e5b13427e4b32697363139c741aae505aea4029f16d500d4b93cfddcd4e4c05e

Resubmissions

22-02-2023 10:59

230222-m3twlsba32 1

21-02-2023 17:57

230221-wjyvwsfg66 10

Analysis

max time kernel
102s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
submitted
21-02-2023 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-621d.exe
Size

3.6MB
MD5

2ea8bf1895df09f82a4c2aea3c3db68b
SHA1

29edf8f6f379a0bb91ebf8aedc82709a8e7ad91f
SHA256

e5b13427e4b32697363139c741aae505aea4029f16d500d4b93cfddcd4e4c05e
SHA512

34b985f193166c27e8f9e947184d35c7814f7f0a7b5e2e83e8706bab204817882ed450ea5619ad5036bfa0638a518bb23dd301a8885d8690d7781a84d69f2ba2
SSDEEP

98304:eXBOBfKZt4UEAHiCf8zCgsUhG3qZocPI3c:eX/Zt4bWf5EG3q1V

Score

10^/10

discovery persistence

Malware Config

Signatures

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	winrar-x64-621d.exe

Executes dropped EXE 2 IoCs

pid	Process
536	uninstall.exe
5092	WinRAR.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\uninstall.lng	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\uninstall.lng	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\winrar.lng	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\rar.lng	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_240572906	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\rarext.lng	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\rar.lng	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\winrar.lng	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\rarext.lng	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621d.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621d.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\IESettingSync	WinRAR.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	WinRAR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	WinRAR.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r06\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r19\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r08\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r15\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r20\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r21\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR-ZIP-Archiv"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r23\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.arj	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r18	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r24\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.taz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r01\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r17\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r22	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r21	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.taz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR-Wiederherstellungs-Volumen"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r03	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r06	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r28\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r27\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r01	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r04\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r27	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r13\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r16\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cab	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r26	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r28	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.z	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2296	winrar-x64-621d.exe
2296	winrar-x64-621d.exe
536	uninstall.exe
5092	WinRAR.exe
5092	WinRAR.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 536	2296	winrar-x64-621d.exe	84
PID 2296 wrote to memory of 536	2296	winrar-x64-621d.exe	84

C:\Users\Admin\AppData\Local\Temp\winrar-x64-621d.exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-621d.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files\WinRAR\uninstall.exe
  "C:\Program Files\WinRAR\uninstall.exe" /setup
  2⤵
  - Modifies system executable filetype association
  - Executes dropped EXE
  - Registers COM server for autorun
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1600

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
144KB

MD5
84f4280f7f1ec0c99f2d2c864c797122

SHA1
b5fbf37ad1b86bd1acb813264c2f71da79344b94

SHA256
f9d1631c7dbf5de814c74d2089a8c453d0477378ec01b376c65bfc3bb281ee28

SHA512
0a43dbaaf574d010321dbe5d4cb66a7d6899fd7b44406e16dd32d23a5022b7c7b85cf349535ff222298a2ee04e45c618fa0322fbab1eb03531f5ff3120b4c86c

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
6e8353fb55e1606e9488f4fe79249611

SHA1
8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

SHA256
05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

SHA512
72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
6e8353fb55e1606e9488f4fe79249611

SHA1
8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

SHA256
05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

SHA512
72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
142KB

MD5
12234752af0f470ab4bacad1c36f925a

SHA1
9d6fcbb53d8d8208b52a9b59016163391f7b4ffa

SHA256
73c8d6733db8aa2a83822420bea9a40900d6724ddfe39d7610965a2099ea2040

SHA512
56fa2947078a0f9f61553c51603bcf19776b214d3e1cb74b00885ee0a9093ada49d3fd074fc2a2b9ae48e90821bf6dccdd15b62bf75c6bdebdb1f0cd50a66ac4

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
392KB

MD5
a7b5ebce3dde3b8bc8f98f39d27e1d8e

SHA1
c6344dfe507d92f73f6dd4891a3df8eaf67bc084

SHA256
e442baf523f49e451826bba3ba87ca8974d2697d17f17cae37668894474c8c72

SHA512
501c8f0b234b7d1b561ba468568a8d14dad652bd9b633b4218d6e979e2af43748736ff6738a8f94522ab881dc3f77240013a59267dc535e47c8dcef21f494a7b

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.4MB

MD5
8f5c03cd16c0b4cc9f73333231d6e697

SHA1
20610b8c5bc904f4a8a29dc3be847140bd5f80d9

SHA256
e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

SHA512
c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.4MB

MD5
8f5c03cd16c0b4cc9f73333231d6e697

SHA1
20610b8c5bc904f4a8a29dc3be847140bd5f80d9

SHA256
e97e8fb9fdf2df5d8d5a4efcbd6d2eee42900c2de44f34f93fa25d8f84b80e80

SHA512
c7ec21401648433a4a72f7fb1af7f652860dd29808540e310229a4bc3345d3d96086ffc196340936b64e54b16df951210f1cdd9065b3b65912eff8a337857f0b

Download Submit
C:\Program Files\WinRAR\uninstall.exe

Filesize
437KB

MD5
6e8353fb55e1606e9488f4fe79249611

SHA1
8c4a2b33b77eb484a4d5c46545a9fac363b7b6eb

SHA256
05a7fac2bca734a21a4ee59bf8d89e26b2cb4b49d4bf2c2430af934ef5126223

SHA512
72238bffa29e57993c4e20e97d78933a07e465c8f4560da4a8b9663082aa37524ce3b05b6382f6d74ff94d81c52917c6bed4a6bf464bcbdb6ff89d395ca56165

Download Submit
C:\Program Files\WinRAR\uninstall.lng

Filesize
12KB

MD5
443be352e9145d5abaa68051d5897474

SHA1
f8e6e814e2ed4697202d1d21d7d4369fb1b74b4b

SHA256
7c914565e7ffeec4e2350afd7d5b14314921059e86c9eb1b94119346efb383b3

SHA512
336d0000387c0955ab13a04a8b961bac5a44b80662e53b02643af28e7bf94a47b545f526d5a6757f54c5947ef27315dd44fdce02f6c30c4715a50dc73123bbda

Download Submit
C:\Program Files\WinRAR\winrar.lng

Filesize
162KB

MD5
3b5982d4d0d50d24595fc1e7d09ef5fd

SHA1
7581a27516b067f143ba1590bd07dc802ae4ce53

SHA256
b0e2baabe976bc749a17df616f1597ba254b8cd2b9b5898470bb5bb321f5362b

SHA512
2939b61c7159dc69a2ff731359864090e817b007f359f035da87e05fb3beff786069b693eb0e8cdd57c49a007e8459cb59adcd976f66e1c9e6fd8b26797b789b

Download Submit
memory/5092-281-0x000001CB414B0000-0x000001CB42B27000-memory.dmp

Filesize
22.5MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads