9f4f94e28d45ab21771555fd06d44418f5017acd2dd455b22620e420631cd15b

Analysis

max time kernel
84s
max time network
145s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15-08-2023 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CrosshairEditor by Freya v1 (2).rar
Size

757KB
MD5

4cd05080a94a3621c563ebd11c723cb1
SHA1

405d3286a1207f5d09631490c913c74abedc6fdc
SHA256

9f4f94e28d45ab21771555fd06d44418f5017acd2dd455b22620e420631cd15b
SHA512

db40ec348b0f7393824b21822c818b60b6959fc116370c36c0904bc371640dda11c1494439f04701f5a5cd9da2ea707796d51492c1621153eb632bf076a00cf5
SSDEEP

12288:lXZHmPaP+4PK6LydUODD4R2xoD6f9aten5gMz8JOBt5UWoG8IL2jU0SScCkh:lUPE5SUODD4R266We2LK/NNXCkh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1764-701-0x00000000012B0000-0x000000000130F000-memory.dmp	upx
behavioral1/files/0x000600000001c87b-700.dat	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2424	chrome.exe
2424	chrome.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 2908	1136	cmd.exe	29
PID 1136 wrote to memory of 2908	1136	cmd.exe	29
PID 1136 wrote to memory of 2908	1136	cmd.exe	29
PID 2424 wrote to memory of 2388	2424	chrome.exe	42
PID 2424 wrote to memory of 2388	2424	chrome.exe	42
PID 2424 wrote to memory of 2388	2424	chrome.exe	42
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 732	2424	chrome.exe	44
PID 2424 wrote to memory of 888	2424	chrome.exe	45
PID 2424 wrote to memory of 888	2424	chrome.exe	45
PID 2424 wrote to memory of 888	2424	chrome.exe	45
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46
PID 2424 wrote to memory of 1188	2424	chrome.exe	46

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\CrosshairEditor by Freya v1 (2).rar"
1⤵
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CrosshairEditor by Freya v1 (2).rar
  2⤵
  - Modifies registry class
  PID:2908

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2528

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2860

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\CrosshairEditor by Freya v1 (2).rar
1⤵
- Modifies registry class
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5219758,0x7fef5219768,0x7fef5219778
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:2
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1184 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3196 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3716 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2356 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4140 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4120 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4340 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4304 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1204,i,9753624171318349870,9336510099618330104,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Users\Admin\Downloads\winrar-x64-623.exe
  "C:\Users\Admin\Downloads\winrar-x64-623.exe"
  2⤵
  PID:2060
- - C:\Program Files\WinRAR\uninstall.exe
    "C:\Program Files\WinRAR\uninstall.exe" /setup
    3⤵
    PID:612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3008

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe"
1⤵
PID:976

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\AppData\Local\Temp\CrosshairEditor by Freya v1 (2).rar"
1⤵
PID:2024

C:\Users\Admin\Desktop\CrosshairEditor\Freya.hl.exe
"C:\Users\Admin\Desktop\CrosshairEditor\Freya.hl.exe"
1⤵
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
109KB

MD5
a9369594740dc19b0e95ea48dca8bc23

SHA1
f4fa020e0bb4076411dc792eab887d876734672a

SHA256
05addd3d2be44b79266e6758239191147705e2918809cc21d821fb11a14bee2f

SHA512
a8f53f97c93157eecef6015b7e86f3cf4aca593098ef5cba4a0c23829efea580d92012673b4abc66deac5c868f4c76e762eb5e8b03e722ac6c6ac6a500119d20

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
75aac9d1f8f9079920e67a2e5a69756e

SHA1
9a82e23162f801ae9025d3bdb504b8be6f01367d

SHA256
66440d6bd2554caec740850782036b372d15f298af28f68c5daec9f13a42e3ab

SHA512
9f54d32817d561fadfc32f99ecc809d6f9eb87f0fe1409882307a5407218a73dc6e00610501d59e0acc9b9bf1a12e8bc311da7ec471b785df6d39f3d626a3542

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
75aac9d1f8f9079920e67a2e5a69756e

SHA1
9a82e23162f801ae9025d3bdb504b8be6f01367d

SHA256
66440d6bd2554caec740850782036b372d15f298af28f68c5daec9f13a42e3ab

SHA512
9f54d32817d561fadfc32f99ecc809d6f9eb87f0fe1409882307a5407218a73dc6e00610501d59e0acc9b9bf1a12e8bc311da7ec471b785df6d39f3d626a3542

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
105KB

MD5
575f5596dab03c85365221907a806b55

SHA1
0b99cf32075936f8ceb8bd900a9770713a61f31a

SHA256
aefcdffa9a231ea50b75785bd9a96a7bc209a33b1bddc26c643415ed6439483a

SHA512
4abe3b5c33e6e9ece1b3e95ac95d87451fff62e09d30c6fcca4965e6d226d480c396b5f47db3abc13e2520827514bcb5c030b664f299622df2ecc5eaa5d2051e

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
317KB

MD5
70f999656185c78c219fa1eab112e92a

SHA1
1970bbc16947648e3abcdd431c1be6af945073bd

SHA256
6958bd49bcb61617eb8bc1c222cc65319c281357f8bb83d1526c576cb137f08a

SHA512
da62040a72babbdd150c30734a79f70b9f91addcf70c50a309538df6f2e06b8e20aae621f56a25ea21112fa94733a5e45ace91824c1c731ee8bb9adb8aaa3862

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ddc0f6519511b48447587ff1096fe61

SHA1
dbed6ec15fa3a8ed7e915860d02aa6bf612013cf

SHA256
593abacc12e0a007b9c90413ce1d10f595bbc16807eb02f2c373560bd943f00d

SHA512
df337e4f030aaddc56119346c55d8200605e82e48caa19734a7d2f1c154e4f5bfaec7b2601d4d28b498bba2cf53acf7d36738d3691b5b1cf5f87027b7c3d7f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9beb68ba-9b67-414e-8a07-371405779885.tmp

Filesize
182KB

MD5
001576b6ff4cea71e5f242edfd477816

SHA1
561fa60cb704c56e3f819581b831f3a2ac2e6745

SHA256
c85290efe821d7ba33b3befaf3b3cef6e5f579e0635b56fc6ea7a951c1a576cc

SHA512
bf0a50eda965162d5709f98a93eaa5daf74a929b49010eff3f4f908373c3d740d14379a2b6f4ceb671afb01050b69f6340a9cbc1e7455657061fa34f22b312eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
0055452f9a522a347101fcc171b9cba5

SHA1
2798ed42de4084c6730a73fa21568b20040c6b6b

SHA256
74d7d68cd9e12e5ff310e48d469567b295a972483cc59ebd7be414a701fe76e3

SHA512
743c8fd8f0730c26fa5ba658a975710d1e577a9eb1e7b12fc02f02e620582be555873e6879c34f270ba11380fc18b6814f0271e1624592bc0e1283d10d4446e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
295a41af34b2fedf9822f7d4a6a69675

SHA1
a80322d492caebf0b11e3f4ad27c695874f8189d

SHA256
1143975b22b758a8a3e1f0ecc722e23969785b5230006b02dcd64920569da861

SHA512
bd061c848c48b03b7b01819f659ccce5b79573468340c13e0276d1352ee34f144476aa800acfe735748f618538f9795c70554cef7f31fa71327bbcd69190778a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0ebf7e7820b13f4edaea53d63185cf07

SHA1
463a57da8731a26c911c63e038ee3e75afa8d662

SHA256
e8efea062efea4bc9044b0d239c1c0f8769ad053dd5cdd9de96e88dffd51e847

SHA512
5dfc77490c1beb6cd15b248665ceaee44ef67f93e55e3c31fbc59b83f2faa3f44eb71ae53de031ee7659ccfd8049410d578c9b0e8fb402f342495bbeae1903d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
be9e30e29f12f892e14e0a99d4bf2dff

SHA1
eb6e346ef156498b698ada74173de50bb71c354c

SHA256
b2cc0fe4c6e4d2abdb01eaba58a685e16cf2e9bece103968fbe5d4bb43ec52bf

SHA512
8d32f4534e4bdc6d2f0c23d36241a6b9d3cb85774f43f55d4b566f2e339481cf13c8e546a164545c6602a148ed8ba6311f20202757dd030b348dd9f80576bd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
aadda25c2824362c809ee6d8a8924078

SHA1
659a653086350a0a97c21198da221eed38dd88bd

SHA256
bc1e0c17b2b2f439d06da7cf59ea3069214434eba2b8c139a66f43a4644dd46c

SHA512
7feca360c47a1424aaa8dce54d9b0be362b16d66c594ea8a1ccccb4596b253304d28814d5bddf204f4f34c22d1146d6a0026378275259e57342ac293d7688bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
182KB

MD5
e620037bd79a77c8ed1999e82cc9c307

SHA1
0dd4ef42296b5d9d5dbc189d4af4fcb90d431f0c

SHA256
c46a965821d9992ab2563bc6815483beabbcbae3d1f26ce96bbeb1a3aed71b55

SHA512
3be199adb4ed1e311c194c408e5f85048171b09295177774bf736da2dd30e247a80f07300f3b9d04fbee5587dd5018a44ca54678e646c091f0112b71bd7f93d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE468.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE574.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\WinRAR\version.dat

Filesize
12B

MD5
8883726407a0e1fa0e53b2bdb41f9055

SHA1
fab0b8f2401903ccf231631ae8037d319d7860ad

SHA256
916b9caaa0ae0444351a34007edf00d26a003fa821c61a1c2bb5e88ef9794575

SHA512
ac16e470c8a779d78b0610d751e5ca7d18afdeca81f39a81242c6720639ff2f65b0f25ee518bfc3b71953ff79bedf43ec90ed46b19de5337f586a84f82221654

Download Submit
C:\Users\Admin\Desktop\CrosshairEditor\Freya.hl.exe

Filesize
179KB

MD5
12b9674d5a68f829f20214644e67baa3

SHA1
9f2681173105f628c7cb14b57540121c5dc667dd

SHA256
88132922084d88a606d4430b1903c2c7d2b48e4b1467253c3a51ed00b05954c6

SHA512
c1c47d6d7f2ec3d2cf6a50fe85acab653a4e81d7c56a2f1972f7de0b686272c3cb03f59be9512acb4530b94bbe90d4b81b00682d4413ed62bc69b6033a43a073

Download Submit
C:\Users\Admin\Downloads\winrar-x64-623.exe

Filesize
3.4MB

MD5
7a647af3c112ad805296a22b2a276e7c

SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87

SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959

SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86

Download Submit
C:\Users\Admin\Downloads\winrar-x64-623.exe

Filesize
3.4MB

MD5
7a647af3c112ad805296a22b2a276e7c

SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87

SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959

SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86

Download Submit
C:\Users\Admin\Downloads\winrar-x64-623.exe

Filesize
3.4MB

MD5
7a647af3c112ad805296a22b2a276e7c

SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87

SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959

SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86

Download Submit
\Program Files\WinRAR\RarExt.dll

Filesize
665KB

MD5
9ea95c0a09b40fdd8f51a892c4b6aa10

SHA1
eadcfbfe9ca334ab8bbdb37ac82cae1d83d3f65d

SHA256
94b0b503a87c0b9f4b4e14666c9771d939867634fd4832b041e5e0f54b080e1b

SHA512
b3e0712becae56b3cd69c281dd833ed8b8d641847f11e5446b91838153a2b1c549ff59db63fb3ccabbc248035c1d01144ef5148f313606cb6c8ebdabf262279e

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
75aac9d1f8f9079920e67a2e5a69756e

SHA1
9a82e23162f801ae9025d3bdb504b8be6f01367d

SHA256
66440d6bd2554caec740850782036b372d15f298af28f68c5daec9f13a42e3ab

SHA512
9f54d32817d561fadfc32f99ecc809d6f9eb87f0fe1409882307a5407218a73dc6e00610501d59e0acc9b9bf1a12e8bc311da7ec471b785df6d39f3d626a3542

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
75aac9d1f8f9079920e67a2e5a69756e

SHA1
9a82e23162f801ae9025d3bdb504b8be6f01367d

SHA256
66440d6bd2554caec740850782036b372d15f298af28f68c5daec9f13a42e3ab

SHA512
9f54d32817d561fadfc32f99ecc809d6f9eb87f0fe1409882307a5407218a73dc6e00610501d59e0acc9b9bf1a12e8bc311da7ec471b785df6d39f3d626a3542

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
437KB

MD5
75aac9d1f8f9079920e67a2e5a69756e

SHA1
9a82e23162f801ae9025d3bdb504b8be6f01367d

SHA256
66440d6bd2554caec740850782036b372d15f298af28f68c5daec9f13a42e3ab

SHA512
9f54d32817d561fadfc32f99ecc809d6f9eb87f0fe1409882307a5407218a73dc6e00610501d59e0acc9b9bf1a12e8bc311da7ec471b785df6d39f3d626a3542

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Program Files\WinRAR\WinRAR.exe

Filesize
2.5MB

MD5
ee69d18ef002d3119c8b67acf2243103

SHA1
3edf9831a6536e6351b85501253794a6e0bf98e3

SHA256
41bd325aff9b19c028c1e96eb1a3b08a8d00859004dbd16b7495b6a4cfdc1227

SHA512
813c9e3dd61ea8778089468f04e7c844248321ce92a2c4eeeea758c1eb2480e3cf3d041a38f23efab64f459167d0c7bbbb26a3d5345332ededcfcf281b991bbe

Download Submit
\Users\Admin\Downloads\winrar-x64-623.exe

Filesize
3.4MB

MD5
7a647af3c112ad805296a22b2a276e7c

SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87

SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959

SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86

Download Submit
\Users\Admin\Downloads\winrar-x64-623.exe

Filesize
3.4MB

MD5
7a647af3c112ad805296a22b2a276e7c

SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87

SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959

SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86

Download Submit
\Users\Admin\Downloads\winrar-x64-623.exe

Filesize
3.4MB

MD5
7a647af3c112ad805296a22b2a276e7c

SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87

SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959

SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86

Download Submit
\Users\Admin\Downloads\winrar-x64-623.exe

Filesize
3.4MB

MD5
7a647af3c112ad805296a22b2a276e7c

SHA1
9cdf137e3f2493c9e141d5ec05f890e32b9b4e87

SHA256
20739e8fc050187af013e2499718895e4c980699ccaf046b2f96b12497e61959

SHA512
71d86d8dc598aafa91da8e0d971d1bbb87135832b848547c5c611bc828d165625c7a19af2cd300373190cf3eb782c714ac73d84ada53b37b6d8c1ee8508bcd86

Download Submit
memory/1764-701-0x00000000012B0000-0x000000000130F000-memory.dmp

Filesize
380KB

Download