148e4c8e99f4281669edf06efe06a2d665fa52465845ebd399a669b21b65dad5

Resubmissions

28/12/2024, 23:54

241228-3ycdrswjev 3

08/08/2024, 22:06

08/08/2024, 22:00

08/08/2024, 21:53

08/08/2024, 16:19

08/08/2024, 16:09

Analysis

max time kernel
392s
max time network
379s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/08/2024, 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

13KB
MD5

67d2b578e5dc47cbdfc65ed262e16ede
SHA1

aedf2e8344506c3f622c7c708dca7620410d6a16
SHA256

148e4c8e99f4281669edf06efe06a2d665fa52465845ebd399a669b21b65dad5
SHA512

fbc12b7c0036b6012c3707d319d4c4ee9d3c67e70b2cb50e78014123e2daa39b29c540ec87e2a9a12d36bbbb48185c29de082e68e741cc4698843f0dcdc9998b
SSDEEP

192:2335phvCphvpWPlphvf5+YUXmg7J7bBSagVSOphvY:i35nKn4PlnQYmmg7ZyZng

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 6 IoCs

pid	Process
3048	winrar-x64-701.exe
884	uninstall.exe
1544	WinRAR.exe
1240	ArenaWars.exe
556	old-uninstaller.exe
1728	ArenaWars.exe

Loads dropped DLL 45 IoCs

pid	Process
2692	iexplore.exe
1232	Process not Found
3048	winrar-x64-701.exe
1232	Process not Found
884	uninstall.exe
884	uninstall.exe
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
2696	ArenaWarsSetup.exe
1232	Process not Found
1240	ArenaWars.exe
1232	Process not Found
1232	Process not Found
1232	Process not Found
1232	Process not Found
2964	ArenaWarsSetup.exe
2964	ArenaWarsSetup.exe
2964	ArenaWarsSetup.exe
2964	ArenaWarsSetup.exe
2964	ArenaWarsSetup.exe
556	old-uninstaller.exe
556	old-uninstaller.exe
556	old-uninstaller.exe
2964	ArenaWarsSetup.exe
1232	Process not Found
1728	ArenaWars.exe
1232	Process not Found

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates processes with tasklist 1 TTPs 3 IoCs

discovery

Process Discovery

T1057

pid	Process
1140	tasklist.exe
1616	tasklist.exe
2056	tasklist.exe

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Zip32.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Default32.SFX	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Zip32.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Default32.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\WinCon32.SFX	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\WinCon32.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-701.exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-701.exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_259640919	winrar-x64-701.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArenaWarsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArenaWarsSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	old-uninstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 20f88188ade9da01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 45 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA5E2E51-55A0-11EF-987A-EE88FE214989} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000005362a9160d9b1dfb57e90114edaed4ff528ae5abdcb90ddb92379e025a3649f0000000000e8000000002000020000000999d3bb4bcf19d4c87bbdbefb5ac8c662e953200d0a710d073e705b91d19b1e220000000b79e397c57d349c3604166a340163d34e1c84da19b7baeb178a36ea1a9d545d840000000986a43205590b1ea971d19fcaf1187251ef52b61e27001d02c2a10e8060191ec3ab1dfe87318c710c6e1a8dc1f4376dc237a8b5aa45a49dda833f74ed1db904c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90734e80ade9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000394c3962db48d7ae160a6a448ce3bb122796566e8629eca19bcca193f93ede8b000000000e80000000020000200000003ebb1bc41c941f70ccd48238870acce1eee195fb88d49ef9b858a1683b6d68c890000000d75b21e7ead312a9bceacbcae51eb95bec8a08bde01f6910ce996d414cf8c5673f64fd71503366b49399fdfc3768f91ed3ca7e653e1f81a7d745d03a4da11247a2212fa31f7494e21bcfe0b7a47926193850128abd4d87782391cf025885792c3d043e14641325ad2cc3ba31d7d0dba72b91f140a7cacbdd50cc33a138f43bb06b5f36c944787ea394f35a56dde79c2f400000008cf5faa00084b1e92fd3af8a0b3f9bf91eb7b6ed6f29ceb9e5b35b7a47ad24085761c47d897416ab7cd9c062c110eefd1d6ef49da48217deed668e9cd39099b2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429295276"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	WinRAR.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	WinRAR.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	winrar-x64-701.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	WinRAR.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.7z\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.arj	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.z\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.uue\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz2\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ShellNew	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.taz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml	IEXPLORE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.taz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList\WINWORD.EXE	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext32.dll"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,1"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zipx	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz\ = "WinRAR"	uninstall.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2224	vlc.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2696	ArenaWarsSetup.exe
1140	tasklist.exe
1140	tasklist.exe
2964	ArenaWarsSetup.exe
1616	tasklist.exe
1616	tasklist.exe
556	old-uninstaller.exe
2056	tasklist.exe
2056	tasklist.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2224	vlc.exe
1544	WinRAR.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1140	tasklist.exe
Token: SeSecurityPrivilege	2696	ArenaWarsSetup.exe
Token: SeDebugPrivilege	1616	tasklist.exe
Token: SeDebugPrivilege	2056	tasklist.exe
Token: SeSecurityPrivilege	2964	ArenaWarsSetup.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2692	iexplore.exe
2692	iexplore.exe
2692	iexplore.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
1544	WinRAR.exe
1544	WinRAR.exe
1544	WinRAR.exe
1544	WinRAR.exe
1544	WinRAR.exe
1544	WinRAR.exe
2224	vlc.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe
2224	vlc.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2224	vlc.exe
2704	IEXPLORE.EXE
3048	winrar-x64-701.exe
3048	winrar-x64-701.exe
1544	WinRAR.exe
1544	WinRAR.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2704	2692	iexplore.exe	30
PID 2692 wrote to memory of 2704	2692	iexplore.exe	30
PID 2692 wrote to memory of 2704	2692	iexplore.exe	30
PID 2692 wrote to memory of 2704	2692	iexplore.exe	30
PID 2692 wrote to memory of 1968	2692	iexplore.exe	32
PID 2692 wrote to memory of 1968	2692	iexplore.exe	32
PID 2692 wrote to memory of 1968	2692	iexplore.exe	32
PID 1968 wrote to memory of 1204	1968	rundll32.exe	33
PID 1968 wrote to memory of 1204	1968	rundll32.exe	33
PID 1968 wrote to memory of 1204	1968	rundll32.exe	33
PID 1204 wrote to memory of 2224	1204	rundll32.exe	34
PID 1204 wrote to memory of 2224	1204	rundll32.exe	34
PID 1204 wrote to memory of 2224	1204	rundll32.exe	34
PID 2692 wrote to memory of 3048	2692	iexplore.exe	36
PID 2692 wrote to memory of 3048	2692	iexplore.exe	36
PID 2692 wrote to memory of 3048	2692	iexplore.exe	36
PID 3048 wrote to memory of 884	3048	winrar-x64-701.exe	37
PID 3048 wrote to memory of 884	3048	winrar-x64-701.exe	37
PID 3048 wrote to memory of 884	3048	winrar-x64-701.exe	37
PID 2692 wrote to memory of 1664	2692	iexplore.exe	38
PID 2692 wrote to memory of 1664	2692	iexplore.exe	38
PID 2692 wrote to memory of 1664	2692	iexplore.exe	38
PID 2696 wrote to memory of 2372	2696	ArenaWarsSetup.exe	45
PID 2696 wrote to memory of 2372	2696	ArenaWarsSetup.exe	45
PID 2696 wrote to memory of 2372	2696	ArenaWarsSetup.exe	45
PID 2696 wrote to memory of 2372	2696	ArenaWarsSetup.exe	45
PID 2372 wrote to memory of 1140	2372	cmd.exe	47
PID 2372 wrote to memory of 1140	2372	cmd.exe	47
PID 2372 wrote to memory of 1140	2372	cmd.exe	47
PID 2372 wrote to memory of 1140	2372	cmd.exe	47
PID 2372 wrote to memory of 2052	2372	cmd.exe	48
PID 2372 wrote to memory of 2052	2372	cmd.exe	48
PID 2372 wrote to memory of 2052	2372	cmd.exe	48
PID 2372 wrote to memory of 2052	2372	cmd.exe	48
PID 2964 wrote to memory of 2988	2964	ArenaWarsSetup.exe	53
PID 2964 wrote to memory of 2988	2964	ArenaWarsSetup.exe	53
PID 2964 wrote to memory of 2988	2964	ArenaWarsSetup.exe	53
PID 2964 wrote to memory of 2988	2964	ArenaWarsSetup.exe	53
PID 2988 wrote to memory of 1616	2988	cmd.exe	55
PID 2988 wrote to memory of 1616	2988	cmd.exe	55
PID 2988 wrote to memory of 1616	2988	cmd.exe	55
PID 2988 wrote to memory of 1616	2988	cmd.exe	55
PID 2988 wrote to memory of 1632	2988	cmd.exe	56
PID 2988 wrote to memory of 1632	2988	cmd.exe	56
PID 2988 wrote to memory of 1632	2988	cmd.exe	56
PID 2988 wrote to memory of 1632	2988	cmd.exe	56
PID 2964 wrote to memory of 556	2964	ArenaWarsSetup.exe	57
PID 2964 wrote to memory of 556	2964	ArenaWarsSetup.exe	57
PID 2964 wrote to memory of 556	2964	ArenaWarsSetup.exe	57
PID 2964 wrote to memory of 556	2964	ArenaWarsSetup.exe	57
PID 2964 wrote to memory of 556	2964	ArenaWarsSetup.exe	57
PID 2964 wrote to memory of 556	2964	ArenaWarsSetup.exe	57
PID 2964 wrote to memory of 556	2964	ArenaWarsSetup.exe	57
PID 556 wrote to memory of 1748	556	old-uninstaller.exe	58
PID 556 wrote to memory of 1748	556	old-uninstaller.exe	58
PID 556 wrote to memory of 1748	556	old-uninstaller.exe	58
PID 556 wrote to memory of 1748	556	old-uninstaller.exe	58
PID 1748 wrote to memory of 2056	1748	cmd.exe	60
PID 1748 wrote to memory of 2056	1748	cmd.exe	60
PID 1748 wrote to memory of 2056	1748	cmd.exe	60
PID 1748 wrote to memory of 2056	1748	cmd.exe	60
PID 1748 wrote to memory of 2856	1748	cmd.exe	61
PID 1748 wrote to memory of 2856	1748	cmd.exe	61
PID 1748 wrote to memory of 2856	1748	cmd.exe	61

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Loads dropped DLL
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2704
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2D3H3V6\ArenaWars.rar
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2D3H3V6\ArenaWars.rar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1204
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2D3H3V6\ArenaWars.rar"
      4⤵
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:2224
- C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\winrar-x64-701.exe
  "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Program Files\WinRAR\uninstall.exe
    "C:\Program Files\WinRAR\uninstall.exe" /setup
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system executable filetype association
    - Drops file in Program Files directory
    - Modifies registry class
    PID:884
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2D3H3V6\ArenaWars.rar"
  2⤵
  PID:1664

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\ArenaWars.rar"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\Desktop\ArenaWarsSetup.exe
"C:\Users\Admin\Desktop\ArenaWarsSetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq ArenaWars.exe" | %SYSTEMROOT%\System32\find.exe "ArenaWars.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq ArenaWars.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1140
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "ArenaWars.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2052

C:\Users\Admin\AppData\Local\Programs\ArenaWars\ArenaWars.exe
"C:\Users\Admin\AppData\Local\Programs\ArenaWars\ArenaWars.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1240

C:\Users\Admin\Desktop\ArenaWarsSetup.exe
"C:\Users\Admin\Desktop\ArenaWarsSetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq ArenaWars.exe" | %SYSTEMROOT%\System32\find.exe "ArenaWars.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq ArenaWars.exe"
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1616
- - C:\Windows\SysWOW64\find.exe
    C:\Windows\System32\find.exe "ArenaWars.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1632
- C:\Users\Admin\AppData\Local\Temp\nsgE0BF.tmp\old-uninstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsgE0BF.tmp\old-uninstaller.exe" /S /KEEP_APP_DATA /currentuser --keep-shortcuts --updated _?=C:\Users\Admin\AppData\Local\Programs\ArenaWars
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:556
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq ArenaWars.exe" | %SYSTEMROOT%\System32\find.exe "ArenaWars.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1748
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq ArenaWars.exe"
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2056
  - - C:\Windows\SysWOW64\find.exe
      C:\Windows\System32\find.exe "ArenaWars.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2856

C:\Users\Admin\AppData\Local\Programs\ArenaWars\ArenaWars.exe
"C:\Users\Admin\AppData\Local\Programs\ArenaWars\ArenaWars.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
105KB

MD5
b954981a253f5e1ee25585037a0c5fee

SHA1
96566e5c591df1c740519371ee6953ac1dc6a13f

SHA256
59e40b34b09be2654b793576035639c459ad6e962f9f9cd000d556fa21b1c7cd

SHA512
6a7772c6b404cd7fee50110b894ff0c470e5813264e605852b8dcc06bfaeb62b8cc79adcb695b3da149e42d5372a0d730cc7e8ed893c0bd0edb015fc088b7531

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
45KB

MD5
1c44c85fdab8e9c663405cd8e4c3dbbd

SHA1
74d44e9cb2bf6f4c152aadb61b2ffc6b6ccd1c88

SHA256
33108dd40b4e07d60e96e1bcfa4ad877eb4906de2cc55844e40360e5d4dafb5d

SHA512
46d3fb4f2d084d51b6fd01845823100abc81913ebd1b0bcfeb52ef18e8222199d282aa45cae452f0716e0e2bf5520f7a6a254363d22b65f7ab6c10f11292ee2d

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
316KB

MD5
6ca1bc8bfe8b929f448e1742dacb8e7f

SHA1
eca3e637db230fa179dcd6c6499bd7d616f211e8

SHA256
997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344

SHA512
d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
3.1MB

MD5
53cf9bacc49c034e9e947d75ffab9224

SHA1
7db940c68d5d351e4948f26425cd9aee09b49b3f

SHA256
3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3

SHA512
44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
b1c7c972f28afe1b639d889b01e3c546

SHA1
c70e247383fd3b90a4dca56b29bec9ad0897dc7e

SHA256
dd033aa5a58c6d8a88fad0e201564c37cca1c486cc20bef59cf5be84219936c4

SHA512
5fab4a6a4a7a1165f8343f8e4f34c771575c2cd7a9fd39aef6aa88ec3f024c1af624ef9421915e1798d9081a5fd2ae9b43da4b27903c5965861651db505dc53d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e49dd34cee334cf7a70e0a1f6c0722c2

SHA1
8bf88379419d722933cc678798f70dd50a5a64bf

SHA256
3534ada32f4340a5e45d753ca9bd165707ac70158d77c5464c1720dc47a33b05

SHA512
410aa37e8d5b25acca8dd1268881be3aaa8938d6596c172e9b0662f603d9ad16fc401b90379db917c1f37d71ec69cd49f9aff16b0dcec5c5d009ca2682655e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af72b469489ad1bda72eb85ca716eba6

SHA1
1bebd849f65347496cf961b6bece5bff50c6e36b

SHA256
5feed85e5f052ebd5ea2c9abf68bd2a5799c2c840c4f97d5ae9e1e3f88eb8501

SHA512
e6e53bcea6b584dffec3693dc062c0d399ab9857a536563f1952de9c49133487a6b6192926c0a972e1be3e38c48d5880189f5132926ef7aad1fd1212d31ddaef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4256572e274e9438560c8641e48e005

SHA1
7ffaa86eef9cca96476780b46e4de21dfa902f34

SHA256
203872ab8d4b5a3c8759f1cf22b6b8faa291b46b3bc1c2aba6f0f4b535687ddd

SHA512
dbf96f5758aa57adad1522975db0bab8fa03292fc00989463673a7a24672d5257c6bf53f782c50a7046734a12fa5227a600411ee62e0234d6b8fa82ae9203543

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2330398cd61506d1eb773d5f2dd25c2f

SHA1
3888a87d7966b33053b2e55cfedf2ef6c8c89609

SHA256
341c121000148830cc3a487f224736d4a3bc232829f78956d5440b9ba7479f43

SHA512
986db4d9d96be848d64228825c123ca954d1a31d60ca977da65585152f0cdeb5dfa03a753c17705e6f57e33c8dd13a152db520e7d6405f53c194cccf66175564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa1acefa48b526fce12c539395898317

SHA1
ab9b9dd2150a086bebf8b3119820001900173ec6

SHA256
4dc0b5f72816438debfb5b3d5805152863949d0b116e7ddee9978f8d70ed156c

SHA512
ba5d21196b9a7f9017ea526f2fc7940f14d0d2fc2e0bb76d7e547d60601781971c058295201f6320093cab37f2d22288ffdd4dac9bd8fe39f4cc9dea3e75c161

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3aa6b84e971df7ec3bbd3046fbfa5119

SHA1
f9a7fdb4dca7d18b38737a8a16deabf01edd1166

SHA256
04bc67f833d5a08795f2847d1c1c55639755818dce77775288ea46b2f5b5f21a

SHA512
69d0ad2fad4836819496552a4528e81718fff992f3d2f030def918b6701d6e5c64bc01e4f2a53a8245e6159ca71d6e17b3d3585d1741b672b8a02711fde01ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79af62656980ae60f4568dc8a4e5a204

SHA1
619fe3039aeaff15f862e771bdeb4f7da3195786

SHA256
d4bec42b88c6ae2da409a4842af97b66b80b5fbacfbb820a37ee402eb8aa0b0c

SHA512
e4e795973d58dce730c07ab69b3cf4d9a92575c22ee6be575f5d94ba3fdfd005d0468062b9d1b13710a56c250669bd554fbd0df620cc6d9120cdf5aa6c9660db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2166b204c032a0e9eb15a0f55f9f8f53

SHA1
a91c168a4cafbbbf80be2d68b23ae0b6b45704e5

SHA256
a3adb8daf9dda62eb11f630e9c1e74fd680caef7aee7e7874862627c1b6664b4

SHA512
e86c313ecef924c2c58e661f8afb46b4c3b92fa280998f1ad88cc82ca7aec211099d7c7187c0342fc1093c35b06dd737e1c287a51d0191520174977031490bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c100d15ceab5e786145d7c5db201817

SHA1
975d106962b1b1d668cfdb71854da7be26187cc6

SHA256
8e22c816ee913bbf2524b05eb122afb291282a466de98685c12f30d53ce080ff

SHA512
cc08bfa08c34a9db173787933c31775b5ec98fef0477a771ad6e778ea8e452dcd019ecd978dc708cd774426615fff39f58a01d4114c3f4623bf80757a03145fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff9d47858175f22d86eb5339fc041903

SHA1
5393a5bdfd8be42d0581f89c475221a02508d909

SHA256
1e667e0e0247665ac583c6765ba1518c2b4382b2a8e95a98b1d82ced2753ae86

SHA512
653b61dc40896b8a1943d3167c76c0625c23e41bc4681997f7fc16900e08a9b38380ac5af738e6e7e3e020459cf4e8cfe08e090767c9ad95c802d875c0300d4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81ec87a9033df27b4eba4c67e479545b

SHA1
01df89804f9859afc1a3ecf3c18763f20d045be6

SHA256
0c93345b267432605826e6a53c618d5a52c3b7595ffe07b43a392e7685d7bc10

SHA512
b84b3623f40dfff80b0952bb79dbc133924635acd253853ac558a75196718bc276df71c229a5c3169462f8aa4afaef46c27887b2e08a4af583698413181f6a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92bd82f63fca5aec2ed4201a755d2f5e

SHA1
b94aa7bb99bf42a3a2b0dd47e4c3ea195cb27a24

SHA256
96ea777b8600d78b4fa97fe827d6209d407b080878b66688c9e1e2fc2e3073c3

SHA512
5c82647dc8e7465bdea0ae868f7e8a2778c25d8a08ef13ed4a96dd89ceb03dc9a03d26f3c0bd5942a107f8a24b8657141a5b05787a799337746edbda36e73b29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0103ca319c08e12245c8e572c0ea4f7

SHA1
81036ec76facdf3607e80e9816b88d096853d4e2

SHA256
f6efec2298261c15c0a55ba5712ba392d817cd9ce52eb87612542189bde65b13

SHA512
c7afecd77c0cfae54f0450bc31278779b05bf97015b79e540f494f8a012d9ff3b66c3e4c07047263029d5b77475c12e8bf368655e44a62e5f93dc325ac8ad52f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bfbda9f55314e39cebd3aa80633c821

SHA1
c25df27ee643e6711a6ed162b2f22e634f921d07

SHA256
470197e5689c7c07d4fb06f0b4619b00d6df93b4e5273da165fd554b4da497e8

SHA512
750f7f0edbc7a3c8f7d7f22d5e9944534b56f463f24fef61fc848576a85d84e8d3bba241cfd81415553e2f6e039e2725094b39c64568c1245893c17121fc9c17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2d6198a2017a80ea28b13eaa14611ef

SHA1
a47509b8c4653d5f209b45db81ea5ca6c3f889ae

SHA256
62fe5a9fd12dbd7ab98013f7482b24f0cd70cbf9d392ef77dc9fdb16ab36fd0d

SHA512
830c5adc36aa656f1f4ee974f3ae8c697e79d492b7457d6dd5b61027063d7b22c23581f3904745d6e44711f656a6cb4190724a67de9b344b82919c2178562cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
025f9c137786142a27aa5729760c0cf9

SHA1
44a83ec8f18be39e9041bf765baba6fed8e752ce

SHA256
277eeda14642b42c54ddbcf71216e6b60cde6f4664cd6ae6ed063ecc82497f83

SHA512
364c8f6dd529510b9d2a621fd4318989113a5611ed630b140837415bd09c565b92a24ddfb6e53a7e034fdfc0ecb30e1032c5b72404e3176893813846d4ff5e02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7270270e841b1b7638a0dbc5cc49267c

SHA1
c0b465d52162fea6ffbfeda520473f5456b7375e

SHA256
28e5d620294a2c06f3ed4948e3a2002c100c1ded0b966af7ea4409d7e2cb1684

SHA512
5dc48773e69b0a6eaf576f9e62ab354fca55ac64619885704ab74e9c61996ab6eb15bcf164ad178b1cca1111e761e240458eca80a72256252bd0648be13936e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcad1b3e7b0838dde0c2424fd77d902e

SHA1
4e1acd14cb5c3d54270fbfa8c614e9c5e402b410

SHA256
8b0e8c70decf016d08cbae191c91c9acba9c1c3c58b9aaa106c4bb4920afc795

SHA512
c8c30578a4a7b04e8b77f8028acaf3ac44cd20ebede3ea515311d743048afadca4d96dfa34485418da7af59bd40b75eb854003fd9ed380582ae4abacfcd347b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf8e2ff3892db598b77e1d1b4e8a0442

SHA1
abf8f7555e908c14e0a8415c8204babc8be6c09b

SHA256
e88882fcfc12bbb5a2f79971c4a88bc3f1440bc98496baa04fbf0d10f17e9064

SHA512
67108ebbc0bbaeea8c1b156a1edcbcd366f6e5ae54f79be0c6d59487af55bf9e3e948ea493eb49ad7d58e7f52671ada652fe2213e4b49921bf3818a1902c6e60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a9a1fcec0c92f9d08032ad05b4e8457

SHA1
58faef3dff37b31c9f518b235978e948248546b4

SHA256
64e41e51128633c94e093cf963be4b37441a99292d59481513cb008f3c2c46e8

SHA512
c55e927c0fc8ea8cad5d22514f26c65c14ab3ac67a6f257e82bcd0a9b988ecc478f8f384d01e95aa253d29e4cdeb00f6bdb1ae9a1a5e59393cf8f5da2e5906e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31d3aeaa82ecaa94189470643905047d

SHA1
65d875a1113e0e5f52d7e503e0c61fe4e086602a

SHA256
df5b6c81dc31e07a10892226e0491a8c131f6587d921980eddf2c8d793bbbf39

SHA512
290e356952ad072062a299e663c6e317a5010c0832f2bda8753ea026e981eb743de5a1b4dba8b4fc8026f2b49f77a1b3464e17a5968f83a819c360543a9e3b2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc14396175c0a5b1c300bff101894bfb

SHA1
06673ddb53cfaf5c204b1777e0949fb7a167361b

SHA256
5f73b93efe2f1d6502fc1c0cf768992b399e2469ed09122eb9002ed80ab3894e

SHA512
04f0cf49ab22f3a2ee790f469031f296fd98af9c2d76167983b6ea0192a5b89c4dc7d00d64b3efc5da57453aabd05d15d409b35d01385d6586ed60a5768020f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a5e7940b60e7d8bee6aab15ffef6df0

SHA1
7f25cee8173d0c1fa67545ebefa6a5b5b0787bbb

SHA256
9e4e2a095c212194840e77fd0f8132df38c29264b68f39eb576d72981a52c168

SHA512
8012538545f507a2eb84df3a9f3f9ef77ed3e4b81275b24ef3e3ecf0cfcc60f9178be3faed135c2bf497a79a644295b4627ca63946e7cf25aec4f12a419f8e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbe44cc80e73a9df7a4b7420afc27a97

SHA1
aeb18a35f5749a3afc717f0505fa0711e39840c6

SHA256
8eded399f92ff4a3ef5686ed7283aae40446edb88eed6f3825949f96ba3f275f

SHA512
ea8fd0c2d08b1f4b5ec8aa003f8a215bfd4cd7d574e6e91146d0837aa8184b0d80c701e22a49c2f8d2932597b73e3b45eb4f9613192a6dc4678b3031bde96214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a16466ccf854f13925a48f83da0bc2f6

SHA1
1309034ac0fc2f90c7a703245f10dcc801b02adc

SHA256
8fd1f79b045e24d20e2d366056f01b191fae2164e336f312979e85993b90d02b

SHA512
50cf795b54b6decd5714abff618f63231bc2552b04dcb11283227f5aa4592f462fb18a2c1a60132b2c978c2fa4d09e9ffaae9279d6cf191442136d476b5c0ff1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba0373fd8cce55e8329b52dc0bf2c1c7

SHA1
1edff13298c436feb1a0c5ca838087db7b3c8fdb

SHA256
0b0f4b09f3a10e82c05a71b9278600555f3e3a3b21e5f9315989aafbf6d9c517

SHA512
5ee26852f0612eb48feb4b9ee7351ba1566bcc98a35dc9e43ac80bf07caa2c9e543d70fdbf0162a29345ca41237393f72bf574d412a7c8c53328ecb6f9341cc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf81d3e85bcb649c6973959c8d798408

SHA1
c2d3d0615c929566fc043347d13a9f7175fdeecb

SHA256
123e441363abba595330db8a829cd659654eaf0bc2cd6bd107fafadcc06c9071

SHA512
33f1194132db5f2952a8efb8ed388833ff373d78675cf48a2add64625465312ca54858b213f4f90a7f4295d6c6375fb3c7ecd0cf395df729691e35d72f431598

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24381e04fe0d3cc36d7f739681f1d81f

SHA1
9f5e4214ddef84bbaadb0ec5b000473d43eb6b28

SHA256
a9c86258c227417610942b12d897178bb19acd749c3580f0824f808e42f8028e

SHA512
d73ac6610151fc308cd4683aa061f5ebc680e5d5576d7de18ff30e4d80b42b889d9385383c628c663a6421ae9fad821a73f63ced64dabe4c66001f4d16258310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a4fe9e5576175839a8fd815293e98608

SHA1
cc2d966833ce1c464e184a61598e15b28390b804

SHA256
72f84be264a8e61442a7770996cb896a73286f862012a0ad97965235219906d7

SHA512
1e41e876df71e953e8d9481d43fdc692d51ded6082527396dc6d5c9ac10b09072a3fff7406a2ed5aa17ed0501bad989ef541572973e1cb2d7193de9692774de6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
f04eecacc9b0e139885a10e09ee26b2a

SHA1
d37cc48507ae17eba2dffe96948bcc52fd9a50ac

SHA256
7a2e5c7d96fc874ab0f9b5431751715090aeb1591ae40a13980eed31926ed3fc

SHA512
3c4b8e541ffeba88830e767f6a6009fa489a2619b9a5f9903ca78e4bdd85bdfff1580b7676c682d38bb8f5368f6a968e5c70ec215ab1ad30041cc3d1bb765326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPRIFH8L\winrar-x64-701.exe.eieft3h.partial

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\AppData\Local\Programs\ArenaWars\Uninstall ArenaWars.exe

Filesize
215KB

MD5
4eedeb4945b2f0159a8d2774613f2cc9

SHA1
bd93df9b0c4829303fd6d185bf5f95c4b3a29974

SHA256
16c7c0d1b2184befbf3f6ff8f267ee1b8ce86eda86009eebed53e7cffeda8a7e

SHA512
f786792aac904c8650c07a68e513b9e52ee5c3bb1cb913ce208f6c9491d9723bba9fb169b69e3eec3a015c264481d00fa4fd05756e5239f1b27676fc525c3913

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab33B0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar33C2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\LICENSES.chromium.html

Filesize
6.5MB

MD5
180f8acc70405077badc751453d13625

SHA1
35dc54acad60a98aeec47c7ade3e6a8c81f06883

SHA256
0bfa9a636e722107b6192ff35c365d963a54e1de8a09c8157680e8d0fbbfba1c

SHA512
40d3358b35eb0445127c70deb0cb87ec1313eca285307cda168605a4fd3d558b4be9eb24a59568eca9ee1f761e578c39b2def63ad48e40d31958db82f128e0ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\ffmpeg.dll

Filesize
2.7MB

MD5
d49e7a8f096ad4722bd0f6963e0efc08

SHA1
6835f12391023c0c7e3c8cc37b0496e3a93a5985

SHA256
f11576bf7ffbc3669d1a5364378f35a1ed0811b7831528b6c4c55b0cdc7dc014

SHA512
ca50c28d6aac75f749ed62eec8acbb53317f6bdcef8794759af3fad861446de5b7fa31622ce67a347949abb1098eccb32689b4f1c54458a125bc46574ad51575

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\icudtl.dat

Filesize
10.1MB

MD5
adfd2a259608207f256aeadb48635645

SHA1
300bb0ae3d6b6514fb144788643d260b602ac6a4

SHA256
7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050

SHA512
8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\libEGL.dll

Filesize
468KB

MD5
09134e6b407083baaedf9a8c0bce68f2

SHA1
8847344cceeab35c1cdf8637af9bd59671b4e97d

SHA256
d2107ba0f4e28e35b22837c3982e53784d15348795b399ad6292d0f727986577

SHA512
6ff3adcb8be48d0b505a3c44e6550d30a8feaf4aa108982a7992ed1820c06f49e0ad48d9bd92685fb82783dfd643629bd1fe4073300b61346b63320cbdb051ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\libGLESv2.dll

Filesize
7.2MB

MD5
a5f1921e6dcde9eaf42e2ccc82b3d353

SHA1
1f6f4df99ae475acec4a7d3910badb26c15919d1

SHA256
50c4dc73d69b6c0189eab56d27470ee15f99bbbc12bfd87ebe9963a7f9ba404e

SHA512
0c24ae7d75404adf8682868d0ebf05f02bbf603f7ddd177cf2af5726802d0a5afcf539dc5d68e10dab3fcfba58903871c9c81054560cf08799af1cc88f33c702

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\af.pak

Filesize
353KB

MD5
464e5eeaba5eff8bc93995ba2cb2d73f

SHA1
3b216e0c5246c874ad0ad7d3e1636384dad2255d

SHA256
0ad547bb1dc57907adeb02e1be3017cce78f6e60b8b39395fe0e8b62285797a1

SHA512
726d6c41a9dbf1f5f2eff5b503ab68d879b088b801832c13fba7eb853302b16118cacda4748a4144af0f396074449245a42b2fe240429b1afcb7197fa0cb6d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\am.pak

Filesize
569KB

MD5
2c933f084d960f8094e24bee73fa826c

SHA1
91dfddc2cff764275872149d454a8397a1a20ab1

SHA256
fa1e44215bd5acc7342c431a3b1fddb6e8b6b02220b4599167f7d77a29f54450

SHA512
3c9ecfb0407de2aa6585f4865ad54eeb2ec6519c9d346e2d33ed0e30be6cc3ebfed676a08637d42c2ca8fa6cfefb4091feb0c922ff71f09a2b89cdd488789774

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ar.pak

Filesize
624KB

MD5
fdbad4c84ac66ee78a5c8dd16d259c43

SHA1
3ce3cd751bb947b19d004bd6916b67e8db5017ac

SHA256
a62b848a002474a8ea37891e148cbaf4af09bdba7dafebdc0770c9a9651f7e3b

SHA512
376519c5c2e42d21acedb1ef47184691a2f286332451d5b8d6aac45713861f07c852fb93bd9470ff5ee017d6004aba097020580f1ba253a5295ac1851f281e13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\bg.pak

Filesize
652KB

MD5
38bcabb6a0072b3a5f8b86b693eb545d

SHA1
d36c8549fe0f69d05ffdaffa427d3ddf68dd6d89

SHA256
898621731ac3471a41f8b3a7bf52e7f776e8928652b37154bc7c1299f1fd92e1

SHA512
002adbdc17b6013becc4909daf2febb74ce88733c78e968938b792a52c9c5a62834617f606e4cb3774ae2dad9758d2b8678d7764bb6dcfe468881f1107db13ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\bn.pak

Filesize
838KB

MD5
9340520696e7cb3c2495a78893e50add

SHA1
eed5aeef46131e4c70cd578177c527b656d08586

SHA256
1ea245646a4b4386606f03c8a3916a3607e2adbbc88f000976be36db410a1e39

SHA512
62507685d5542cfcd394080917b3a92ca197112feea9c2ddc1dfc77382a174c7ddf758d85af66cd322692215cb0402865b2a2b212694a36da6b592028caafcdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ca.pak

Filesize
400KB

MD5
4cd6b3a91669ddcfcc9eef9b679ab65c

SHA1
43c41cb00067de68d24f72e0f5c77d3b50b71f83

SHA256
56efff228ee3e112357d6121b2256a2c3acd718769c89413de82c9d4305459c6

SHA512
699be9962d8aae241abd1d1f35cd8468ffbd6157bcd6bdf2c599d902768351b247baad6145b9826d87271fd4a19744eb11bf7065db7fefb01d66d2f1f39015a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\cs.pak

Filesize
409KB

MD5
eeee212072ea6589660c9eb216855318

SHA1
d50f9e6ca528725ced8ac186072174b99b48ea05

SHA256
de92f14480770401e39e22dcf3dd36de5ad3ed22e44584c31c37cd99e71c4a43

SHA512
ea068186a2e611fb98b9580f2c5ba6fd1f31b532e021ef9669e068150c27deee3d60fd9ff7567b9eb5d0f98926b24defabc9b64675b49e02a6f10e71bb714ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\da.pak

Filesize
371KB

MD5
e7ba94c827c2b04e925a76cb5bdd262c

SHA1
abba6c7fcec8b6c396a6374331993c8502c80f91

SHA256
d8da7ab28992c8299484bc116641e19b448c20adf6a8b187383e2dba5cd29a0b

SHA512
1f44fce789cf41fd62f4d387b7b8c9d80f1e391edd2c8c901714dd0a6e3af32266e9d3c915c15ad47c95ece4c7d627aa7339f33eea838d1af9901e48edb0187e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\de.pak

Filesize
397KB

MD5
cf22ec11a33be744a61f7de1a1e4514f

SHA1
73e84848c6d9f1a2abe62020eb8c6797e4c49b36

SHA256
7cc213e2c9a2d2e2e463083dd030b86da6bba545d5cee4c04df8f80f9a01a641

SHA512
c10c8446e3041d7c0195da184a53cfbd58288c06eaf8885546d2d188b59667c270d647fa7259f5ce140ec6400031a7fc060d0f2348ab627485e2207569154495

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\el.pak

Filesize
712KB

MD5
e66a75680f21ce281995f37099045714

SHA1
d553e80658ee1eea5b0912db1ecc4e27b0ed4790

SHA256
21d1d273124648a435674c7877a98110d997cf6992469c431fe502bbcc02641f

SHA512
d3757529dd85ef7989d9d4cecf3f7d87c9eb4beda965d8e2c87ee23b8baaec3fdff41fd53ba839215a37404b17b8fe2586b123557f09d201b13c7736c736b096

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\en-GB.pak

Filesize
324KB

MD5
825ed4c70c942939ffb94e77a4593903

SHA1
7a3faee9bf4c915b0f116cb90cec961dda770468

SHA256
e11e8db78ae12f8d735632ba9fd078ec66c83529cb1fd86a31ab401f6f833c16

SHA512
41325bec22af2e5ef8e9b26c48f2dfc95763a249ccb00e608b7096ec6236ab9a955de7e2340fd9379d09ac2234aee69aed2a24fe49382ffd48742d72a929c56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\en-US.pak

Filesize
326KB

MD5
19d18f8181a4201d542c7195b1e9ff81

SHA1
7debd3cf27bbe200c6a90b34adacb7394cb5929c

SHA256
1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb

SHA512
af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\es-419.pak

Filesize
395KB

MD5
7da3e8aa47ba35d014e1d2a32982a5bb

SHA1
8e35320b16305ad9f16cb0f4c881a89818cd75bb

SHA256
7f85673cf80d1e80acfc94fb7568a8c63de79a13a1bb6b9d825b7e9f338ef17c

SHA512
1fca90888eb067972bccf74dd5d09bb3fce2ceb153589495088d5056ed4bdede15d54318af013c2460f0e8b5b1a5c6484adf0ed84f4b0b3c93130b086da5c3bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\es.pak

Filesize
394KB

MD5
04a9ba7316dc81766098e238a667de87

SHA1
24d7eb4388ecdfecada59c6a791c754181d114de

SHA256
7fa148369c64bc59c2832d617357879b095357fe970bab9e0042175c9ba7cb03

SHA512
650856b6187df41a50f9bed29681c19b4502de6af8177b47bad0bf12e86a25e92aa728311310c28041a18e4d9f48ef66d5ad5d977b6662c44b49bfd1da84522b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\et.pak

Filesize
356KB

MD5
ccc71f88984a7788c8d01add2252d019

SHA1
6a87752eac3044792a93599428f31d25debea369

SHA256
d69489a723b304e305cb1767e6c8da5d5d1d237e50f6ddc76e941dcb01684944

SHA512
d35ccd639f2c199862e178a9fab768d7db10d5a654bc3bc1fab45d00ceb35a01119a5b4d199e2db3c3576f512b108f4a1df7faf6624d961c0fc4bca5af5f0e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\fa.pak

Filesize
577KB

MD5
2e37fd4e23a1707a1eccea3264508dff

SHA1
e00e58ed06584b19b18e9d28b1d52dbfc36d70f3

SHA256
b9ee861e1bdecffe6a197067905279ea77c180844a793f882c42f2b70541e25e

SHA512
7c467f434eb0ce8e4a851761ae9bd7a9e292aab48e8e653e996f8ca598d0eb5e07ec34e2b23e544f3b38439dc3b8e3f7a0dfd6a8e28169aa95ceff42bf534366

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\fi.pak

Filesize
365KB

MD5
21e534869b90411b4f9ea9120ffb71c8

SHA1
cc91ffbd19157189e44172392b2752c5f73984c5

SHA256
2d337924139ffe77804d2742eda8e58d4e548e65349f827840368e43d567810b

SHA512
3ca3c0adaf743f92277452b7bd82db4cf3f347de5568a20379d8c9364ff122713befd547fbd3096505ec293ae6771ada4cd3dadac93cc686129b9e5aacf363bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\fil.pak

Filesize
410KB

MD5
d7df2ea381f37d6c92e4f18290c6ffe0

SHA1
7cacf08455aa7d68259fcba647ee3d9ae4c7c5e4

SHA256
db4a63fa0d5b2baba71d4ba0923caed540099db6b1d024a0d48c3be10c9eed5a

SHA512
96fc028455f1cea067b3a3dd99d88a19a271144d73dff352a3e08b57338e513500925787f33495cd744fe4122dff2d2ee56e60932fc02e04feed2ec1e0c3533f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\fr.pak

Filesize
426KB

MD5
3ee48a860ecf45bafa63c9284dfd63e2

SHA1
1cb51d14964f4dced8dea883bf9c4b84a78f8eb6

SHA256
1923e0edf1ef6935a4a718e3e2fc9a0a541ea0b4f3b27553802308f9fd4fc807

SHA512
eb6105faca13c191fef0c51c651a406b1da66326bb5705615770135d834e58dee9bed82aa36f2dfb0fe020e695c192c224ec76bb5c21a1c716e5f26dfe02f763

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\gu.pak

Filesize
813KB

MD5
308619d65b677d99f48b74ccfe060567

SHA1
9f834df93fd48f4fb4ca30c4058e23288cf7d35e

SHA256
e40ee4f24839f9e20b48d057bf3216bc58542c2e27cb40b9d2f3f8a1ea5bfbb4

SHA512
3ca84ad71f00b9f7cc61f3906c51b263f18453fce11ec6c7f9edfe2c7d215e3550c336e892bd240a68a6815af599cc20d60203294f14adb133145ca01fe4608f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\he.pak

Filesize
507KB

MD5
fc84ea7dc7b9408d1eea11beeb72b296

SHA1
de9118194952c2d9f614f8e0868fb273ddfac255

SHA256
15951767dafa7bdbedac803d842686820de9c6df478416f34c476209b19d2d8c

SHA512
49d13976dddb6a58c6fdcd9588e243d705d99dc1325c1d9e411a1d68d8ee47314dfcb661d36e2c4963c249a1542f95715f658427810afcabdf9253aa27eb3b24

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\hi.pak

Filesize
848KB

MD5
b5dfce8e3ba0aec2721cc1692b0ad698

SHA1
c5d6fa21a9ba3d526f3e998e3f627afb8d1eecf3

SHA256
b1c7fb6909c8a416b513d6de21eea0b5a6b13c7f0a94cabd0d9154b5834a5e8b

SHA512
facf0a9b81af6bb35d0fc5e69809d5c986a2c91a166e507784bdad115644b96697fe504b8d70d9bbb06f0c558f746c085d37e385eef41f0a1c29729d3d97980f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\hr.pak

Filesize
397KB

MD5
255f808210dbf995446d10ff436e0946

SHA1
1785d3293595f0b13648fb28aec6936c48ea3111

SHA256
4df972b7f6d81aa7bdc39e2441310a37f746ae5015146b4e434a878d1244375b

SHA512
8b1a4d487b0782055717b718d58cd21e815b874e2686cdfd2087876b70ae75f9182f783c70bf747cf4ca17a3afc68517a9db4c99449fa09bef658b5e68087f2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\hu.pak

Filesize
427KB

MD5
2aa0a175df21583a68176742400c6508

SHA1
3c25ba31c2b698e0c88e7d01b2cc241f0916e79a

SHA256
b59f932df822ab1a87e8aab4bbb7c549db15899f259f4c50ae28f8d8c7ce1e72

SHA512
03a16feb0601407e96bcb43af9bdb21e5218c2700c9f3cfd5f9690d0b4528f9dc17e4cc690d8c9132d4e0b26d7faafd90aa3f5e57237e06fb81aab7ab77f6c03

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\id.pak

Filesize
350KB

MD5
b6fcd5160a3a1ae1f65b0540347a13f2

SHA1
4cf37346318efb67908bba7380dbad30229c4d3d

SHA256
7fd715914e3b0cf2048d4429f3236e0660d5bd5e61623c8fef9b8e474c2ac313

SHA512
a8b4a96e8f9a528b2df3bd1251b72ab14feccf491dd254a7c6ecba831dfaba328adb0fd0b4acddb89584f58f94b123e97caa420f9d7b34131cc51bdbdbf3ed73

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\it.pak

Filesize
388KB

MD5
745f16ca860ee751f70517c299c4ab0e

SHA1
54d933ad839c961dd63a47c92a5b935eef208119

SHA256
10e65f42ce01ba19ebf4b074e8b2456213234482eadf443dfad6105faf6cde4c

SHA512
238343d6c80b82ae900f5abf4347e542c9ea016d75fb787b93e41e3c9c471ab33f6b4584387e5ee76950424e25486dd74b9901e7f72876960c0916c8b9cee9a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ja.pak

Filesize
472KB

MD5
38cd3ef9b7dff9efbbe086fa39541333

SHA1
321ef69a298d2f9830c14140b0b3b0b50bd95cb0

SHA256
d8fab5714dafecb89b3e5fce4c4d75d2b72893e685e148e9b60f7c096e5b3337

SHA512
40785871032b222a758f29e0c6ec696fbe0f6f5f3274cc80085961621bec68d7e0fb47c764649c4dd0c27c6ee02460407775fae9d3a2a8a59362d25a39266ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\kn.pak

Filesize
938KB

MD5
caab4deb1c40507848f9610d849834cf

SHA1
1bc87ff70817ba1e1fdd1b5cb961213418680cbe

SHA256
7a34483e6272f9b8881f0f5a725b477540166561c75b9e7ab627815d4be1a8a4

SHA512
dc4b63e5a037479bb831b0771aec0fe6eb016723bcd920b41ab87ef11505626632877073ce4e5e0755510fe19ba134a7b5899332ecef854008b15639f915860c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ko.pak

Filesize
398KB

MD5
d6194fc52e962534b360558061de2a25

SHA1
98ed833f8c4beac685e55317c452249579610ff8

SHA256
1a5884bd6665b2f404b7328de013522ee7c41130e57a53038fc991ec38290d21

SHA512
5207a07426c6ceb78f0504613b6d2b8dadf9f31378e67a61091f16d72287adbc7768d1b7f2a923369197e732426d15a872c091cf88680686581d48a7f94988ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\lt.pak

Filesize
429KB

MD5
64b08ffc40a605fe74ecc24c3024ee3b

SHA1
516296e8a3114ddbf77601a11faf4326a47975ab

SHA256
8a5d6e29833374e0f74fd7070c1b20856cb6b42ed30d18a5f17e6c2e4a8d783e

SHA512
05d207413186ac2b87a59681efe4fdf9dc600d0f3e8327e7b9802a42306d80d0ddd9ee07d103b17caf0518e42ab25b7ca9da4713941abc7bced65961671164ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\lv.pak

Filesize
427KB

MD5
a8cbd741a764f40b16afea275f240e7e

SHA1
317d30bbad8fd0c30de383998ea5be4eec0bb246

SHA256
a1a9d84fd3af571a57be8b1a9189d40b836808998e00ec9bd15557b83d0e3086

SHA512
3da91c0ca20165445a2d283db7dc749fcf73e049bfff346b1d79b03391aefc7f1310d3ac2c42109044cfb50afcf178dcf3a34b4823626228e591f328dd7afe95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ml.pak

Filesize
974KB

MD5
1c81104ac2cbf7f7739af62eb77d20d5

SHA1
0f0d564f1860302f171356ea35b3a6306c051c10

SHA256
66005bc01175a4f6560d1e9768dbc72b46a4198f8e435250c8ebc232d2dac108

SHA512
969294eae8c95a1126803a35b8d3f1fc3c9d22350aa9cc76b2323b77ad7e84395d6d83b89deb64565783405d6f7eae40def7bdaf0d08da67845ae9c7dbb26926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\mr.pak

Filesize
797KB

MD5
2cf9f07ddf7a3a70a48e8b524a5aed43

SHA1
974c1a01f651092f78d2d20553c3462267ddf4e9

SHA256
23058c0f71d9e40f927775d980524d866f70322e0ef215aa5748c239707451e7

SHA512
0b21570deefa41defc3c25c57b3171635bcb5593761d48a8116888ce8be34c1499ff79c7a3ebbe13b5a565c90027d294c6835e92e6254d582a86750640fe90f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ms.pak

Filesize
365KB

MD5
aee105366a1870b9d10f0f897e9295db

SHA1
eee9d789a8eeafe593ce77a7c554f92a26a2296f

SHA256
c6471aee5f34f31477d57f593b09cb1de87f5fd0f9b5e63d8bab4986cf10d939

SHA512
240688a0054bfebe36ea2b056194ee07e87bbbeb7e385131c73a64aa7967984610fcb80638dd883837014f9bc920037069d0655e3e92a5922f76813aedb185fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\nb.pak

Filesize
358KB

MD5
55d5ad4eacb12824cfcd89470664c856

SHA1
f893c00d8d4fdb2f3e7a74a8be823e5e8f0cd673

SHA256
4f44789a2c38edc396a31aba5cc09d20fb84cd1e06f70c49f0664289c33cd261

SHA512
555d87be8c97f466c6b3e7b23ec0210335846398c33dba71e926ff7e26901a3908dbb0f639c93db2d090c9d8bda48eddf196b1a09794d0e396b2c02b4720f37e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\nl.pak

Filesize
370KB

MD5
0f04bac280035fab018f634bcb5f53ae

SHA1
4cad76eaecd924b12013e98c3a0e99b192be8936

SHA256
be254bcda4dbe167cb2e57402a4a0a814d591807c675302d2ce286013b40799b

SHA512
1256a6acac5a42621cb59eb3da42ddeeacfe290f6ae4a92d00ebd4450a8b7ccb6f0cd5c21cf0f18fe4d43d0d7aee87b6991fef154908792930295a3871fa53df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\pl.pak

Filesize
412KB

MD5
f1d48a7dcd4880a27e39b7561b6eb0ab

SHA1
353c3ba213cd2e1f7423c6ba857a8d8be40d8302

SHA256
2593c8b59849fbc690cbd513f06685ea3292cd0187fcf6b9069cbf3c9b0e8a85

SHA512
132da2d3c1a4dad5ccb399b107d7b6d9203a4b264ef8a65add11c5e8c75859115443e1c65ece2e690c046a82687829f54ec855f99d4843f859ab1dd7c71f35a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\pt-BR.pak

Filesize
389KB

MD5
8e931ffbded8933891fb27d2cca7f37d

SHA1
ab0a49b86079d3e0eb9b684ca36eb98d1d1fd473

SHA256
6632bd12f04a5385012b5cdebe8c0dad4a06750dc91c974264d8fe60e8b6951d

SHA512
cf0f6485a65c13cf5ddd6457d34cdea222708b0bb5ca57034ed2c4900fd22765385547af2e2391e78f02dcf00b7a2b3ac42a3509dd4237581cfb87b8f389e48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\pt-PT.pak

Filesize
390KB

MD5
b4954b064e3f6a9ba546dda5fa625927

SHA1
584686c6026518932991f7de611e2266d8523f9d

SHA256
ee1e014550b85e3d18fb5128984a713d9f6de2258001b50ddd18391e7307b4a1

SHA512
cb3b465b311f83b972eca1c66862b2c5d6ea6ac15282e0094aea455123ddf32e85df24a94a0aedbe1b925ff3ed005ba1e00d5ee820676d7a5a366153ade90ef7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ro.pak

Filesize
403KB

MD5
d2758f6adbaeea7cd5d95f4ad6dde954

SHA1
d7476db23d8b0e11bbabf6a59fde7609586bdc8a

SHA256
2b7906f33bfbe8e9968bcd65366e2e996cdf2f3e1a1fc56ad54baf261c66954c

SHA512
8378032d6febea8b5047ada667cb19e6a41f890cb36305acc2500662b4377caef3dc50987c925e05f21c12e32c3920188a58ee59d687266d70b8bfb1b0169a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ru.pak

Filesize
657KB

MD5
2885bde990ee3b30f2c54a4067421b68

SHA1
ae16c4d534b120fdd68d33c091a0ec89fd58793f

SHA256
9fcda0d1fab7fff7e2f27980de8d94ff31e14287f58bd5d35929de5dd9cbcdca

SHA512
f7781f5c07fbf128399b88245f35055964ff0cde1cc6b35563abc64f520971ce9916827097ca18855b46ec6397639f5416a6e8386a9390afba4332d47d21693f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\sk.pak

Filesize
416KB

MD5
b7e97cc98b104053e5f1d6a671c703b7

SHA1
0f7293f1744ae2cd858eb3431ee016641478ae7d

SHA256
b0d38869275d9d295e42b0b90d0177e0ca56a393874e4bb454439b8ce25d686f

SHA512
ef3247c6f0f4065a4b68db6bf7e28c8101a9c6c791b3f771ed67b5b70f2c9689cec67a1c864f423382c076e4cbb6019c1c0cb9ad0204454e28f749a69b6b0de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\sl.pak

Filesize
401KB

MD5
ca763e801de642e4d68510900ff6fabb

SHA1
c32a871831ce486514f621b3ab09387548ee1cff

SHA256
340e0babe5fddbfda601c747127251cf111dd7d79d0d6a5ec4e8443b835027de

SHA512
e2847ce75de57deb05528dd9557047edcd15d86bf40a911eb97e988a8fdbda1cd0e0a81320eadf510c91c826499a897c770c007de936927df7a1cc82fa262039

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\sr.pak

Filesize
616KB

MD5
c68c235d8e696c098cf66191e648196b

SHA1
5c967fbbd90403a755d6c4b2411e359884dc8317

SHA256
ab96a18177af90495e2e3c96292638a775aa75c1d210ca6a6c18fbc284cd815b

SHA512
34d14d8cb851df1ea8cd3cc7e9690eaf965d8941cfcac1c946606115ad889630156c5ff47011b27c1288f8df70e8a7dc41909a9fa98d75b691742ec1d1a5e653

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\sv.pak

Filesize
361KB

MD5
272f8a8b517c7283eab83ba6993eea63

SHA1
ad4175331b948bd4f1f323a4938863472d9b700c

SHA256
d15b46bc9b5e31449b11251df19cd2ba4920c759bd6d4fa8ca93fd3361fdd968

SHA512
3a0930b7f228a779f727ebfb6ae8820ab5cc2c9e04c986bce7b0f49f9bf124f349248ecdf108edf8870f96b06d58dea93a3e0e2f2da90537632f2109e1aa65f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\sw.pak

Filesize
379KB

MD5
67a443a5c2eaad32625edb5f8deb7852

SHA1
a6137841e8e7736c5ede1d0dc0ce3a44dc41013f

SHA256
41dfb772ae4c6f9e879bf7b4fa776b2877a2f8740fa747031b3d6f57f34d81dd

SHA512
e0fdff1c3c834d8af8634f43c2f16ba5b883a8d88dfd322593a13830047568faf9f41d0bf73cd59e2e33c38fa58998d4702d2b0c21666717a86945d18b3f29e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ta.pak

Filesize
964KB

MD5
18ec8ff3c0701a6a8c48f341d368bab5

SHA1
8bff8aee26b990cf739a29f83efdf883817e59d8

SHA256
052bcdb64a80e504bb6552b97881526795b64e0ab7ee5fc031f3edf87160dee9

SHA512
a0e997fc9d316277de3f4773388835c287ab1a35770c01e376fb7428ff87683a425f6a6a605d38dd7904ca39c50998cd85f855cb33ae6abad47ac85a1584fe4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\te.pak

Filesize
894KB

MD5
a17f16d7a038b0fa3a87d7b1b8095766

SHA1
b2f845e52b32c513e6565248f91901ab6874e117

SHA256
d39716633228a5872630522306f89af8585f8092779892087c3f1230d21a489e

SHA512
371fb44b20b8aba00c4d6f17701fa4303181ad628f60c7b4218e33be7026f118f619d66d679bffcb0213c48700fafd36b2e704499a362f715f63ea9a75d719e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\th.pak

Filesize
753KB

MD5
a32ba63feeed9b91f6d6800b51e5aeae

SHA1
2fbf6783996e8315a4fb94b7d859564350ee5918

SHA256
e32e37ca0ab30f1816fe6df37e3168e1022f1d3737c94f5472ab6600d97a45f6

SHA512
adebde0f929820d8368096a9c30961ba7b33815b0f124ca56ca05767ba6d081adf964088cb2b9fcaa07f756b946fffa701f0b64b07d457c99fd2b498cbd1e8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\tr.pak

Filesize
385KB

MD5
5ff2e5c95067a339e3d6b8985156ec1f

SHA1
7525b25c7b07f54b63b6459a0d8c8c720bd8a398

SHA256
14a131ba318274cf10de533a19776db288f08a294cf7e564b7769fd41c7f2582

SHA512
2414386df8d7ab75dcbd6ca2b9ae62ba8e953ddb8cd8661a9f984eb5e573637740c7a79050b2b303af3d5b1d4d1bb21dc658283638718fdd04fc6e5891949d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\uk.pak

Filesize
657KB

MD5
361a0e1f665b9082a457d36209b92a25

SHA1
3c89e1b70b51820bb6baa64365c64da6a9898e2f

SHA256
bd02966f6c6258b66eae7ff014710925e53fe26e8254d7db4e9147266025cc3a

SHA512
d4d25fc58053f8cce4c073846706dc1ecbc0dc19308ba35501e19676f3e7ed855d7b57ae22a5637f81cefc1aa032bf8770d0737df1924f3504813349387c08cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\ur.pak

Filesize
571KB

MD5
1ca4fa13bd0089d65da7cd2376feb4c6

SHA1
b1ba777e635d78d1e98e43e82d0f7a3dd7e97f9c

SHA256
3941364d0278e2c4d686faa4a135d16a457b4bc98c5a08e62aa12f3adc09aa7f

SHA512
d0d9eb1aa029bd4c34953ee5f4b60c09cf1d4f0b21c061db4ede1b5ec65d7a07fc2f780ade5ce51f2f781d272ac32257b95eedf471f7295ba70b5ba51db6c51d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\vi.pak

Filesize
455KB

MD5
db0eb3183007de5aae10f934fffacc59

SHA1
e9ea7aeffe2b3f5cf75ab78630da342c6f8b7fd9

SHA256
ddabb225b671b989789e9c2ccd1b5a8f22141a7d9364d4e6ee9b8648305e7897

SHA512
703efd12fcace8172c873006161712de1919572c58d98b11de7834c5628444229f5143d231c41da5b9cf729e32de58dee3603cb3d18c6cdd94aa9aa36fbf5de0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\zh-CN.pak

Filesize
332KB

MD5
82326e465e3015c64ca1db77dc6a56bc

SHA1
e8abe12a8dd2cc741b9637fa8f0e646043bbfe3d

SHA256
6655fd9dcdfaf2abf814ffb6c524d67495aed4d923a69924c65abeab30bc74fb

SHA512
4989789c0b2439666dda4c4f959dffc0ddcb77595b1f817c13a95ed97619c270151597160320b3f2327a7daffc8b521b68878f9e5e5fb3870eb0c43619060407

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\locales\zh-TW.pak

Filesize
330KB

MD5
2456bf42275f15e016689da166df9008

SHA1
70f7de47e585dfea3f5597b5bba1f436510decd7

SHA256
adf8df051b55507e5a79fa47ae88c7f38707d02dfac0cc4a3a7e8e17b58c6479

SHA512
7e622afa15c70785aaf7c19604d281efe0984f621d6599058c97c19d3c0379b2ee2e03b3a7ec597040a4eee250a782d7ec55c335274dd7db7c7ca97ddcfd378a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\resources.pak

Filesize
5.2MB

MD5
7971a016aed2fb453c87eb1b8e3f5eb2

SHA1
92b91e352be8209fadcf081134334dea147e23b8

SHA256
9cfd5d29cde3de2f042e5e1da629743a7c95c1211e1b0b001e4eebc0f0741e06

SHA512
42082ac0c033655f2edae876425a320d96cdaee6423b85449032c63fc0f7d30914aa3531e65428451c07912265b85f5fee2ed0bbdb362994d3a1fa7b14186013

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\resources\app.asar

Filesize
32.3MB

MD5
f305f764fa48679933c8e42d89978538

SHA1
8a7290759b39686d7afee5ea0b31ec7269a1e6b2

SHA256
36afca2ba7c3e0214796d75d9ce0a23574357f664abe4554e8af078b435b3a93

SHA512
7a847a49e1a1c0aeea5795585bee7537d6cf039e54516cd06c876b5e450823d7446c74f25d24c549071a058e0d2af1c84445634b7589434cd216bd18a523020a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\snapshot_blob.bin

Filesize
158KB

MD5
8fef5a96dbcc46887c3ff392cbdb1b48

SHA1
ed592d75222b7828b7b7aab97b83516f60772351

SHA256
4de0f720c416776423add7ada621da95d0d188d574f08e36e822ad10d85c3ece

SHA512
e52c7820c69863ecc1e3b552b7f20da2ad5492b52cac97502152ebff45e7a45b00e6925679fd7477cdc79c68b081d6572eeed7aed773416d42c9200accc7230e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\v8_context_snapshot.bin

Filesize
465KB

MD5
a373d83d4c43ba957693ad57172a251b

SHA1
8e0fdb714df2f4cb058beb46c06aa78f77e5ff86

SHA256
43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c

SHA512
07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\vk_swiftshader.dll

Filesize
5.0MB

MD5
a0845e0774702da9550222ab1b4fded7

SHA1
65d5bd6c64090f0774fd0a4c9b215a868b48e19b

SHA256
6150a413ebe00f92f38737bdccf493d19921ef6329fcd48e53de9dbde4780810

SHA512
4be0cb1e3c942a1695bae7b45d21c5f70e407132ecc65efb5b085a50cdab3c33c26e90bd7c86198ec40fb2b18d026474b6c649776a3ca2ca5bff6f922de2319b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\7z-out\vulkan-1.dll

Filesize
899KB

MD5
0e4e0f481b261ea59f196e5076025f77

SHA1
c73c1f33b5b42e9d67d819226db69e60d2262d7b

SHA256
f681844896c084d2140ac210a974d8db099138fe75edb4df80e233d4b287196a

SHA512
e6127d778ec73acbeb182d42e5cf36c8da76448fbdab49971de88ec4eb13ce63140a2a83fc3a1b116e41f87508ff546c0d7c042b8f4cdd9e07963801f3156ba2

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
149B

MD5
f572fc4c1319d62990c3ebbd458a322b

SHA1
1e62d1d81096d7003e8fe2b9dd3110389b2b542e

SHA256
eb3168d62618baedd3aded7546dd6e9e01d831495865cba6dc67bf3fd42113d3

SHA512
7c2ca11b62fefde8fb5f169cd831811b3c9af23e5736c40b096fd89fdfcae747c13292204f8d7e2f011e76e824275caf21a4ff793d6109e48ae918d4e3425f87

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
\Program Files\WinRAR\RarExt.dll

Filesize
636KB

MD5
1e86c3bfcc0688bdbe629ed007b184b0

SHA1
793fada637d0d462e3511af3ffaec26c33248fac

SHA256
7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef

SHA512
4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
477KB

MD5
4783f1a5f0bba7a6a40cb74bc8c41217

SHA1
a22b9dc8074296841a5a78ea41f0e2270f7b7ad7

SHA256
f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c

SHA512
463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e

Download Submit
\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nsgED4D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2224-1379-0x000007FEF51C0000-0x000007FEF51D8000-memory.dmp

Filesize
96KB

Download
memory/2224-1327-0x000007FEF6F50000-0x000007FEF6F68000-memory.dmp

Filesize
96KB

Download
memory/2224-1324-0x000000013F4D0000-0x000000013F5C8000-memory.dmp

Filesize
992KB

Download
memory/2224-1328-0x000007FEF6E00000-0x000007FEF6E17000-memory.dmp

Filesize
92KB

Download
memory/2224-1326-0x000007FEF69D0000-0x000007FEF6C86000-memory.dmp

Filesize
2.7MB

Download
memory/2224-1329-0x000007FEF6DE0000-0x000007FEF6DF1000-memory.dmp

Filesize
68KB

Download
memory/2224-1330-0x000007FEF6DC0000-0x000007FEF6DD7000-memory.dmp

Filesize
92KB

Download
memory/2224-1331-0x000007FEF69B0000-0x000007FEF69C1000-memory.dmp

Filesize
68KB

Download
memory/2224-1332-0x000007FEF6990000-0x000007FEF69AD000-memory.dmp

Filesize
116KB

Download
memory/2224-1334-0x000007FEF65F0000-0x000007FEF6601000-memory.dmp

Filesize
68KB

Download
memory/2224-1333-0x000007FEF6610000-0x000007FEF681B000-memory.dmp

Filesize
2.0MB

Download
memory/2224-1335-0x000007FEF65A0000-0x000007FEF65E1000-memory.dmp

Filesize
260KB

Download
memory/2224-1336-0x000007FEF6570000-0x000007FEF6591000-memory.dmp

Filesize
132KB

Download
memory/2224-1337-0x000007FEF6550000-0x000007FEF6568000-memory.dmp

Filesize
96KB

Download
memory/2224-1338-0x000007FEF6530000-0x000007FEF6541000-memory.dmp

Filesize
68KB

Download
memory/2224-1339-0x000007FEF6510000-0x000007FEF6521000-memory.dmp

Filesize
68KB

Download
memory/2224-1340-0x000007FEF64F0000-0x000007FEF6501000-memory.dmp

Filesize
68KB

Download
memory/2224-1341-0x000007FEF64D0000-0x000007FEF64EB000-memory.dmp

Filesize
108KB

Download
memory/2224-1342-0x000007FEF64B0000-0x000007FEF64C1000-memory.dmp

Filesize
68KB

Download
memory/2224-1343-0x000007FEF6490000-0x000007FEF64A8000-memory.dmp

Filesize
96KB

Download
memory/2224-1362-0x000007FEF6460000-0x000007FEF6490000-memory.dmp

Filesize
192KB

Download
memory/2224-1363-0x000007FEF63F0000-0x000007FEF6457000-memory.dmp

Filesize
412KB

Download
memory/2224-1374-0x000007FEF52C0000-0x000007FEF533C000-memory.dmp

Filesize
496KB

Download
memory/2224-1375-0x000007FEF52A0000-0x000007FEF52B1000-memory.dmp

Filesize
68KB

Download
memory/2224-1376-0x000007FEF5240000-0x000007FEF5297000-memory.dmp

Filesize
348KB

Download
memory/2224-1377-0x000007FEF5210000-0x000007FEF5238000-memory.dmp

Filesize
160KB

Download
memory/2224-1378-0x000007FEF51E0000-0x000007FEF5204000-memory.dmp

Filesize
144KB

Download
memory/2224-1418-0x000007FEF4030000-0x000007FEF4072000-memory.dmp

Filesize
264KB

Download
memory/2224-1380-0x000007FEF5190000-0x000007FEF51B3000-memory.dmp

Filesize
140KB

Download
memory/2224-1381-0x000007FEF5170000-0x000007FEF5181000-memory.dmp

Filesize
68KB

Download
memory/2224-1364-0x000007FEF5340000-0x000007FEF63F0000-memory.dmp

Filesize
16.7MB

Download
memory/2224-1392-0x000007FEF5150000-0x000007FEF5162000-memory.dmp

Filesize
72KB

Download
memory/2224-1393-0x000007FEF4150000-0x000007FEF42D0000-memory.dmp

Filesize
1.5MB

Download
memory/2224-1404-0x000007FEF6F10000-0x000007FEF6F27000-memory.dmp

Filesize
92KB

Download
memory/2224-1405-0x000007FEF7390000-0x000007FEF73A0000-memory.dmp

Filesize
64KB

Download
memory/2224-1406-0x000007FEF6EE0000-0x000007FEF6F0F000-memory.dmp

Filesize
188KB

Download
memory/2224-1407-0x000007FEF6EC0000-0x000007FEF6ED1000-memory.dmp

Filesize
68KB

Download
memory/2224-1408-0x000007FEF6EA0000-0x000007FEF6EB6000-memory.dmp

Filesize
88KB

Download
memory/2224-1409-0x000007FEF4080000-0x000007FEF4145000-memory.dmp

Filesize
788KB

Download
memory/2224-1420-0x000007FEF3F50000-0x000007FEF3FBD000-memory.dmp

Filesize
436KB

Download
memory/2224-1419-0x000007FEF3FC0000-0x000007FEF4022000-memory.dmp

Filesize
392KB

Download
memory/2224-1325-0x000007FEF6E20000-0x000007FEF6E54000-memory.dmp

Filesize
208KB

Download