File name:

Lunar-Client-Lite-Launcher-1.6.4.zip

Full analysis: https://app.any.run/tasks/3093cd36-4888-4e49-b660-e5d48c4ac3b8
Verdict: Malicious activity
Analysis date: April 28, 2025, 11:47:13
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
arch-doc
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

3889BCD6BB1B9D81197230FA5D499F87

SHA1:

B2D2ECCF281F12D1F3B11341D883C9624813972A

SHA256:

E7FBAD58C68784D09B1030BE68B73497611E7039B863B06254A0208F3E975288

SSDEEP:

6144:ljn7WaKEaTaz6JfAje8YP6E4Kk27sJ0QyEcMKuC:t7jKEa5Ye8YPy72rEMuC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 7568)

  • SUSPICIOUS

    • Checks for Java to be installed

      • javaw.exe (PID: 7780)

    • Executing commands from a ".bat" file

      • WinRAR.exe (PID: 7568)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 7568)

    • Starts CMD.EXE for commands execution

      • WinRAR.exe (PID: 7568)

  • INFO

    • Reads the computer name

      • javaw.exe (PID: 7780)
      • MpCmdRun.exe (PID: 5392)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 7840)
      • notepad.exe (PID: 7880)
      • notepad.exe (PID: 7960)
      • notepad.exe (PID: 7920)
      • notepad.exe (PID: 8056)
      • notepad.exe (PID: 8096)
      • notepad.exe (PID: 8016)
      • notepad.exe (PID: 8136)
      • notepad.exe (PID: 8176)

    • Manual execution by a user

      • notepad.exe (PID: 7840)
      • cmd.exe (PID: 7700)
      • notepad.exe (PID: 7920)
      • notepad.exe (PID: 8016)
      • notepad.exe (PID: 7880)
      • notepad.exe (PID: 8056)
      • notepad.exe (PID: 7960)
      • notepad.exe (PID: 8136)
      • notepad.exe (PID: 8096)
      • notepad.exe (PID: 8176)

    • Checks supported languages

      • javaw.exe (PID: 7780)
      • MpCmdRun.exe (PID: 5392)

    • Create files in a temporary directory

      • MpCmdRun.exe (PID: 5392)

    • Reads the software policy settings

      • slui.exe (PID: 3100)

    • Checks proxy server information

      • slui.exe (PID: 3100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2021:11:07 00:15:22
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Lunar-Client-Lite-Launcher-1.6.4/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
18
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs cmd.exe no specs conhost.exe no specs xcopy.exe no specs javaw.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs notepad.exe no specs cmd.exe no specs conhost.exe no specs mpcmdrun.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1228C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Rar$Scan30556.bat" "C:\Windows\System32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
3100C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5392"C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "C:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241"C:\Program Files\Windows Defender\MpCmdRun.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Malware Protection Command Line Utility
Exit code:
2
Version:
4.18.1909.6 (WinBuild.160101.0800)
Modules
Images
c:\program files\windows defender\mpcmdrun.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
6744\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7568"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\Lunar-Client-Lite-Launcher-1.6.4.zipC:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
7700C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\Desktop\wrapper.cmd" "C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
7708\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7756xcopy C:\Users\admin\AppData\Roaming\.minecraft\assets "\assets" /E /H /C /I /Y /FC:\Windows\System32\xcopy.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Extended Copy Utility
Exit code:
4
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\xcopy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\ifsutil.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\devobj.dll
7780javaw.exe --add-modules jdk.naming.dns --add-exports jdk.naming.dns/com.sun.jndi.dns=java.naming -Djna.boot.library.path="C:\Users\admin\.lunarclient\offline\\natives" --add-opens java.base/java.io=ALL-UNNAMED -Djava.library.path="C:\Users\admin\.lunarclient\offline\\natives" -cp "C:\Users\admin\.lunarclient\offline\\lunar-assets-prod-1-optifine.jar";"C:\Users\admin\.lunarclient\offline\\lunar-assets-prod-2-optifine.jar";"C:\Users\admin\.lunarclient\offline\\lunar-assets-prod-3-optifine.jar";"C:\Users\admin\.lunarclient\offline\\lunar-libs.jar";"C:\Users\admin\.lunarclient\offline\\lunar-prod-optifine.jar";"C:\Users\admin\.lunarclient\offline\\OptiFine.jar";"C:\Users\admin\.lunarclient\offline\\vpatcher-prod.jar" com.moonsworth.lunar.patcher.LunarMain --version --accessToken 0 --assetIndex --userProperties {} --gameDir "" --texturesDir "" --width 854 --height 480 C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_2989500\javaw.execmd.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Version:
8.0.2710.9
Modules
Images
c:\program files (x86)\common files\oracle\java\javapath_target_2989500\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7840"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\arabicui.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
Total events
6 347
Read events
6 338
Write events
9
Delete events
0

Modification events

(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\Lunar-Client-Lite-Launcher-1.6.4.zip
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7568) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\VirusScan
Operation:writeName:DefScanner
Value:
Windows Defender
Executable files
0
Suspicious files
1
Text files
30
Unknown types
0

Dropped files

PID
Process
Filename
Type
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\Banner.pngimage
MD5:3DDDC360F4C883D025142FE18B247440
SHA256:316032A98210AB78A9C123DE65A1A85A9258706D0079118CAAC3A3752F20B31B
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\Resources\Save_Settings.pngimage
MD5:6C1867DDF33E4FDC1CF5B4254CAD049C
SHA256:8E92376FD307AD49D91AF94C191C80AA8DF6CF753797B9FCC159F6BE212FF256
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\README.mdtext
MD5:8004A8FF6740258929D4F271763BEA46
SHA256:6ABFD0163DF492160629A5A322A7FCB701235B8DB3D8418062873AE73DD695C6
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\Resources\Launch_Clicked.pngimage
MD5:85697E294DF418EE6BC05FD7B9314807
SHA256:F5279B2B1E5C6910813FD81C4A029CF226E401BE879AF30CC07738588E888778
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\Resources\Save_JVMArguments.pngimage
MD5:2FE60928D93F76712006781AECDAC5E2
SHA256:922C9D19A235C33E6E727D6A546742470E05E199FC86ED89889A21FF431921DA
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\Logo.pngimage
MD5:27F5D4E7879F6DB08A4476BAD55A484A
SHA256:E10A899D903BC717C4E1CE455EF8FB3417AC13534140B9406A9EA30291FFBEA1
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\LICENSEtext
MD5:1EBBD3E34237AF26DA5DC08A4E440464
SHA256:3972DC9744F6499F0F9B2DBF76696F2AE7AD8AF9B23DDE66D6AF86C9DFB36986
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\LCL.ahktext
MD5:CCBF08E54873202C1A667AE65038CD27
SHA256:3BD74830FC417F5EAE4D5CDDE50F89FF6662B93B615C145654AF5DF81FB86927
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\Resources\Banner.pngimage
MD5:755C869C36D255AB056A9E2511EA442B
SHA256:DBC54485FF22476A16D318703ADA6DD8278ADBBD7D131576D9E7680AC6656441
7568WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$VR7568.18241\Lunar-Client-Lite-Launcher-1.6.4.zip\Lunar-Client-Lite-Launcher-1.6.4\Resources\Edit.pngimage
MD5:00BA06D0DBD0649EB8D6BA907446600A
SHA256:CE9B0CBA5991B7C5FD57B046047B2DA9CB68DA7DB0B8A16B1227E00497CD19FA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
50
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2564
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2564
SIHClient.exe
GET
200
23.216.77.7:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
2564
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2564
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.216.77.4:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2564
SIHClient.exe
GET
200
23.216.77.7:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
GET
200
4.245.163.56:443
https://slscr.update.microsoft.com/sls/ping
unknown
GET
200
20.3.187.198:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
2564
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.216.77.4:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.31.129:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 23.216.77.4
  • 23.216.77.13
  • 23.216.77.15
  • 23.216.77.19
  • 23.216.77.36
  • 23.216.77.29
  • 23.216.77.7
  • 23.216.77.26
  • 23.216.77.8
  • 23.216.77.16
  • 23.216.77.18
  • 23.216.77.41
  • 23.216.77.5
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.31.129
  • 20.190.159.73
  • 20.190.159.131
  • 20.190.159.129
  • 20.190.159.130
  • 40.126.31.3
  • 40.126.31.130
  • 40.126.31.73
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
nexusrules.officeapps.live.com
  • 52.111.236.21
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Lunar-Client-Lite-Launcher-1.6.4.zip