443adaefb96b16

SHA512
aecd2bb75c1625f706847ad935ac0f8f94f2e0b6101f76460987c1f670618ac36f7658e13a0728965dbaab2e7dfbe20dba1b00887a8d5cfbf1a4f69c9564a09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ow-electron\InstallerTrace_2024-08-24_18-36_1900.log

Filesize
1KB

MD5
8b4d31bcf0a571b6de955da0efdd59bf

SHA1
b3286c1969eeb1ef6c0c4f20f60527e34355dfd8

SHA256
6f5fbd7d4cc3be1e149d3ec7c328c8cc3785b9978ccfc8f61e8ba22e3d25326f

SHA512
c5e560012ac28a51a4332b9f3dfe4ebbb48b90b259117726a5a525fa3e67618cd6b19768b1971bde1b89f68440e5d3dca7655d2f33d3988bd24dbaf29cff3134

Download Submit
C:\Users\Admin\Downloads\Lunar Client - Installer.exe

Filesize
2.2MB

MD5
9f08fbba20e3ca96deb161bde159bf53

SHA1
20be34f63e0b53e5bd98f0299413c6a4049cb989

SHA256
b5e5259291271a2abb20a629f1ed2832d6ad4ce47849bc18635e08e4898baa6f

SHA512
758eab7bd7e96d745e29eb1664066c46ab4e71c9682ae93171afb8071c41e81c4cfb79405bf9172332b7adbe22da946cf0fef594ed03b8c2eb84e23b78d55e65

Download Submit
memory/4524-395-0x000001BFD4400000-0x000001BFD4446000-memory.dmp

Filesize
280KB

Download
memory/4524-393-0x000001BFED240000-0x000001BFED768000-memory.dmp

Filesize
5.2MB

Download
memory/4524-392-0x000001BFD2B80000-0x000001BFD2B94000-memory.dmp

Filesize
80KB

Download
memory/4524-390-0x000001BFD4480000-0x000001BFD4524000-memory.dmp

Filesize
656KB

Download
memory/4524-386-0x000001BFD2770000-0x000001BFD27BC000-memory.dmp

Filesize
304KB

Download
memory/4524-399-0x000001BFD4450000-0x000001BFD4468000-memory.dmp

Filesize
96KB

Download
memory/4524-410-0x000001BFED0B0000-0x000001BFED160000-memory.dmp

Filesize
704KB

Download
memory/4524-428-0x000001BFED000000-0x000001BFED022000-memory.dmp

Filesize
136KB

Download
memory/4524-431-0x000001BFEDCE0000-0x000001BFEDDE2000-memory.dmp

Filesize
1.0MB

Download
memory/4524-466-0x000001C7F09C0000-0x000001C7F1166000-memory.dmp

Filesize
7.6MB

Download