hxxps://github[.]com/Deadly-Dolls/CR34/releases/download/1[.]1[.]0/CR34[.]rar

Analysis

max time kernel
806s
max time network
808s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-05-2023 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Deadly-Dolls/CR34/releases/download/1.1.0/CR34.rar

Score

8^/10

agilenet discovery persistence pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

winrar-x64-621.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	winrar-x64-621.exe

Executes dropped EXE 12 IoCs

Processes:

winrar-x64-621.exeuninstall.exeWinRAR.exeCR34.exeCR34.exerule34.exerule34.exeWinRAR.exerule34.exerule34.exeMassDownloader.exeMassDownloader.exe

pid	process
4232	winrar-x64-621.exe
2080	uninstall.exe
1992	WinRAR.exe
3596	CR34.exe
4104	CR34.exe
2504	rule34.exe
3468	rule34.exe
1692	WinRAR.exe
3884	rule34.exe
4236	rule34.exe
1320	MassDownloader.exe
1132	MassDownloader.exe

Loads dropped DLL 46 IoCs

Processes:

CR34.exeCR34.exerule34.exerule34.exe

pid	process
3152
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
3596	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
4104	CR34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
3468	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
4236	rule34.exe
3152

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

uninstall.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe

Obfuscated with Agile.Net obfuscator 12 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll	agile_net
behavioral1/memory/3596-761-0x0000000006D80000-0x0000000006D98000-memory.dmp	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll	agile_net
behavioral1/memory/3596-765-0x0000000006FD0000-0x000000000711A000-memory.dmp	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll	agile_net
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll	agile_net

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

uninstall.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 60 IoCs

Processes:

winrar-x64-621.exeuninstall.exe

description	ioc	process
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Zip64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Default64.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_240901265	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinCon64.SFX	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-621.exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-621.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-621.exe

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\rule34.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
548	3596	WerFault.exe	CR34.exe
1660	4104	WerFault.exe	CR34.exe
4336	1320	WerFault.exe	MassDownloader.exe
4740	1132	WerFault.exe	MassDownloader.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133278756863433928"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

uninstall.exeWinRAR.exeOpenWith.exeWinRAR.exechrome.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext32.dll"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r27	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r13\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r28	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.arj\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r21	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r25	uninstall.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	WinRAR.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r14	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cab	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.uu	uninstall.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r02\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r09	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r15	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.iso\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r19	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.uu\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.uue	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	WinRAR.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r12	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r27\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ = "WinRAR.ZIP"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,1"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r24	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.r06\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.r18	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.uue\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV	uninstall.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exerule34.exerule34.exe

pid process

8 chrome.exe
8 chrome.exe
2700 chrome.exe
2700 chrome.exe
3468 rule34.exe
3468 rule34.exe
4236 rule34.exe
4236 rule34.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

WinRAR.exeWinRAR.exe

pid process

1992 WinRAR.exe
1692 WinRAR.exe

pid	process
1992	WinRAR.exe
1692	WinRAR.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

chrome.exe

pid	process
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeWinRAR.exe

pid	process
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
1992	WinRAR.exe
1992	WinRAR.exe
1992	WinRAR.exe
1992	WinRAR.exe
1992	WinRAR.exe
1992	WinRAR.exe
1992	WinRAR.exe
8	chrome.exe
8	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

Processes:

OpenWith.exewinrar-x64-621.exeuninstall.exeWinRAR.exe

pid	process
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
5076	OpenWith.exe
4232	winrar-x64-621.exe
4232	winrar-x64-621.exe
4232	winrar-x64-621.exe
2080	uninstall.exe
1992	WinRAR.exe
1992	WinRAR.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 8 wrote to memory of 4872	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 4872	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2196	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2800	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 2800	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe
PID 8 wrote to memory of 228	8	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Deadly-Dolls/CR34/releases/download/1.1.0/CR34.rar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb479f9758,0x7ffb479f9768,0x7ffb479f9778
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:2
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:3140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=748 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2780 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:1240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4512 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1672 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3756 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5700 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3208 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4604

C:\Users\Admin\Downloads\winrar-x64-621.exe
"C:\Users\Admin\Downloads\winrar-x64-621.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4232

C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
3⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5564 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6096 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5712 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1204 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5900 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3872 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2868 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:3820

C:\Users\Admin\Downloads\rule34.exe
"C:\Users\Admin\Downloads\rule34.exe"
2⤵
- Executes dropped EXE
PID:2504

C:\Users\Admin\Downloads\rule34.exe
"C:\Users\Admin\Downloads\rule34.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:2884

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\rule34-downloader-master.zip"
2⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6120 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2568 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=1564 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:3332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3848 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6048 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5976 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3320 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4484 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6032 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2732 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4548 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6156 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6304 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:1908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 --field-trial-handle=1832,i,2741023402678551294,6768508134263787111,131072 /prefetch:8
2⤵
PID:756

C:\Users\Admin\Downloads\MassDownloader.exe
"C:\Users\Admin\Downloads\MassDownloader.exe"
2⤵
- Executes dropped EXE
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 1020
3⤵
- Program crash
PID:4336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4504

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2264

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\CR34.rar"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\Downloads\CR34\CR34\CR34.exe
"C:\Users\Admin\Downloads\CR34\CR34\CR34.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 2332
2⤵
- Program crash
PID:548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3596 -ip 3596
1⤵
PID:2484

C:\Users\Admin\Downloads\CR34\CR34\CR34.exe
"C:\Users\Admin\Downloads\CR34\CR34\CR34.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 2352
2⤵
- Program crash
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4104 -ip 4104
1⤵
PID:3920

C:\Users\Admin\Downloads\rule34-downloader-master\rule34.exe
"C:\Users\Admin\Downloads\rule34-downloader-master\rule34.exe"
1⤵
- Executes dropped EXE
PID:3884

C:\Users\Admin\Downloads\rule34-downloader-master\rule34.exe
"C:\Users\Admin\Downloads\rule34-downloader-master\rule34.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1320 -ip 1320
1⤵
PID:4088

C:\Users\Admin\Downloads\MassDownloader.exe
"C:\Users\Admin\Downloads\MassDownloader.exe"
1⤵
- Executes dropped EXE
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 992
2⤵
- Program crash
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1132 -ip 1132
1⤵
PID:1988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt
Filesize
109KB

MD5
e51d9ff73c65b76ccd7cd09aeea99c3c

SHA1
d4789310e9b7a4628154f21af9803e88e89e9b1b

SHA256
7456f489100ec876062d68d152081167ac00d45194b17af4a8dd53680acfc9bd

SHA512
57ab82d4a95d3b5d181c0ec1a1a1de56a4d6c83af5644032ff3af71e9bd8e13051ae274609bda8b336d70a99f2fba17331773694d7e98d4a7635f7b59651b77c

Download Submit
C:\Program Files\WinRAR\RarExt.dll
Filesize
659KB

MD5
4f190f63e84c68d504ae198d25bf2b09

SHA1
56a26791df3d241ce96e1bb7dd527f6fecc6e231

SHA256
3a5d6267a16c3cf5a20c556a7ddbfc80c64fcd2700a8bfd901e328b3945d6a1a

SHA512
521ada80acc35d41ac82ce41bcb84496a3c95cb4db34830787c13cdcb369c59830c2f7ff291f21b7f204d764f3812b68e77fd3ab52dfe0d148c01580db564291

Download Submit
C:\Program Files\WinRAR\Uninstall.exe
Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\Program Files\WinRAR\Uninstall.exe
Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt
Filesize
103KB

MD5
4c88a040b31c4d144b44b0dc68fb2cc8

SHA1
bf473f5a5d3d8be6e5870a398212450580f8b37b

SHA256
6f1a005a0e5c765fcc68fe15f7ccd18667a6e583980e001ba7181aaaeed442b8

SHA512
e7f224a21d7c111b83775c778e6d9fa447e53809e0efd4f3ba99c7d6206036aa3dde9484248b244fb26789467559a40516c8e163d379e84dcf31ac84b4c5d2a8

Download Submit
C:\Program Files\WinRAR\WinRAR.chm
Filesize
317KB

MD5
381eae01a2241b8a4738b3c64649fbc0

SHA1
cc5944fde68ed622ebee2da9412534e5a44a7c9a

SHA256
ad58f39f5d429b5a3726c4a8ee5ccada86d24273eebf2f6072ad1fb61ea82d6e

SHA512
f7a8903ea38f2b62d6fa2cc755e0d972a14d00a2e1047e6e983902eff1d3a6bca98327c2b8ed47e46435d1156816e4b0d494726fce87b6cbe7722f5249889b88

Download Submit
C:\Program Files\WinRAR\WinRAR.exe
Filesize
2.4MB

MD5
46d15a70619d5e68415c8f22d5c81555

SHA1
12ec96e89b0fd38c469546042e30452b070e337f

SHA256
2e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781

SHA512
09446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb

Download Submit
C:\Program Files\WinRAR\WinRAR.exe
Filesize
2.4MB

MD5
46d15a70619d5e68415c8f22d5c81555

SHA1
12ec96e89b0fd38c469546042e30452b070e337f

SHA256
2e503ad5a9c800f2dac2fed2b3e8698d96d25b219ed86ed1a54896232cbe4781

SHA512
09446dc9d0c768844213f7f71ba65ee4e86b61d7a61610b63892d1b142952bdd346d14d27d878c026362e012e22fcb49c6746912d5e02db6b40223cafa6d01fb

Download Submit
C:\Program Files\WinRAR\uninstall.exe
Filesize
437KB

MD5
cac9723066062383778f37e9d64fd94e

SHA1
1cd78fc041d733f7eacdd447371c9dec25c7ef2c

SHA256
e187e1119350caa3aec9d531989f60452d0198368f19cf65ffd2194a8a4003ad

SHA512
2b3dc50fb5006f1f3beec1774d0927a0533b49d20122e49a0b4b41840f83c494376c8e61da735aa58d27453c44450203d5c2bb4f03fdd37b648ee0f51f925c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
161KB

MD5
d0689623f131fcb540b6b70ff1c8b55a

SHA1
50726cae90a7d1cd36246d1d929a2ab77a785de6

SHA256
345aa90fb35c263b36c1fbe3dbe0d4151029eb80bebb0b759b5344960e950883

SHA512
e7ba0546266d2e798912cae355aad65b73fa8c108349ea73074700701e55617c46a49edf531e2424a98aee1d85ce340ce94def0b121eaa191c0e510074fe58c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
304KB

MD5
0be6e4953d127e90b9218e635ec71e8f

SHA1
9197aba94074c9d3dddabc92b7e7d5d668dce18d

SHA256
d2de6645c5e746115ce3bdadbb6827a7a7fe378035becb9077a974927f2b11a8

SHA512
c61e4aa0112586cab8f24487251747df21b83ddf52ec4033c36a63f2b4d339376296afb667fe3a0863298138bcbef9ef301fdcc62d54a0c009765d60c47c0bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
74KB

MD5
9accb8c8dcae70095b02dba55a263cfc

SHA1
63a5cd11f6220a6bfe2c203d0235e576024dfced

SHA256
3747f85e30bc7f009fb585b29d4b063b5f2ce71f8138ac59ac2439b7542f0a6d

SHA512
6502538f7e6b8238f63cf7c9800cf4ee1aff25b5c8260cd20a650fc848ac5d70f5371d44ba616c5e9ec6ba57e1bb2461d0b705bd05b77f0ff6c61f56f5f589d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
65KB

MD5
076e8bef1b06c261610aa35aae1d01fa

SHA1
51f02f27b6a9d827bc04497a317e5942930f5ba4

SHA256
40346a6a96b5370e0142b2261746d328a04ca16fa73a223ea521215ec792ff68

SHA512
e42477f5f80b39759615d66b3b59420560c1f08399263884c61844021b2d1a407c571a67742c399d73958f79f7b4776ad1592b0c58fe139427f1f197c8769bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
Filesize
40KB

MD5
d51382d81d441043d94ee30506fcb448

SHA1
335055e2b33fd0d700d0a6c676dea622b214f812

SHA256
48ad0cfa4706b5922e71274a5771561731444ea272a897487c7d6d4521771b44

SHA512
c81ebb472f4233c4b335dc8d7472465b5517e178b21dbe7326923ab15f120b1e880e71e0bc1882119da34d4abc9fa23464ccf973beebea676072727c67d67491

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
Filesize
26KB

MD5
2fcdbd7e5549b26db041a76ee66700bb

SHA1
8e71163da926736811bc7cc244d728deaf86f0d0

SHA256
4f4e69745f0efe38784b60563bae6751d27f460f6e32811141f2eab1d1ce91b1

SHA512
1f5848f16a369646897cac47f5460f743c67ce919f7e1aba21a6de282e2503711c173644dcbb51f20c1b722bf39c7d9d7ce20a2e02d87a926615bc49d4f60639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
30KB

MD5
12aa649054b9c21a5b6f84f5efaaf4f2

SHA1
c5c95930cf64ea6be64d177506c48ad390bcc851

SHA256
b23b119ee8dc47d8385394ac159b55236afb7f035f17c722f99da2fe9d2fa603

SHA512
7a44c468d63dea29a2b40038e984d0b113764afc32d8aea766c4faf0746229fdb3e402a77bc48e1a41a1d226bdd7ecd9c177ef54ac572306195b46f92132bb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
Filesize
18KB

MD5
b17174ec2626d5d26327a53db5d094e0

SHA1
aebf75ca7127da8b8f049cfd013719d041eddaef

SHA256
d5b7e86754db7f1e2999742194939f65ed3ebd9fd20099504e19736b017c9bf1

SHA512
fc8ea596f577cd06bb4c46e16b6104fa73ccf7262aafe7cc783b36396124647bcfcf9fcbf27a801d26864f2e0d0dd4152dc6b3a76e07f93bdd0777210e75581f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047
Filesize
23KB

MD5
32f0171059fe724b92280ebd99ce7a2b

SHA1
ca19f9a88e09b7bf480ff6f544171b851487556a

SHA256
f9965291473d73ba0a184fe53583b32563bd5e12728c5ec74e516ace384f77aa

SHA512
ea51db61beed3fdf24e926198cab057dc99b6d2e440aa123aa9f706f6ae7b15406b928e489c706dfdac5272e6a03b9004ab2c71f83ecdbbcf447b888a58ca075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051
Filesize
111KB

MD5
1041d9a5cf1fb9982e5ca6ea6e73d4ed

SHA1
d6f04f48a4ef8b5ca0fcb1ef8134682e01724cdb

SHA256
8b1e5f5253940db8294addb05bb28c3335e9638fde7bc84265d43ed0db7ed372

SHA512
737719bba590b0a2f396ffbf22f316d6b66d1542a38551bb737ace588e07ad3f42a94e9027bebc29c83830435be7b27022c20d1e53a424353d35b5cf914fc43a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
e3b35a1c7c03d1a847f03cda020d9e65

SHA1
be861cf4dd7736d0950946481fdb32bb80f5c621

SHA256
d400c6ce18dea46cd48d5a6d83d718eaca64fbdfecde34dfd9c824baf8ccc0c3

SHA512
2ecf41f10661cd9e5f3ae4b90227d2013b6c6c1954e5f12fb20dff34549bb96961481a4107ff33157c9c4d591dd97020136945a80a42d2e4d046391fd1ae3a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
8bb366f638e5486756827019e0ef7238

SHA1
9157ec4b9822cd2e9ac21b02c537881a8f5dd100

SHA256
977ece11cb93702c9fdddf2cdb55721153a137c3baebbaa6d11db791abbbaf22

SHA512
1143e10d3ed323e36e4e07262b36c6eea6324d65cc57462309693210cbd28eaad151d73e0ff1d3bd9d5e37bfb3325e2e5699ca663200e8408d908efebfdcdbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
c3d7899e3585b370c9ba1dc4b3ac6750

SHA1
e10a3d369e50b47801e5945c4bd19f4cf7c07bd8

SHA256
09a25009b6bfd14ad3a0b8fda0abf965c0ebb2ba1849f4e57cfab80ce6721ce1

SHA512
8ad26e8872d298a9d41fa6b150d741beb84fd9622acd23fbf80c8bb1dbfad68256c0fbb390b199c07f38b2352d5be89604beb95e49f83c526673830bc62b9ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
e9538e46dfade15dd2764110f87b7b38

SHA1
54443b20d218172539bad1abab60b916e8593f07

SHA256
b07e1a90df28e9645bd3ea3e800566895c2ea0e109b705f1f2c83a06168ea75f

SHA512
d5fde4562e283ae6f2e4cbcb7e42b770d9eadcfb69a0bf015b31ff57b0ef0a94c55faac598e0a00bf9d5f2b44a46971db4125908a303f8edc76069e608c0827b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
4716156442cf27142f02f2df51fa2747

SHA1
8cec1093491c357ff27d0927b6705e7075a3c2e8

SHA256
eabe1933632a578ce476122e1f604979b81984d560e356def1438cd354de354f

SHA512
d6159ed201cda4c3c95e23eafbbf9c357a0bc1916e43aae6ed902ac0fcaa61a033da415da7c0cae61ab68700a765e16861f97f40fbc5d9289ee92367fd6f92a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
98907e8cbdd72585a68032baa954a117

SHA1
ecb01c521c240e1f6e92350acb9c63a561717301

SHA256
7020f37f01ed29ca54ffe8c85ded92ed9040c27530e9d4544a4bb155677f93e8

SHA512
dde2859d3104f3c10bb6455da66faf6dd55e5be638275e8dc008ace1eb7f0c754bb571349cd08a3b93da29caf1461140ed45b8dfee14e5ab73e5c6d539f45a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.dropbox.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ce21393e0a3dbb623ba5b252c9580b60

SHA1
d45835f3d33a561ddca21507338cf2639aaf91fa

SHA256
ba5061f6b8560fdb0e58f97710e27cf6ec7627c43598a548ccea6b74471f4efa

SHA512
ae5356525b153faad2975cd182bd23535b1293fc58200f31b53ce7857f264947e07d2881da6ef5d8550c81d2c7f045382398f7a807cc214ae47962011a2e9e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
37e91f72afc33e2c17f6807a82e3e867

SHA1
bfa191f7c0451e9aaac651221d428eac44ba57d8

SHA256
c2258882074a6c804ae3e88c88ec247833ac3e5d3fdb770f9ceeaa56c574f245

SHA512
421c066b68accf1738477abada8cdc7c78f72a3e59d90cf7e984aaa9f7e80a3d272e4576ca0b734feac09c62d458edff35758fbcd50c0b163659e19c33dfdda0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
94077d6ffa414b9acabbc9a4e5545c8f

SHA1
ce2f8c78eb52b5b29bc421759e465382a719ea30

SHA256
ea1a2c548c2b08456f48d83321a3e8f50323cb8af2ea691f04d370768f6ac808

SHA512
fb7a5da85b9ca4652a4164de12f32256350cfd62f9f0e76dc67c9948b66c6a138c8d2d3d4b084c416ea3c97c6077bfe78f135840273b45ee56c3de95554856b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
63e11c299c029f072cdb1f49690f167f

SHA1
ddcdd4d36e925319b7b52562bdb3876430fef63f

SHA256
2d881ff4c14ae5b33d5311e31e6e5b271b7653a59619a1ddee848e250ad7e6d7

SHA512
44c570374730b03b72411bb54c87cd9e4921408c5d9233d907fccd9fcd1a128f65319481e580a7578a0f91f487a21d3f37ae9dd1d0c35d33507c6c32c027c8ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
63925d78184c2af6ad5bfc7cc741f62f

SHA1
77d1bd54e2d423a24946621a11a501f1e6119120

SHA256
2cb1c71fc4bd4126ea76dbd0ec0d436ba9ade655e1b8885b0afd251a1a06c71e

SHA512
68f2ffeb4c47d49544f0c842085a83f04f4d429d4a5f327606e796085cfced9a5c00fdaaee86e15b7c689e5fd1bc5cb22184dd4915f0e561db941690d8a3dc55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
783B

MD5
db397f1f2f2f110678ab17f901ad2711

SHA1
e69da66ad2aa4656d4d85294a9cafc963e1557c7

SHA256
e36471dea7b210fffbaa41550ad2d309938bb376937270be6f6a01f2962dde51

SHA512
80361aefc3a750afbef7f6f88a75ec2167981b351fed2c73ecc0aaf30f0cf02ef54548b42d6d7ffb4269863cbfb13aa5d9a8319254509884150a08e01dd3a23a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
90ce04004e07bd1429a104d90efa45ce

SHA1
7ddd2661c004590b40249a02da7cdeea90ce1140

SHA256
5be632472751337ac2461a56977f3adf1a56f6e4631ee8504b4d86a4ae698d09

SHA512
920b591ba4d19e510f1250372bf22a7a59f1a0ca65f3673993b4bac860b9a472c7ba3f79437fa9e2c069482bfb0e8854181fda19b62fdcbd6968197bc379e539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ae704e3c12d3ebb0a186bcd38eb1cc39

SHA1
eaf779069ad3c57ef0e388228eadc84e109c539e

SHA256
9e49eab920eb03a4a76bcba22c300054d541f5f84aacab84d72e60e83cb41fff

SHA512
b543ca0dcec78645431e39803d74fde3dad1aaeed26bf8e046d91f72c5d9945afe30923c9a2844f84529154696df8645ea56f4244750bb91b9d9be7af2c7f114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
b580cbcc2fa569841e7db35040bc0b59

SHA1
d4866024d3a03df1d19aeead31d5d635ca0f2517

SHA256
8a300b1f484bc798a007acd12205aa73932ae8f8f3dcb90574536c5a0bfa75e9

SHA512
770f04126e5d102eb06f2260a94ece983c496ca49a00f92ce824326843ff5a50c0474042e613f73156c5cd151dc924c6e40c71796339dd9b7d3774e5a8c6992c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
68ce6df655f779bc2dafa5fc6384aa27

SHA1
c86442a7aebd82a5b2e8e97a1d04c7d0515e53ec

SHA256
623abea5e17faa8d600a415f1fe1f2f409c69c7c75068268a82aec23f9d41f4b

SHA512
9d4428ded970dfaba9c2ba42de039a9480e5c20a91b593150f0552d92d4966c8dc57c3553e87bd9340d3da1a91e298909a87c4ba6d9d6e2c9d8974ad7b41ead7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
f9dd2a6d8f10ab4ae97b7cf9cf3bf712

SHA1
14257419841243261817d225ceed935c0b69609a

SHA256
55c3e3723d47d34b10ad42e03fcb6730b162700e8e84f1cde0a49fea2e3bc15d

SHA512
1148be48df914c28139f43d0e3a94709485d02383b448564efb9d8f57b8b3029dc657356c80e500cdc7cd38360061071891217e3efcdfeba5b7cb761069200cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3eeb3fc59bd9ac39d0cdaa99e079c673

SHA1
27bcefddab11eb5e6984cc67eb13802e73259c88

SHA256
21f3cdfe0310d68613734fdb18108d9ef6d9227941949254afe5e2eaa4b2c81c

SHA512
1cb2daa9f2bd40c36050cc0da90e8bd558e6512ce6ab4fb957bb8d69e572149d9c1d4d7d333f55134c6d44532154df9129b4dc682801429ea20155bc3f8ed1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
2e8c22aa5b9189982dabaf43dbf0ff26

SHA1
a23e74c321662e50bf9b93021f9dfd19242122b3

SHA256
05cefc2dee3424d94900375d65ca5d6a27a29b0bca7a528695f9ec8dba26212f

SHA512
1980df055598d88edc8d951b12fbac04b9552126beb570209f13a321bbd2a24565b772eb7f544e17bc7d4d2445b773653756251641cdd5746443c932cf4f93b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4fd81c4e7390d97ab1b3e9a9a980f33b

SHA1
a9983dcf13350f1a693fade542a30cb8f57267a2

SHA256
af175d49664f902a7aeb1c016e489bb4ccc53f894921b743b2e77466e15396ec

SHA512
72d5f28e4ed7cd9142d7550322a858ea11e4c3c276b73be45f3d5a1864833a8e797aeee42de8a7416a0cf3704eedacc0121e111a4e32d6aa6e9ae5665a5040e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4c41ab5aa982405bdc19c519b394ef6b

SHA1
8b0427c06e2105e974ae8b3471f72851d3a70cb2

SHA256
911ae8c54db72d1bc4633119f43708a5815f34757e6ba9c7d1bcc0a58bcfcbd4

SHA512
f67b0786115445aae53910de3d233f6d9e9654c9bd7b72e44934e7bc13e7dc0f75dc6897ff1085b754e70652ee0a5a800db066ed37df23ce81c1833a1d9c6bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ba0b8a1ad168e36ffaf1284f625b3688

SHA1
999e247aca4e49e0669807f34b5a52c31d4cdd28

SHA256
97c5bb96c264a057d56574e8c0ef50dafb79000a416f0b99af90af99448a5876

SHA512
bd9eb82605c3326753c0f25eeaf1603b968e175edf774dcd41221026151d063383426e0fb8c896da481838d1bcbd11ef902bdc44fbee87d704a71c9df5cdf3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
994ba4278e45300c1cad8a958d83a29a

SHA1
8919e946e36f545e96fd0efd3871fa0e28af9810

SHA256
72f6fa9e77be8574e47650e772fee9d8b8f34bf735bdfb315e25f1bcd5b4b6c8

SHA512
f04d51042053b507fd36bd73c7dfc785765e18cedffdb4ae66184b41edc96ed707a32d20b920087898db64c84581642b8bda8bcd12d0ca563ca9a8ba1d4cbe27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ba16564771f5d7d4b0b6841c4384331d

SHA1
d1d315ad2303db54b71006eb02d01e691ea1a7bb

SHA256
6effbab10b80413c0d233c2bc6855c87a99a484c50baec3df8b6f881557434ec

SHA512
df610c2cc8c00a012738d78c1466529183a5da3a6d006913682ca998df3118a5668d26dbecb8f16c108af1166132a2d25178f56c3e17ade4f4a9c61c6062f478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e81c2928838aebe937a6ccc814780221

SHA1
582df031f534cc3b962c01375e12e76e914eb98d

SHA256
83e0f313608b51b2b29c515f83c255b53f34b73914609e3718b705ea1df88882

SHA512
dc8f982033a7d96e051a64912f444dbf87c6e7b49cf5a20895286f1bc6b99af4f410a189fc86686b452e63d7d1f9cfaa8179d4dca12da9df559e68a568ee9d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2ffa05105dfda3445ff5114ae8b868d9

SHA1
881f3b9317d575db599421cc0289ea2e2b454744

SHA256
a79b04546b8b5a8fdcf03ce82890e66e2695e56fa9d98cd13aa8370ae20585a0

SHA512
c9fef1559c502defc282c71d238e2350e880234b6570ad0b11ba150cfd9f71b34d90b1b41136e9e6054f9a77cfe5ee12ec0ac3ac3ae0ad77ff40b42fa909f1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f4b9d15b818ba88c85794150f90812d2

SHA1
dfcbb1296ec8fe84b7312c8e22834c80249e7091

SHA256
d1121bc075ff35ab9ce51c823ed4e2e9e19af0f7c22fcaf3f953bfa630f93e87

SHA512
5ea32a4d13ff34350420c90c2cf66cf6a3ca844509283a00fa2e9980a299a2e1d18f7e82b2e8dd789d708a1b34364ec36a4318632083bb8b0e138314eaff951b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
92aeaff4da66a84f5b4ce025aaeb98db

SHA1
3bc4a2b3d42b8191b61d438c28474bb0aa0a5829

SHA256
bf74ad74bd0d7456256b83ffc440c55218999af638ec0eefae538e2a16f95dc0

SHA512
2feaa33ebed920ccfce850bec97d5615d150ec5931a977d193c3d3912cd6627b67a9e3236fdb7a26da122d0698dc6b57510b4ee0f38c3b81eba6ad6081c845cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
bdddff2dda49194a96a8558f483f6bd0

SHA1
4ff7f48670fd80f3ba5929251f0f16b106276c6b

SHA256
5d0613b7f97ff9977f192425c6270682a66c15f93da5c55a33c64ec07ba28a87

SHA512
6f41f31e52166446bad3090172454dcca56190c7f8b7b0da7c9f818f0c2bfa1b8dd7f8f770beede75026007adc68d6d2ced485c8e06791e34ff0062f4d351995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
436956755eadff9b2268c949a28e1c2b

SHA1
ae8c428bedf01a1048b83b79d0caad7deb008f38

SHA256
68583ed2e1a27c1c131d249e7d810bfdee6af8eb93bb5c6ef650202062667d3b

SHA512
dc87280fab3daf2a771395f292409c34eb7f29508431b8e9aac5d2917cbcf1228b9a96d91937d60e435cc3cb2bd79c69c0bb4110da316f3e03931320280e9697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
561e72fc0d6b6f9ef85ae537422c88a5

SHA1
a142a0a6f4443de07c4f7d5b0bc316071580e947

SHA256
be585929103f53ff46e1b4ec94cce0b090102fb5db1e7e93839bb19c35d0f540

SHA512
3404a045ca34fb8f9e2424b0f0112a75a9c8cbb9624071817442227cc7313bd309b36bdf2e0e29094801842a63147f31461ca2d74a7e681714a19b6475177557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
252626bca33739b6ed14a3fdc5f92824

SHA1
cbfaf34a1e944cfb74c708816e47294889ffec06

SHA256
df983cc6ae2e58c9491c2ac533eee9f77b6fed524808e0ba27594e6bb7965de7

SHA512
cf7b8b5560055ad93b087a416e551abc88242b6225334bd09095b7814b05de9fe6654d069aa78bc0e305b937344a86a5ad09e8faf01bbc1f6a6e7ad1a85037ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
b46b8530adadf6dbc41a15dcc172ab92

SHA1
34cdada926f772941c051de9b2207b376672b8bd

SHA256
533506c05bc3f4bb34b48a2b0c257e3a1814be341825c6b859663a1626d2f81d

SHA512
beb3509117a61fd236e7718dbd4663909801570fe28379bcdec07e2abf4070b4033d98a46674499e10ae3798e2d5443c76c750ed6e3dc1a9c0ef5386e564ca8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6e3355e2138c583573f003ff0208d673

SHA1
c2d2ee07cfe61ff41163d782aecf20a7092080e0

SHA256
f47e947c8940f2e166315483822c939008709402aaa12a5f17563b56c5e90ee8

SHA512
4532930220093c541b37f420f61a34c008a3ef05e57adb3a5fd4b5ff1c0aec9e046a4565290aace5d99a66c14bcdfe1d21a3437a48e568649ea517ddb8f1d964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
24cac5385c1a2a531228797bbce9767d

SHA1
20f388dab41ccc4ece076c4bdd670061d15ebdc3

SHA256
4cbb89874f5d900437534ec4e0f4710093138d44695239e489f5f888319b3bcc

SHA512
795eb2d2679dd49fa8b0a72e6d58980f589e55fe4f04014a569a1e936724bd48522a7443613995bf60b2eb78870feea9e34774ae1a8fd6d8e3b0d0208d81cb44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
fceef3c817cb02a8b1d495c1c7fd8b17

SHA1
36a48b5f2fabada5f8efee7771ad48f436d188e1

SHA256
f922de2be632655a58cfa002ec71457f07bd508f628692c0b884eda61fb4b1dc

SHA512
588b0dd411ceb684ffc8390a9bd8d7cfe21a9b35d894469cc2dcc59fe8f4eac782a3482adf7e96a8984e2596caf78818695508e158a9a591499ee4059d38cb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
67f6b7e482d8b775ebc09e08255aed8a

SHA1
8f6f05596ecb5b99a762a0a70f8b2f14e501a3a1

SHA256
893232b59602b96a1110d01a3b3c6683ba3633fe1356e7e5e1722c1258de43aa

SHA512
456b5134ac7f2b8d59d205c48dbfc5daba2f761c96238bff918ee69abd35594328fb3b59e773dc75cf578dbaac749ca22266bea12321def762faa369b450c282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
a6e24801e71ee4e3c8703751be7cd67b

SHA1
a0e4e709ae3bc95dece453c0bb0bf657bd82d93a

SHA256
a731f1fdb56562f779ab822019bc51f8e70b40dfaf6f54042041fd2852cc15ea

SHA512
d480486ef2fcc904951b6dde60994b0f5705b1fa3467544792fa34b8dad5bc29f57847cffd05369445c19b23e5f8863d7075cdce007377bb2d134bcd296d4c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
505b48c6601c524fb58cb52b45927c2b

SHA1
3ffc900a3025268260db8cffe624982aaa4fbb02

SHA256
7ff7845b938d3a30205cf2aa7c2f391913fdb61a8e4115fc131811819064e325

SHA512
568fae2b0c48ac780fb3bea275b85a554c1b62bdfdeef92bb547289c15c280a98003bbb27f34933e3938d2a76656aedcfbe86d49fea8bde9e919a0f61521b74d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
7f351b5194c464128be82b346d93ac88

SHA1
1ed447f86ebfc81669cf86e8ab6f3b33bdabdc20

SHA256
ffd97f333faa86e9be9d2c94ed267e03df4398d9470f20ebb9695074378f5f02

SHA512
c493533f640a22cdf1b3253b958c0244d43f6a790862fd6f6b4a7411efd24e8157040793e1e2772485d75e235eedc9e75cdd5b5e353c5df648f8382bf38a2f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
44d211b9e4fe08b34172df1f163969e5

SHA1
c89a32648efc1bdf41c5eae0dde8f1676055b8a3

SHA256
677f1eb16bea273e076c7e3a81fd460bdc59a083471b3e5829e2c0e3b81beff0

SHA512
2664fb6abdf96f13b2a039c04b37df6c9301b2d41713e475346549bd863036169667e58d96ab0e8650071ed0bcdf5c099c5f5a8cbd390c155d8211f221712e08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
368d8767eb9fb40fdcecdd2ad7de3fa7

SHA1
1591f7cd5ede90405c1d76da84b12868a0e412f7

SHA256
f8dc661d420ecb92b0ca1d794bba41b2900ed1bedf204ae7d15a1256b27c81c3

SHA512
89ac1eb4cb62fd9b98c54790b1e51bf5fe648d99e90f673b7cb0afa45591fd1fe30779a9b5d2435646f678d222bde32f90ca681dd220bf70a36aa2e93e2b2193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d664849940f9f91cb93bd01090d23648

SHA1
1e1895f67950be61c792bc1c58debba7ce22a56a

SHA256
9e53a6dddd46ac651eeadbb2b21e12513ef2ca2f9a88335f25df5407895540b0

SHA512
b8130669b84aa6c1bff9eec6acb5c3aa41430ef1a2cb4bfb58ac1c2b549612e1046fe4a2c76e2a32bea21a864a127a1606b104178b45bdf10af7679b02c70c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
923370189641828f31594ff7411aa17a

SHA1
9414d37a0cb2756ce4d603d1548c0fed37e373fb

SHA256
d3c2e819c7ebfe6b44d24d5e0bfa58ea8f84909973d53c54053536252b995be8

SHA512
5300ffed9761ad4a687c38af7c865ba9c97a1cb64769b6b340a441616a689c55a3673b54024493a617703b8707a95e03cb9df2d2024799306a47da2b3f14b838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
11e629658c6b10558041ffb17056e8e2

SHA1
f42a4198642483d25c30e9815ea3704d3f2e4323

SHA256
3c2ee1fdb2d681f22b95fa4c4ffb7d94bfdf683372b9065f7e3e08d384e41970

SHA512
8d174ba82184b12dff06267c7260bbe724515efdac394178a019ea1b165639344c1b44f6065f003c5e8d2650ebb7ab46593523868b0ba4a4322998e79e22d513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
0b2c29ea712746f3e40df43fcac5447b

SHA1
deac5097eed2e822ec0601073f18e82447b0870d

SHA256
1a8614b77b8a8678cd5650fb49e6971ab3d2e737d2c0575325b450d9859d9ef0

SHA512
a39d8c538e9cac06b0fe4c966e1c4e15ad3c1466414d773a2b15113fdbec338cc07f739bb2668a89347ea3f25ddcb14c0187bc83a660b0e0fee2af55cc60b497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
34fbd8a74f7021384f92b49d7161bee1

SHA1
606b009bcffd0f0312b6e5a22cbc7fe5ad86d768

SHA256
9e94301242218cebe010ed777d46e64b28900d88e2b1aa2bbc44f025dbf2f584

SHA512
db9cd6ac6736ef99fe6755536731b3c2cb3e030a1b1f89be7a7563dc72557b6cb21f7bd99960f73a9834c746fc8590a03ed3339b2c6c350f58e3a029f2c93921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
9a657c300dc4dc15847d59d7060067a2

SHA1
2d3209083e3c6cce06122e951f77bb8e1b314f3e

SHA256
772ebf6f4ee19b908575c5c47ff629fc6c16551e771cb4396213f7192568a0d1

SHA512
95abf8a83310cafe0c33cacd91f7decdcf988c46febb6d974cb971dab19e36ed31daa46f2476ad0349c06f7e7964fa0aaecc7492ebe36dd5eaa1b61c3c1ab914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a4879e1dd8b10ad645bc24c926b46c82

SHA1
505bcd89698bfe0589958c0584dbe7003d75c991

SHA256
e98a4e3f57bb3b3ae0eb0b4cc3800038a08a53a612e0a3b3b12cc50a0ae8ef47

SHA512
f50faa14a9820096facd987dc3c14dd5443aa5b4372dcb9b5881e70d5cc4506e2c3bb4ca9fb18d2eb0f26ca6b158a94e297423ccd54d58e980336f851adc5247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a95108df-64ec-4153-9b42-fb40294f7158.tmp
Filesize
5KB

MD5
91cf49c3b3757b0c68394612c483c4d1

SHA1
9a9a973be7e75af81b079ee6561bb5702546f7b5

SHA256
5deece5a5cbf0f53426b8a4ea49ee257eba11a4c74cc8987481bb3b04458da26

SHA512
9e37f5ddaffd26a91202ff74d4771933556ffe571ae76021f9a6ddc775862f6170c48a98b639ad06e36929592df386c93bf38f47205371150a9cdfba8ede05aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
149KB

MD5
49a3033ba4cfa9a79cbc23360403758d

SHA1
9596de8d409a24faec002c3ae078682dd6035e48

SHA256
ce62e34e8cc5c42efeebb09d0c7644f2e0570275ee86d3ca8cc1056040e86d0e

SHA512
3411fe7736d40656db22f603bd7996e57e65796f23edff96f4a7e00a908e2e620baaaa6c5bea459cbc5fa16ac030f0374a640fdcc0e85f6ae75b9ecaefeff1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
149KB

MD5
1726baf50954e4981e70b7189a6d0339

SHA1
aebf5e88c7800423c6c84ad54ec93ac27c6cd26a

SHA256
b95c9f9c4aee052fe33440844b3172e092e83e1dd9dd35591cdcb3d09ec8bb41

SHA512
248dd9100778e19d508029c95edf32be4fe6aa1c44e83cec6e170cb7567f8abc18971b9d2fb62104ca5a4cd5e19a29bf37a26ae40b9ee6294004415e4c8b3cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
149KB

MD5
e31aa2568f81861b77151682e5ab49bc

SHA1
a2a74de372cb18de91bcbf9d4ac743b07a6353be

SHA256
0cadb3f159f7a3a68bc58a26c7a83bba88b018dbe1c510ae0325dbe87f5a9835

SHA512
2935871b26b3c3da88212c3fb5e96d6e7ea717b6e6709a748a682c6dc2f53d18b2bbe82ad7dbd68bf0ebe428cf4078c4909de41f74499862d20b27c2a1d658a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
114KB

MD5
d9c1748f05266dd296e5f56fd8e4386b

SHA1
a044543d7ad734fe670610307a69efa999067ae5

SHA256
e244306badef83378dd8806a98becebbf56141d731a8ef5bc56fe40e076c9de1

SHA512
bfff8dcc55e8e75c32ed4e4ddffb7387cb1ebc8c0d372527a9e93378d5d6cc006bd69af4ce742b7049e527ce9e63e3e7f2533bff243c2293a05ed4b80b6c8f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
4076db3aba9edbbc0525451e91b69849

SHA1
4b7904d620097ca5af69e9d162783c4f38a81966

SHA256
0825ab6de426995589642fa503a5b4a37e2d1278b21c4c883b1e09b4f31c980d

SHA512
e1b042928a03b21824298f8716ca57216d309bc34cb22cd8789754b98bab03e6c51203aed9c61cc2a886dba4b266a035bf5c6aef00095e5b6ae2cfc36ce5bf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
cc5d719401c53dd53f9d4341d009b0c2

SHA1
c241277038e617c4e902217cf1625b54df32f37f

SHA256
7efacedf97d4d2656b4dae53526da8954886961905f73681fa437596d4c468d0

SHA512
cff3960f6aef84905b3918a6e2ac9a23a56d2e25371b9c072f3a180552072e4615dd231795cc4b05edfdb515f6b19189ca40a032d1642ded5797eec5e8e072ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
34789682b67373e11fdc1edde6662903

SHA1
346fd63e7afa3ef28a0344d103f40472fc487f71

SHA256
bba23ec651138d1945f713c749d639f92e84dbab3fe528b4c9b4a67b727e9d9e

SHA512
48537af65db0cd3be5080ef027efcc226142207fd496647cc1552389c22cd6056c48d78337cc6d0fa5667b766eeb6363558d1434a07b23c58a684326a3573f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
117KB

MD5
299e6f3a4817b7006a38f3dce9394a8f

SHA1
9c3e8b8f75fe883d6a70aa32b42fd3bc8e37e9e6

SHA256
aafcbc1718fec9f1d426fc8216ddb335d5e7f66f05b16b1b171ec7aa994fa81e

SHA512
c3dd002162ffb92a8e91b645e1d804b7c373b8515d40056d38689c7bdb7ad65258132f6158cc31c606a8ecfa6f98d783efcf432bac45789b9731a85ef72d0913

Download Submit
C:\Users\Admin\Downloads\CR34.rar
Filesize
7.0MB

MD5
7b8f831edb4e4d7cccc96ba0228ccd6a

SHA1
254063a15cfddb7f0c77f0e159f1a754c0f1c9f9

SHA256
80544b9cac0dd27dc8aa4dbef664ca1ff62e801e81a6cf23fa744a95ba5ae268

SHA512
e06616d258347a921fc083d0427bb83f36b5ca93c31b1cfa41517b53ab7a47febd2eb8f0b233a00d2fad4f4de42516f3d8e150a89b289c40a1b2cdc172c1d531

Download Submit
C:\Users\Admin\Downloads\CR34.rar.crdownload
Filesize
7.0MB

MD5
7b8f831edb4e4d7cccc96ba0228ccd6a

SHA1
254063a15cfddb7f0c77f0e159f1a754c0f1c9f9

SHA256
80544b9cac0dd27dc8aa4dbef664ca1ff62e801e81a6cf23fa744a95ba5ae268

SHA512
e06616d258347a921fc083d0427bb83f36b5ca93c31b1cfa41517b53ab7a47febd2eb8f0b233a00d2fad4f4de42516f3d8e150a89b289c40a1b2cdc172c1d531

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\CR34.exe
Filesize
633KB

MD5
5298e1138a458b723e884e39bf207c43

SHA1
70a85031382671d41e78a8edd415ee99140770d2

SHA256
6cd3929e0e1e430f99d524aff34d60750fc36b476c9cb45ef9836be74ab209cf

SHA512
e0d6949d5fc4e1a34d889798878376d179fb2efcb715fb1214aabd862dc5f8e95c19d92c8548a44eb45f385fa64aa4bfa3f057d361ac21cfd9a5edddcf054900

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\CR34.exe
Filesize
633KB

MD5
5298e1138a458b723e884e39bf207c43

SHA1
70a85031382671d41e78a8edd415ee99140770d2

SHA256
6cd3929e0e1e430f99d524aff34d60750fc36b476c9cb45ef9836be74ab209cf

SHA512
e0d6949d5fc4e1a34d889798878376d179fb2efcb715fb1214aabd862dc5f8e95c19d92c8548a44eb45f385fa64aa4bfa3f057d361ac21cfd9a5edddcf054900

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\CR34.exe
Filesize
633KB

MD5
5298e1138a458b723e884e39bf207c43

SHA1
70a85031382671d41e78a8edd415ee99140770d2

SHA256
6cd3929e0e1e430f99d524aff34d60750fc36b476c9cb45ef9836be74ab209cf

SHA512
e0d6949d5fc4e1a34d889798878376d179fb2efcb715fb1214aabd862dc5f8e95c19d92c8548a44eb45f385fa64aa4bfa3f057d361ac21cfd9a5edddcf054900

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\CR34.exe.config
Filesize
802B

MD5
3811c8e727a521a359220880c0396db1

SHA1
6be18c95b4cf128f11ac2efe5a966702d7c7e847

SHA256
3878c66995e59098d66ddf5c2cadaa6366fdd6e65dc2b6ddd0d1b57a3d8f0deb

SHA512
ed45a85bd5e0bbbe1332add92dabf3bddd54f470069a48a0d01e0ad1f310d4061774c18ed50036404b6fbbd1b3cc0fc4c79371f91c6f668eb0af28b53ee17e8b

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll
Filesize
1.3MB

MD5
e494278d822fd75a15fd50a519c92836

SHA1
8fdf1c70cffc856e24679cfe96c24cee8cabc94d

SHA256
985cf52f94bf2375372e7d3f70678f5ab76cf2764a34772e110ffe4336113df9

SHA512
eb378c7deda3df622931a3742ce706d24b2950010383d91e918ea88218a6fd8dd5ce991bdd99a7c24a6b3a9eec787c78df36e4d02d1aefaad5f91259109af7ae

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll
Filesize
1.3MB

MD5
e494278d822fd75a15fd50a519c92836

SHA1
8fdf1c70cffc856e24679cfe96c24cee8cabc94d

SHA256
985cf52f94bf2375372e7d3f70678f5ab76cf2764a34772e110ffe4336113df9

SHA512
eb378c7deda3df622931a3742ce706d24b2950010383d91e918ea88218a6fd8dd5ce991bdd99a7c24a6b3a9eec787c78df36e4d02d1aefaad5f91259109af7ae

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll
Filesize
1.3MB

MD5
e494278d822fd75a15fd50a519c92836

SHA1
8fdf1c70cffc856e24679cfe96c24cee8cabc94d

SHA256
985cf52f94bf2375372e7d3f70678f5ab76cf2764a34772e110ffe4336113df9

SHA512
eb378c7deda3df622931a3742ce706d24b2950010383d91e918ea88218a6fd8dd5ce991bdd99a7c24a6b3a9eec787c78df36e4d02d1aefaad5f91259109af7ae

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll
Filesize
1.3MB

MD5
e494278d822fd75a15fd50a519c92836

SHA1
8fdf1c70cffc856e24679cfe96c24cee8cabc94d

SHA256
985cf52f94bf2375372e7d3f70678f5ab76cf2764a34772e110ffe4336113df9

SHA512
eb378c7deda3df622931a3742ce706d24b2950010383d91e918ea88218a6fd8dd5ce991bdd99a7c24a6b3a9eec787c78df36e4d02d1aefaad5f91259109af7ae

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.Licensing.dll
Filesize
1.3MB

MD5
e494278d822fd75a15fd50a519c92836

SHA1
8fdf1c70cffc856e24679cfe96c24cee8cabc94d

SHA256
985cf52f94bf2375372e7d3f70678f5ab76cf2764a34772e110ffe4336113df9

SHA512
eb378c7deda3df622931a3742ce706d24b2950010383d91e918ea88218a6fd8dd5ce991bdd99a7c24a6b3a9eec787c78df36e4d02d1aefaad5f91259109af7ae

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll
Filesize
76KB

MD5
2fcb95f94211d1e7e25a0211e335cfdf

SHA1
f2fb25b790e1d86fbf5025e84b2b32e361e2c3a9

SHA256
b359fd653debc231ab737883ff6d522df90958558d29a4e3bb32bd51f8689300

SHA512
5fd27aecc43b0046af90639c4aca85eaa5df78b03173889d6bc73be07608594dec50fb8bdf55f709923ff3c6b1dcf7a018e44b45ab06620fabb5872d784384a2

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll
Filesize
76KB

MD5
2fcb95f94211d1e7e25a0211e335cfdf

SHA1
f2fb25b790e1d86fbf5025e84b2b32e361e2c3a9

SHA256
b359fd653debc231ab737883ff6d522df90958558d29a4e3bb32bd51f8689300

SHA512
5fd27aecc43b0046af90639c4aca85eaa5df78b03173889d6bc73be07608594dec50fb8bdf55f709923ff3c6b1dcf7a018e44b45ab06620fabb5872d784384a2

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll
Filesize
76KB

MD5
2fcb95f94211d1e7e25a0211e335cfdf

SHA1
f2fb25b790e1d86fbf5025e84b2b32e361e2c3a9

SHA256
b359fd653debc231ab737883ff6d522df90958558d29a4e3bb32bd51f8689300

SHA512
5fd27aecc43b0046af90639c4aca85eaa5df78b03173889d6bc73be07608594dec50fb8bdf55f709923ff3c6b1dcf7a018e44b45ab06620fabb5872d784384a2

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll
Filesize
76KB

MD5
2fcb95f94211d1e7e25a0211e335cfdf

SHA1
f2fb25b790e1d86fbf5025e84b2b32e361e2c3a9

SHA256
b359fd653debc231ab737883ff6d522df90958558d29a4e3bb32bd51f8689300

SHA512
5fd27aecc43b0046af90639c4aca85eaa5df78b03173889d6bc73be07608594dec50fb8bdf55f709923ff3c6b1dcf7a018e44b45ab06620fabb5872d784384a2

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\Bunifu.UI.WinForms.BunifuProgressBar.dll
Filesize
76KB

MD5
2fcb95f94211d1e7e25a0211e335cfdf

SHA1
f2fb25b790e1d86fbf5025e84b2b32e361e2c3a9

SHA256
b359fd653debc231ab737883ff6d522df90958558d29a4e3bb32bd51f8689300

SHA512
5fd27aecc43b0046af90639c4aca85eaa5df78b03173889d6bc73be07608594dec50fb8bdf55f709923ff3c6b1dcf7a018e44b45ab06620fabb5872d784384a2

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\ComponentFactory.Krypton.Toolkit.dll
Filesize
2.8MB

MD5
129884de0e136521fd650c59b2633e82

SHA1
43fea10a62670568c00a2910c3ee6fc1ceaa1bdc

SHA256
8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30

SHA512
fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\ComponentFactory.Krypton.Toolkit.dll
Filesize
2.8MB

MD5
129884de0e136521fd650c59b2633e82

SHA1
43fea10a62670568c00a2910c3ee6fc1ceaa1bdc

SHA256
8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30

SHA512
fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\ComponentFactory.Krypton.Toolkit.dll
Filesize
2.8MB

MD5
129884de0e136521fd650c59b2633e82

SHA1
43fea10a62670568c00a2910c3ee6fc1ceaa1bdc

SHA256
8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30

SHA512
fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\ComponentFactory.Krypton.Toolkit.dll
Filesize
2.8MB

MD5
129884de0e136521fd650c59b2633e82

SHA1
43fea10a62670568c00a2910c3ee6fc1ceaa1bdc

SHA256
8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30

SHA512
fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\ComponentFactory.Krypton.Toolkit.dll
Filesize
2.8MB

MD5
129884de0e136521fd650c59b2633e82

SHA1
43fea10a62670568c00a2910c3ee6fc1ceaa1bdc

SHA256
8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30

SHA512
fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\RestSharp.dll
Filesize
135KB

MD5
575114e2d705065b6f0416fa07ccf24e

SHA1
f647c7e984296265431a52c986b4e5ab12868340

SHA256
d4975d4389865835a7046787a07d5cf919a5bd163492021fee4cc337d606ac9b

SHA512
8469208614437f428e616fa39486c90df2446cb502d47ef69b9f4c38fa204e4ff54a32ac36febc2a4525278dcdf5c2ae0dc7aec913194d6bce8b29854f04b0b5

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\RestSharp.dll
Filesize
135KB

MD5
575114e2d705065b6f0416fa07ccf24e

SHA1
f647c7e984296265431a52c986b4e5ab12868340

SHA256
d4975d4389865835a7046787a07d5cf919a5bd163492021fee4cc337d606ac9b

SHA512
8469208614437f428e616fa39486c90df2446cb502d47ef69b9f4c38fa204e4ff54a32ac36febc2a4525278dcdf5c2ae0dc7aec913194d6bce8b29854f04b0b5

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\RestSharp.dll
Filesize
135KB

MD5
575114e2d705065b6f0416fa07ccf24e

SHA1
f647c7e984296265431a52c986b4e5ab12868340

SHA256
d4975d4389865835a7046787a07d5cf919a5bd163492021fee4cc337d606ac9b

SHA512
8469208614437f428e616fa39486c90df2446cb502d47ef69b9f4c38fa204e4ff54a32ac36febc2a4525278dcdf5c2ae0dc7aec913194d6bce8b29854f04b0b5

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\RestSharp.dll
Filesize
135KB

MD5
575114e2d705065b6f0416fa07ccf24e

SHA1
f647c7e984296265431a52c986b4e5ab12868340

SHA256
d4975d4389865835a7046787a07d5cf919a5bd163492021fee4cc337d606ac9b

SHA512
8469208614437f428e616fa39486c90df2446cb502d47ef69b9f4c38fa204e4ff54a32ac36febc2a4525278dcdf5c2ae0dc7aec913194d6bce8b29854f04b0b5

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\RestSharp.dll
Filesize
135KB

MD5
575114e2d705065b6f0416fa07ccf24e

SHA1
f647c7e984296265431a52c986b4e5ab12868340

SHA256
d4975d4389865835a7046787a07d5cf919a5bd163492021fee4cc337d606ac9b

SHA512
8469208614437f428e616fa39486c90df2446cb502d47ef69b9f4c38fa204e4ff54a32ac36febc2a4525278dcdf5c2ae0dc7aec913194d6bce8b29854f04b0b5

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\System.Text.Json.dll
Filesize
347KB

MD5
a11c491b7135ffd620e249bf74ea5f1e

SHA1
df505c2ff55722d3f552d4a7a72c9fcadfb5b60c

SHA256
2b0d20516ab8136faee06e0e2a9ffb03ba747ebd7da0f5db61a36895cdebb166

SHA512
f1815e3af674658c0126e0be299b56852d43ad153e9e73291e80656f5cb37390b8f959ca13e99f04b5d3f7a590d8e31f22f5a0906bf934d4375475f3c7701b53

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\System.Text.Json.dll
Filesize
347KB

MD5
a11c491b7135ffd620e249bf74ea5f1e

SHA1
df505c2ff55722d3f552d4a7a72c9fcadfb5b60c

SHA256
2b0d20516ab8136faee06e0e2a9ffb03ba747ebd7da0f5db61a36895cdebb166

SHA512
f1815e3af674658c0126e0be299b56852d43ad153e9e73291e80656f5cb37390b8f959ca13e99f04b5d3f7a590d8e31f22f5a0906bf934d4375475f3c7701b53

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\System.Text.Json.dll
Filesize
347KB

MD5
a11c491b7135ffd620e249bf74ea5f1e

SHA1
df505c2ff55722d3f552d4a7a72c9fcadfb5b60c

SHA256
2b0d20516ab8136faee06e0e2a9ffb03ba747ebd7da0f5db61a36895cdebb166

SHA512
f1815e3af674658c0126e0be299b56852d43ad153e9e73291e80656f5cb37390b8f959ca13e99f04b5d3f7a590d8e31f22f5a0906bf934d4375475f3c7701b53

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\System.Text.Json.dll
Filesize
347KB

MD5
a11c491b7135ffd620e249bf74ea5f1e

SHA1
df505c2ff55722d3f552d4a7a72c9fcadfb5b60c

SHA256
2b0d20516ab8136faee06e0e2a9ffb03ba747ebd7da0f5db61a36895cdebb166

SHA512
f1815e3af674658c0126e0be299b56852d43ad153e9e73291e80656f5cb37390b8f959ca13e99f04b5d3f7a590d8e31f22f5a0906bf934d4375475f3c7701b53

Download Submit
C:\Users\Admin\Downloads\CR34\CR34\lib\System.Text.Json.dll
Filesize
347KB

MD5
a11c491b7135ffd620e249bf74ea5f1e

SHA1
df505c2ff55722d3f552d4a7a72c9fcadfb5b60c

SHA256
2b0d20516ab8136faee06e0e2a9ffb03ba747ebd7da0f5db61a36895cdebb166

SHA512
f1815e3af674658c0126e0be299b56852d43ad153e9e73291e80656f5cb37390b8f959ca13e99f04b5d3f7a590d8e31f22f5a0906bf934d4375475f3c7701b53

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 501895.crdownload
Filesize
345KB

MD5
047f830c3b829dbc1d6e77c73fe4bdb5

SHA1
33025030188090e791de748fc41b092a09278e36

SHA256
cf1dd82f00135dd5a8cd828ced355e21eb3ef19178f01a8fe266a1229cf2fca5

SHA512
70861e60b5cacc64b25f16aeafc43482330d1a07bdff3ac0d5efed05fae74b3896f9536289c2e174cd4c2992566a7855dd4d3ba72af81af900fe21fcae02793d

Download Submit
C:\Users\Admin\Downloads\rule34-downloader-master.zip
Filesize
4.6MB

MD5
7432b12eabb69363bcd953357a05a813

SHA1
d7ba99b9cfd21f9a3c4355b5a49fba312be503c5

SHA256
6d7224371fbf516f46b10171f2d72191a7a5c90032bb8bf0df897bf6a0ecd12a

SHA512
db3b5a6c37e4996bb5d25739ec35101af68d2c892c22ad11e870ce1701812d3dd9674a54afafb23c8024000046ffa10d374ebfa3edc609b1d9619fecb0ce8e46

Download Submit
C:\Users\Admin\Downloads\rule34.exe
Filesize
4.7MB

MD5
d70aed5deeacc4938ecf96c9d6450446

SHA1
5ed1aa13dbcf997c0535be822d3b9fcea5dcdb68

SHA256
a0c7f2bff8d57d509844e8eaf2ec5b040027d53a5a19af3da159945074f93018

SHA512
bb73329b577657f45113ebdfa356bf5a51730843c81d46ee1a0109e38e97155287d413fcf9e45ff4da4b67ca5357b8bb296f91586318aeb9b4dcf7acf8f1f99e

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe
Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe
Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
C:\Users\Admin\Downloads\winrar-x64-621.exe
Filesize
3.4MB

MD5
766ac70b840c029689d3c065712cf46e

SHA1
e54f4628076d81b36de97b01c098a2e7ba123663

SHA256
06d6ecc5f9d88636b0bac62218c296bfa1b2222f734c9cbed5575bd9f634e219

SHA512
49064dc2c30eecd7320a6431abfee49d250ea7cda5e8ae630d2c55325f5bdf338355ae8d7a3246b4036afce5c100b8b30599baf19ab64d20190392d2d9a28608

Download Submit
\??\pipe\crashpad_8_LYKRVSTAXXODKGNV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1132-2079-0x0000000004E40000-0x0000000004E50000-memory.dmp

Filesize
64KB

Download
memory/1320-2051-0x0000000005640000-0x0000000005650000-memory.dmp

Filesize
64KB

Download
memory/1320-2050-0x0000000000AA0000-0x0000000000AFC000-memory.dmp

Filesize
368KB

Download
memory/2504-1079-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3468-1077-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/3596-754-0x0000000005970000-0x0000000005C4A000-memory.dmp

Filesize
2.9MB

Download
memory/3596-750-0x00000000053C0000-0x0000000005964000-memory.dmp

Filesize
5.6MB

Download
memory/3596-770-0x0000000006EE0000-0x0000000006EFA000-memory.dmp

Filesize
104KB

Download
memory/3596-769-0x0000000006EB0000-0x0000000006ED8000-memory.dmp

Filesize
160KB

Download
memory/3596-787-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

Filesize
64KB

Download
memory/3596-749-0x00000000003A0000-0x0000000000444000-memory.dmp

Filesize
656KB

Download
memory/3596-771-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

Filesize
64KB

Download
memory/3596-765-0x0000000006FD0000-0x000000000711A000-memory.dmp

Filesize
1.3MB

Download
memory/3596-761-0x0000000006D80000-0x0000000006D98000-memory.dmp

Filesize
96KB

Download
memory/3596-757-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

Filesize
64KB

Download
memory/3596-756-0x0000000005390000-0x000000000539A000-memory.dmp

Filesize
40KB

Download
memory/3596-755-0x0000000005200000-0x0000000005292000-memory.dmp

Filesize
584KB

Download
memory/3596-786-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

Filesize
64KB

Download
memory/3596-775-0x0000000008920000-0x000000000897A000-memory.dmp

Filesize
360KB

Download
memory/3596-776-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

Filesize
64KB

Download
memory/3884-1158-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/4104-800-0x00000000058B0000-0x00000000058C0000-memory.dmp

Filesize
64KB

Download
memory/4104-801-0x00000000058B0000-0x00000000058C0000-memory.dmp

Filesize
64KB

Download
memory/4104-804-0x00000000058B0000-0x00000000058C0000-memory.dmp

Filesize
64KB

Download
memory/4104-805-0x00000000058B0000-0x00000000058C0000-memory.dmp

Filesize
64KB

Download
memory/4104-791-0x00000000058B0000-0x00000000058C0000-memory.dmp

Filesize
64KB

Download
memory/4236-1156-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download

pid	process
8	chrome.exe
8	chrome.exe
2700	chrome.exe
2700	chrome.exe
3468	rule34.exe
3468	rule34.exe
4236	rule34.exe
4236	rule34.exe