Overview

overview

10

Static

static

10

ab9d330d59...18.exe

windows7-x64

10

ab9d330d59...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    28-11-2024 08:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab9d330d59c793f57b9bc43926338d55_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    ab9d330d59c793f57b9bc43926338d55

  • SHA1

    57e4d5ed3c7efa25a0e51815fb889f4216cd4f83

  • SHA256

    dc51e624a940993ca435cc5f136452d515f5b10261ba888e95cc4c9fc9ea09dc

  • SHA512

    162dde24e4ee17a5362ccfd6f078701d407e0206478e71464a752dcae43c7cb3a45a442f6d029df01214a417b78e2e870e80deac89ea2ac275124aee9ea4cabb

  • SSDEEP

    49152:Jw7kqoBfCErdhGdCsorrhBPKiMK+AzqptKJ96Z+boUlExv5JHzV+VYqngt3zvwHP:JpdB6ErdQYXhBBXSQ93hlExvLzYVYqnb

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 11 IoCs
  • Loads dropped DLL 30 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Runs .reg file with regedit 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab9d330d59c793f57b9bc43926338d55_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ab9d330d59c793f57b9bc43926338d55_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Users\Admin\AppData\Local\Temp\WINRAR_4.10_X86_ITA.EXE
      "C:\Users\Admin\AppData\Local\Temp\WINRAR_4.10_X86_ITA.EXE"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\WRar410it.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\WRar410it.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Program Files (x86)\WinRAR\uninstall.exe
          "C:\Program Files (x86)\WinRAR\uninstall.exe" /setup
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          PID:944
      • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Patch32.exe
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Patch32.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2716
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\ECEE.tmp\Patch32.bat" "
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1592
          • C:\Users\Admin\AppData\Local\Temp\ECEE.tmp\Registra32.exe
            Registra32.exe
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2972
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S Menu_Tendina.reg
            5⤵
            • System Location Discovery: System Language Discovery
            • Runs .reg file with regedit
            PID:2748
    • C:\Windupdt\winupdate.exe
      "C:\Windupdt\winupdate.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2872
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2796
        • C:\Users\Admin\AppData\Local\Temp\WINRAR_4.10_X86_ITA.EXE
          "C:\Users\Admin\AppData\Local\Temp\WINRAR_4.10_X86_ITA.EXE"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2804
          • C:\Users\Admin\AppData\Local\Temp\RarSFX1\WRar410it.exe
            "C:\Users\Admin\AppData\Local\Temp\RarSFX1\WRar410it.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3040
            • C:\Program Files (x86)\WinRAR\uninstall.exe
              "C:\Program Files (x86)\WinRAR\uninstall.exe" /setup
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: GetForegroundWindowSpam
              PID:1896
          • C:\Users\Admin\AppData\Local\Temp\RarSFX1\Patch32.exe
            "C:\Users\Admin\AppData\Local\Temp\RarSFX1\Patch32.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2676
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c ""C:\Users\Admin\AppData\Local\Temp\ED2C.tmp\Patch32.bat" "
              6⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2984
              • C:\Users\Admin\AppData\Local\Temp\ED2C.tmp\Registra32.exe
                Registra32.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                PID:2240
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S Menu_Tendina.reg
                7⤵
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:2480

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\WinRAR\Default.SFX
    Filesize

    98KB

    MD5

    3cef8d8c3cf65c053b8fb179eeba4a15

    SHA1

    1acc1eb7dd53d7f2eb3eaa590e412c78c2b2be45

    SHA256

    666e8e6fdf3bdc15d626025e2a5c0b47292b4ec8bfb484c4ac7107d7807727ad

    SHA512

    b5b9b29bdfb34ee1a94c604d67814886e21d52f37d85bec09bdabcc403b7a6cc5179d19ae32decaf594c903e466fbc8ecd286a3b41ff28de8ce095d4b782b7f2

    Download Submit

  • C:\Program Files (x86)\WinRAR\Descript.ion
    Filesize

    2KB

    MD5

    5ba5c60b415d63842f644061075c3c1e

    SHA1

    4d8e3699027557378a78e26cf3011a30a21308c0

    SHA256

    7ddf970e0f465acd6da3a5f477dbf9bbced6666b1bb02bb778272df6c7209521

    SHA512

    0a483f694b65b562ecac224cdbff3f57bc1cff14bfb4b7382ee7f65f5d44f4f3e4cb7179dedc7f7b79f6a63b4e8d71ae1941e08b6113556c939be5758a1e8cb4

    Download Submit

  • C:\Program Files (x86)\WinRAR\File_Id.Diz
    Filesize

    1KB

    MD5

    d8f3ba6ddde58a61d6eb7bb2dea4177b

    SHA1

    f899af978aa98c66bdd32b02bba4d450f38a6910

    SHA256

    bab29f3aee0fb3172a1b8d3ba9bcd484e22ac0baec38f8b3144f2ff1771b7f60

    SHA512

    1280b8788da2b9a69348358a37aeac15a2458dc244a8382b0e5dcac0179a3587bf9dde359de40949de69810e5a37a730e934bfe52c39037f8ccf1d6146d9b3a2

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\7z.fmt
    Filesize

    79KB

    MD5

    a7620d695e2a2cf855ee5c8674d11e8c

    SHA1

    0ab8b36a942ae5773c78b12e085c30495acac5d3

    SHA256

    4c8d498d2db42ddcdd6f44b8897b7783b69245706efb56dd5058ac04a044656c

    SHA512

    bd52b9a15bbba66280fd224fe42daeacfa920cc980c5e2d9990feaa7c4128ba9a73f9e692622806e9092e5585ebd26098668e0cddc4db6c9d703dbf0a86dd6d7

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\7zxa.dll
    Filesize

    171KB

    MD5

    1cf011c4c0aeb50a46ce6d04ec47adf2

    SHA1

    80edc3f772084a8cbec182f1c588cd9f6f9c7df4

    SHA256

    d86b46836fd0a1d7488d1f8a01dbd831c5301c2a7b733aef584de7891cf2771a

    SHA512

    095f340db7c279832711ac4ed3bd932fe809f3d30d72ee6dc1357ffe4d77c6a68825967eaef4a33763bd1bfc1b476314dac44bb0552fac152ba6acd73d0660b8

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\Descript.ion
    Filesize

    1KB

    MD5

    0ec670fd70f5e89c3d2727df9f2a5398

    SHA1

    d19c88c8e11361d4f29719518b8543e0ecf5ff09

    SHA256

    8267479623714339b61159b2f8235b15a38ccc1199eff859e5dc13359f8711c3

    SHA512

    a429234afdc29df1276238d3e329299a6fb5b1ef6044429c1acd8abb95c0b76a14836b47805c5d464cfc95978f5e3b10eceae6c26a2964e2c352fafe1d7dd6f8

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\UNACEV2.DLL
    Filesize

    75KB

    MD5

    de02c4d04088b69e64ecc30a3d9e22e5

    SHA1

    a5f66d420b6a6ebb04242fb85ca462a99dbf89b6

    SHA256

    c9d28800e740a1569aec8fe27df10ef186d883f94cec15a5c228826b45a24f9d

    SHA512

    32b22966ecec433636f927dc7b27cf782271b36169a9fdd50aa99a4d8cf14496ac3948a3747b7b7680d2d472f6af714e640b05c29194e8f2db92b21619b09c11

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\ace.fmt
    Filesize

    75KB

    MD5

    2d59dad4383e7c0b6e460a1b0b54716d

    SHA1

    0e424aa9f1e7a21dbbab0503ba1514621163b5c5

    SHA256

    3b09ff0328f74801ce8c078558e62e27c83eec6cd72b55a3c190dd8a1aabf74d

    SHA512

    6ccaa414b3901c4e24406fdb3941e693622444b0e40a11b4b8659e450d184823cafbcbae9d3d1e5e93539ee006153bcfca4bdcffdc4a8ea6ab00d0394b359a3d

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\arj.fmt
    Filesize

    74KB

    MD5

    d862e9499bfa773aac1b9f73f68981b2

    SHA1

    e423a6da315bee302701229d2eb540358b5c15d9

    SHA256

    dcb14822383d0a5eae5406a22eb8929e679ac8c563709508092564ba0d6a4ebe

    SHA512

    f42d9cf2a7af00821ca69c0c447abca0a071017479c5637d73fe54c00c8e2290a868f4d1f7bee28c49fbb760c7a7c8da66cdf8fa5ccce3bb53b44d4fe8a3b2d2

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\bz2.fmt
    Filesize

    83KB

    MD5

    ca173df197b7c9393d5bb54f5e8e5b0f

    SHA1

    6775a140e1b15e4f7e98100548b1612b7c1db4ec

    SHA256

    3a238ef7413677e2ebcaa82741b17c40ba548f4ad0fe6b4a242d59d6636831d4

    SHA512

    b391c7fec5b8850c4b930576cd75c82742902700faa13be806864946816be064fd115e8a6b39dce7b36cabb9895108b6f2dc538c509a6e334eea4f11669e4bd0

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\cab.fmt
    Filesize

    64KB

    MD5

    47cf42e8b2883ff1dbc98a35896c0855

    SHA1

    10d4fc01885748b0eed7c3635418edb7a5f795a2

    SHA256

    d7eb7de0a0436699bb1bfdea0a75d2a8c9357f7312affa86b07de0686558a6aa

    SHA512

    a89b9b8885aa2e988ee0d6d070bad3e0a2bf2b4d4ef8e9e54dc0a6c2e28687b213b329aca59f61994da7f7f63afb7d933dbafc8c43482696edcb1deaed472d73

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\gz.fmt
    Filesize

    74KB

    MD5

    65d3a70d1383068818dcd1dce21e96d5

    SHA1

    89c7f9171bea3b3b448053443b27578194554ae0

    SHA256

    cfab801c997262c6975048488dfe5f3687d066cfb71aa98247f2f8033ffe4017

    SHA512

    35a0ef864ff6bd1a09d2a6b144fde4157f03a4d509d794c6855b15dc8e64c74c9989ee846d7929f7b017006a1138bc2efb378b3dd7c0fa02de94de450792f9ca

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\iso.fmt
    Filesize

    87KB

    MD5

    00c14f359fe23a2518d74e02de90c4b7

    SHA1

    1b0c3274b84960ed5d66ddd19bbdeb064501a9d5

    SHA256

    67c7655b66b5ec293510560298bbc965456e69d85b0cda112715ea0195c10980

    SHA512

    96d12ee86e6fbc2ed4f7eae69664ffa256b6dbeae20d9c0b20634b2ff50ab16705a9b10267416edcb0999380b2e600944143e62fd9d0f94cc63f40844a729c29

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\lzh.fmt
    Filesize

    86KB

    MD5

    cd292cbe6309922a2695da4ba3b99a33

    SHA1

    7c10a8e163ab4622896e7e7172c54e7d0751d903

    SHA256

    66172c26f218e8e62d730ed1bf1937cf1f1ca884fb83752217121d6be23f8fa5

    SHA512

    d7783dd686e9c4f365cab7fb34f5ac2f8f7ff40fbe7073e3cc9c18ed1fd1fa79fc64b540311d08976014187032f8f2ce1c10752564966c61b7a7ad1a00386623

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\tar.fmt
    Filesize

    64KB

    MD5

    25a743a6831f8e8d9542f48ce8ad9968

    SHA1

    c654a5c199fcf7f08e33fa1128e6b5af1ceb4f45

    SHA256

    b532e027c76eb945ea2c7117e598f73323ebaa8da776fefd5b727db9ec722f8b

    SHA512

    9dba7c23d7ffd34ca459d03f9d5376a670a214ab7539a3b8dece42a56a0a206e63a7f692a93a5e717f45831e68e2b79d3583c3c476ea185c76fe926cfe0d91f7

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\uue.fmt
    Filesize

    66KB

    MD5

    061f7873e5937f2fdec2482298847a82

    SHA1

    4ad32206633ce9353b281164df8da054e507a067

    SHA256

    2b8e160ba80b0475f86287cbdd80cbea3c07b1b1a370ce588393c1b3ce463665

    SHA512

    e94d52e50a3ddf8b53a58b2f025fcc9498b83149ba3a389dae6a7d1f4b0ed3cd5f080e49915a3e1554756ba058ca99a252d1c7360dbb47c5214d1422585078c4

    Download Submit

  • C:\Program Files (x86)\WinRAR\Formats\z.fmt
    Filesize

    68KB

    MD5

    366a8abeb9720370be63868859ab884f

    SHA1

    26543fe43ce4a9078c389f827bf75dfbf90e0c14

    SHA256

    bfa3b5d73a1fefad67a180fc7be152c92ca1f2d37c5250ff6f74d17f0fb51e1b

    SHA512

    23b49a98cdf16617c7d1f53a3b682bbd59251d27fecc3c7eae4f0d4511df516a8d710cef0b48566a6dcbfb55ccc2772d5ecbd66518147980d11bd768f5ca82f9

    Download Submit

  • C:\Program Files (x86)\WinRAR\Leggimi.Txt
    Filesize

    1KB

    MD5

    0a80916b4452c072ff2dc6c6ae603867

    SHA1

    07af8bd2cd26ede8065c3087107afd566ac74ee4

    SHA256

    779c74b45aff6c21c52bfc5873edca8d6e09ea55626b03de6f530ad2db4a9201

    SHA512

    aa0880a17653a450cd6b02d833e7792c3ccf26bf1c3695f0c2ce77018ab93c048c2dcae80f500fa5dfdf215b2ee035e3274363a8437024caa5031c1d74a9fbce

    Download Submit

  • C:\Program Files (x86)\WinRAR\Leggimi_1a.Txt
    Filesize

    3KB

    MD5

    18446ba7b1c3243e92cffd5be52f605c

    SHA1

    ed00fed86050bb0647b32b2a507a24b04ceccae4

    SHA256

    8bf4f911e5c9732bfc534b1ddfe999ec6f82365e1e99ef10817eb7899f3e93f7

    SHA512

    ae43580b2305339147338ac6a1c05c71d772978fba0dc5625e6f301fced3d063fe7381f796720ded3b98fd8c151ac644e0d43929ae3504ff21df9feaa656ba8e

    Download Submit

  • C:\Program Files (x86)\WinRAR\Licenza.Txt
    Filesize

    8KB

    MD5

    9d468d82efeaecc10081185b4b8e636a

    SHA1

    d9f6e37c2310e47fd4c96fddfc31b072c89b069e

    SHA256

    8f8067d09bb3fb89fcb802c3b44d4720994aeb89bdea37a6180ef7e33918164f

    SHA512

    a6702547993f3c89b154e864dd7ef5e2bfc51e4e158ec6c5f12b3bf569285f4d530034ac7acaa2c5b0637537e58591a8b4337e09abe29d6420a7cd015ca8d6dd

    Download Submit

  • C:\Program Files (x86)\WinRAR\NoteTecniche.Txt
    Filesize

    11KB

    MD5

    48112a1f47d591cb1f873109fc19de6e

    SHA1

    117850a16bcca46320bcc695b3f845232488fa4a

    SHA256

    f671cc0007b4fa21386b80531683b103eb3323e444f757460579d57a4619aed4

    SHA512

    e6fb13ea8e8d200021020e94c4a8f106987914a8e53d948a36cdcdcec89d41f7d997b0e99569ef2c301439c3690294417e388e61c4434a5927fa4cc9461cc269

    Download Submit

  • C:\Program Files (x86)\WinRAR\Novità.Txt
    Filesize

    36KB

    MD5

    887c299b6d3ab0dd487681dddf569936

    SHA1

    a4b003262612fc468c4968bd14c43a9a522029d0

    SHA256

    d499958dad13849e33fd6aacc0edf77a4ea9f543a94124ffc4b50abe035d4a43

    SHA512

    887252d49881be2f19dedab41abb36c2f5994f14e401f45753122c2cb1c16a843f05fbca209d4cd2dc28cd8774e289d1fb410b7665477ce0e5a513aaa480893e

    Download Submit

  • C:\Program Files (x86)\WinRAR\Ordin.htm
    Filesize

    5KB

    MD5

    e7d6681349a333aadf4566666614cb8d

    SHA1

    764b10b2d27951d205e904c47f538cd895549834

    SHA256

    b293daf8dfc0508f646adcd1e3bbe586b5d3dd5f061aee5ada5152fc720ecf62

    SHA512

    853b70b10266c2bbe6a3d430149778d4a63f07f6ae62ed217252d3698a12229203de61be83797e1adc82d6aca2ceda21b728e70f1cd6baa43f3ece2144586d3c

    Download Submit

  • C:\Program Files (x86)\WinRAR\Ordina.htm
    Filesize

    5KB

    MD5

    9f1da79757384c5a9ff2061b467e1448

    SHA1

    ff44e430fcdef7144335dd4b5d4a5b95387f9679

    SHA256

    d3f0712fe8d19000a300c91679bffdfc37ac95dd7158ef3ff172a13b5a3d0a6e

    SHA512

    c8dfff7838cac6a383b9b9f7fb48885373f037bd09eec1a09cb948e0dce2ecdcd16f559c5d0a868dd2dff9f4b8dc9fc49353384dd596e1a51dbb802af261fe6a

    Download Submit

  • C:\Program Files (x86)\WinRAR\Rar.Txt
    Filesize

    117KB

    MD5

    365d36774b481a7e5c204024d5316689

    SHA1

    5a67f8b4b91df59a03c2a79d94eaaeee44b43db8

    SHA256

    563554283abf8d0c0b9caffec8e69c2297807fc5e632f284740687c92e99614c

    SHA512

    759d6ec4a4d856730a510ba849affb068ab1372fca915ab627abba0c873385c91bd520d1c2781720c1eb0292a375acaf4914e1ff70eebedbc75bb585ff3623a2

    Download Submit

  • C:\Program Files (x86)\WinRAR\Rar.exe
    Filesize

    402KB

    MD5

    8320a2c6042af354533c8dc55e6044b7

    SHA1

    0acfd6f768cb777fa03501ad0691a39cdd467519

    SHA256

    1051e924c74c72a6fc79b6b72c96ca556a437b356f00570533b8407701ffa12a

    SHA512

    84d8fc0a9d7fc032a29288aa5a1e2eb3f91d57ccdb641bc8d5101aa8ffc48e6597c41cd64319b7655acde7a9ada60b6745069a0faa36a925e7e52564c6cbc73a

    Download Submit

  • C:\Program Files (x86)\WinRAR\RarExt.dll
    Filesize

    174KB

    MD5

    d68f6f55627aa513042b34b4f276a982

    SHA1

    bc8659d16e6e376c1ab1406d8f4997af065d74da

    SHA256

    780f9f14d13ea8e35f8b099e37db6b33a2c89032519c5cd34d3d7a813c143d38

    SHA512

    18620dbb5a47ac6d845515c1368db53e9f6717f11b79ee9413e952dfc10c794d76b63e993494f7044e91155a8e622911ceb3f8ce90220ae3736d0da01ddea032

    Download Submit

  • C:\Program Files (x86)\WinRAR\RarExt64.dll
    Filesize

    189KB

    MD5

    a1eae71fbb4a7fa7848ad9e981b936c9

    SHA1

    7f5b7f0c40bdbd9fb9639164fa11ee1c7f029309

    SHA256

    ff47545a2d765911917d3650163fb7a7fc5307130f88d0b56476425a70c05214

    SHA512

    806fe828a16bb3c9598a046fe5222de903acca39c9b41de6ea2e7ebe3070386c3d03a4619d3efb22caee654f55811c7dd8648bde6ae561199eb617ea123f4383

    Download Submit

  • C:\Program Files (x86)\WinRAR\RarFiles.Lst
    Filesize

    1KB

    MD5

    b6654a6dd80d8fb3bd4ec37bfac3f4b8

    SHA1

    4202fe5e0ba8455e4a86fa10035b92ae2041b6ca

    SHA256

    0470bf17e96ee7a38f2a542d53da7c8cd4e0a759b90a46ae03ad13a4257b6285

    SHA512

    622d5ee5313e6abe6c2e072673b47bafa5f5830ffad66f561f0f9309cb8de097aa5ad943b4d24d903fd6010b73602bfaa07be8da64c1e4e3c1c744949f647d98

    Download Submit

  • C:\Program Files (x86)\WinRAR\SorgUnRAR.Txt
    Filesize

    244B

    MD5

    e39e73de05d306242cf23b39b1ed0e2a

    SHA1

    57f0b2a40135a592576ed6f00d72b18829144bd0

    SHA256

    c82a1672a760349a59010bee2f795e22a257c0d3143ffe27b15c971cfd68ea75

    SHA512

    022a84c6fc2afc57ef8afc5bf3f02364258b68a76fba977008825ab99a1b8608ba909eca5b7ce0bc003d29706c546e855ece82d72626af1dcf82a0990570c53c

    Download Submit

  • C:\Program Files (x86)\WinRAR\UnRAR.exe
    Filesize

    267KB

    MD5

    5b04b667b60df90fe0a5ea44eed8285b

    SHA1

    4e070d1a2c7c0cdf3890534c4dc467528148236a

    SHA256

    d35d8570d99ab5c2861165c69a25a15bbb838b76133b0bc24ba27a8405a0c5cf

    SHA512

    41380e4d5eef70046ef2dc6365492318936f0380318f3996442f9337a06e1b4e55553ee188bbc3c8daa0077f4ddaac7aacd3e0fb2b22e050fe6b069351bc8ff4

    Download Submit

  • C:\Program Files (x86)\WinRAR\Uninstall.Lst
    Filesize

    599B

    MD5

    5c1e48897ff9270547f59cfd6d5741c5

    SHA1

    70eb005f4c3c022a70525fdb8b3fd52065b09078

    SHA256

    abcd0035115774e9b57cc87809ad1f6ae4c273a7d105f66ebf47edac2ab9b019

    SHA512

    44f4ed331259496f10c989e7b4547fb8e436dc33dec6482b45cfb3d1a57edfec6b94d95ff355d9217c482b8e8e1ccd9470090baf9a9fa4d9ec927dab01161ae3

    Download Submit

  • C:\Program Files (x86)\WinRAR\Uninstall.exe
    Filesize

    122KB

    MD5

    de61b1ca32522d25d6fd647679ab9a33

    SHA1

    2c0955e73fc81859d3c35789c1196fc953cc930f

    SHA256

    9e4c66bf071fcf474c4ac9743d1c5c192cd2fe128c2b86ea26b179bd44ddf3c1

    SHA512

    8d0c3ed87a609d1040fbd3af0ae43659f4c3177bf15c740466a19581da6f81f66921c0f7ef0778e07b248e4200bfd35d7d8dbe2a7939f69687f0621397d8ea89

    Download Submit

  • C:\Program Files (x86)\WinRAR\WinCon.SFX
    Filesize

    73KB

    MD5

    dca0191b901b487662523696c29ea903

    SHA1

    5806124d355560b755d18dca76abd4df67db018a

    SHA256

    42556b859cdbfa22bce3b550afcfe1d0f8c754241c4d83b3c50dac9c9640ed1d

    SHA512

    c8f50cb36016fbacb3fcf1b56f06e7743006df74235dd02ef9917756f645541bafc4b51cfcc4af23aab9486842a42274712d99c0fcd824b3a383a65382fa4ed4

    Download Submit

  • C:\Program Files (x86)\WinRAR\WinRAR.exe
    Filesize

    1.1MB

    MD5

    1b70541d52dbc1c5293d38ac7e46867e

    SHA1

    746aa2237b286790eb67a953e7a3bcd2c41cf892

    SHA256

    e4fbdafb8f764d56b726c86b0cfd57edbd621998caa1af2070f42f84cdd187a7

    SHA512

    d691923c540d330f204e239a3d298bc5df77a660067034b85b9b5a3c071d7ed01cf17469cb4f17dc7aa59248dd16f74c08a1ccdce06753018d8953ac6e2efe72

    Download Submit

  • C:\Program Files (x86)\WinRAR\Zip.SFX
    Filesize

    78KB

    MD5

    426eec9bb0749b56e0e9a12abe8b80b0

    SHA1

    b42b9c399ff5410002f717af0ebb34225fdcea7a

    SHA256

    5999005d8d2efc9bfabc9653a025cfefc05a8d5a2e807d0fad90431cf7021217

    SHA512

    59adc7b6e45036f3e1f216d066a595739518ccb2b86f4111551e39aa9ed606e1db63f840029b73be3500d343b69746d9fdc1130ada8f69d68f01fd1b37b0dd23

    Download Submit

  • C:\Program Files (x86)\WinRAR\winrar.chm
    Filesize

    369KB

    MD5

    60eb46fb6386c2129d5b41fce3ebee05

    SHA1

    ca704d5199b6122e43a31eb2c55ca15cd413be4c

    SHA256

    abc9fbe9e54bb20d8a2797c617e7fd69727257da04b3dd83ba5163d9dc645e72

    SHA512

    75be282660c254913d6645e44b6fbf1ad8df1944041247d04657193bc612630dca4cfb5c7ca20ba84bfbc23ce3fc1bce90a6828ea91725fa30aae23d080394c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ECEE.tmp\Patch32.bat
    Filesize

    43B

    MD5

    f1be7358aedd550e49c8aa31198e3db6

    SHA1

    b33547d8c2adf32336e75c21e715ce6c311d968e

    SHA256

    216908a75561a250c022abfb0a209eb999104c5b1e74f9bbe2a95959baaf18fa

    SHA512

    4913892e59cb36f16112c5cd66d4e28df3335a9831f91b9d15396c12cfeebdd1093e7c20b54835c72307e3f23d9a04a15d63c2d654b2cce6b487bc3531b98e0c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\Patch32.exe
    Filesize

    70KB

    MD5

    0e5e20bfb9b5edc712960bfd7ae90267

    SHA1

    ea3140f5780f18f7fcda50b290736caec3fb5f0d

    SHA256

    d1f9973561638701e057378a73b528b3da9fb9c83c8a9a53a1d0da831479660b

    SHA512

    a72a64d5426415b82a9cdff3e110f1ef304517b9e1125386e245abd04a1741d5a3ff38d8575eff61115ca38979ca3d873c9e640b8325b10e81930f070e455cf8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\WRar410it.exe
    Filesize

    1.5MB

    MD5

    824ceb3a563d6584ca70f27036b191d8

    SHA1

    7b0277e0ac86423499cfd5137c79e6413c3aab57

    SHA256

    707b56a94aba4157317c37d7a0e5970723cc7c285c0a9ce95a9937a8487bcc15

    SHA512

    2cf734e4c05b58c955dbf8541986694c720b01e314ecbc7bb882d6fbb17d17e5a41bee49bc676bd3a74f65207d56a3068d4204523c6c6621086a32abec98c3fc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\WINRAR_4.10_X86_ITA.EXE
    Filesize

    1.7MB

    MD5

    c72a0f6167849686935800a12492ff79

    SHA1

    16383a19130fa438ad9dabb2df9b293eace71128

    SHA256

    9e342367f7da0548105920ac3b2ac2c649e3a5ebf9214734e661358603c2a642

    SHA512

    f913869141e0e2c3a9864705ed806de5464b3a95be14a2c482df49a5fe001ed8f3d5c2adc21208d861645c0c9197ddd4632bdfabd0140c6bd97f0b5b1cd9c147

    Download Submit

  • \Windupdt\winupdate.exe
    Filesize

    2.1MB

    MD5

    ab9d330d59c793f57b9bc43926338d55

    SHA1

    57e4d5ed3c7efa25a0e51815fb889f4216cd4f83

    SHA256

    dc51e624a940993ca435cc5f136452d515f5b10261ba888e95cc4c9fc9ea09dc

    SHA512

    162dde24e4ee17a5362ccfd6f078701d407e0206478e71464a752dcae43c7cb3a45a442f6d029df01214a417b78e2e870e80deac89ea2ac275124aee9ea4cabb

    Download Submit

  • memory/2260-270-0x00000000031E0000-0x0000000003209000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2676-269-0x0000000000240000-0x0000000000269000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2676-316-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2676-267-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2676-268-0x0000000000240000-0x0000000000269000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2716-314-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2716-272-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2796-37-0x0000000000400000-0x0000000000691000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2804-318-0x00000000031F0000-0x0000000003219000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2804-265-0x00000000031F0000-0x0000000003219000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2820-1-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2820-28-0x0000000000400000-0x0000000000691000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2820-0-0x0000000000400000-0x0000000000691000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2820-25-0x0000000005170000-0x0000000005401000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2872-39-0x0000000000400000-0x0000000000691000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2872-35-0x00000000011B0000-0x0000000001441000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2872-36-0x00000000011B0000-0x0000000001441000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2872-34-0x00000000011B0000-0x0000000001441000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2872-30-0x0000000000400000-0x0000000000691000-memory.dmp

    Filesize

    2.6MB

    Download