Overview

overview

5

Static

static

3

My Program...cy.exe

windows7-x64

5

My Program...cy.exe

windows10-2004-x64

1

Resubmissions

02-12-2024 18:47

241202-xe9x2asqan 7

02-12-2024 18:43

241202-xc8l7aspbq 5

Analysis

  • max time kernel
    97s
  • max time network
    85s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2024 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    My Program/RockerLegacy.exe

  • Size

    3.8MB

  • MD5

    46c17c999744470b689331f41eab7df1

  • SHA1

    b8a63127df6a87d333061c622220d6d70ed80f7c

  • SHA256

    c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

  • SHA512

    4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

  • SSDEEP

    98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score
5/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 12 IoCs
  • Modifies system executable filetype association 2 TTPs 16 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy.exe
    "C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Program Files\WinRAR\uninstall.exe
      "C:\Program Files\WinRAR\uninstall.exe" /setup
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies system executable filetype association
      • Modifies registry class
      PID:2548
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1696
    • C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy.exe
      "C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy.exe"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1656
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\License.txt
      1⤵
        PID:1380
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Descript.ion
        1⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1820
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Descript.ion
          2⤵
            PID:2220
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\ReadMe.txt
          1⤵
            PID:1900
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Order.htm
            1⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2304
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2
              2⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2980
          • C:\Users\Admin\AppData\Local\Temp\My Program\unins000.exe
            "C:\Users\Admin\AppData\Local\Temp\My Program\unins000.exe"
            1⤵
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1932
            • C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp
              "C:\Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp" /SECONDPHASE="C:\Users\Admin\AppData\Local\Temp\My Program\unins000.exe" /FIRSTPHASEWND=$30252
              2⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of FindShellTrayWindow
              PID:1856
          • C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy.exe
            "C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy.exe"
            1⤵
            • Drops file in Program Files directory
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1244
            • C:\Program Files\WinRAR\uninstall.exe
              "C:\Program Files\WinRAR\uninstall.exe" /setup
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Modifies system executable filetype association
              • Modifies registry class
              PID:2960
          • C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Rar.exe
            "C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Rar.exe"
            1⤵
              PID:2572
            • C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\UnRAR.exe
              "C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\UnRAR.exe"
              1⤵
                PID:2600

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\WinRAR\Order.htm
                Filesize

                3KB

                MD5

                5c336de3b3d794322ad9e5915e3a509f

                SHA1

                5256262a417e9a29fe23e8cca09782c7a3532fc9

                SHA256

                bce29ef3b95306cb7b304fb8c3039be7157356d9f9d4e7e1c6bfbf02a117f48f

                SHA512

                7243c9b8eb39fc8aa10ec8b5c290e27d44fa1c245f0478b75ae77964c178d41e9c1f651f987316f1153c1a7176eecebc269ffb0c42ced5bd0b12e5cc1b95da04

                Download Submit

              • C:\Program Files\WinRAR\Rar.txt
                Filesize

                105KB

                MD5

                b954981a253f5e1ee25585037a0c5fee

                SHA1

                96566e5c591df1c740519371ee6953ac1dc6a13f

                SHA256

                59e40b34b09be2654b793576035639c459ad6e962f9f9cd000d556fa21b1c7cd

                SHA512

                6a7772c6b404cd7fee50110b894ff0c470e5813264e605852b8dcc06bfaeb62b8cc79adcb695b3da149e42d5372a0d730cc7e8ed893c0bd0edb015fc088b7531

                Download Submit

              • C:\Program Files\WinRAR\RarExt32.dll
                Filesize

                541KB

                MD5

                24f6faa5d2e9c8fb15ae0c936bfa4545

                SHA1

                17f85d25f0f0c15a164eb11a34f498268677dcb0

                SHA256

                bd3f01e7c100422a6faae60d76da16158f6d8b3868d474e81fd657ec3c0127ef

                SHA512

                cd3f4dd020cad0357be2cc18459e7051d65f05b5df60a8d980152179dff6cc8dedf9fef758224e9b6adc87de9033d18daa3e09aea8af2e2a1860efc753a01380

                Download Submit

              • C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png
                Filesize

                4KB

                MD5

                ec177cbe676473543e8c9b5d9fb0b797

                SHA1

                0d1bb7649d090831d2ab1f2fb44f580e0d4004d3

                SHA256

                5e3c8bbcd81cd0c08819edcbe04772dbd157f79373a0171b7bd914cf7a2cdef9

                SHA512

                925a86b5be1c9fe91cc587b71a3e0d2fbf8eddef06093a8356bffa955b63c296a041729db38a9538dfc811b723e0aca4b7a183ab0e9d12d0a302d1239db12374

                Download Submit

              • C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png
                Filesize

                6KB

                MD5

                248fa2b659874a14b43b5e0e17ac1cff

                SHA1

                b6b0671e015104ee7f4bac4e6abf961ec55fdb12

                SHA256

                ed99246ebc6fad80103f1e887dd8388f67eb509fcbba187aaa13556b8d884ab2

                SHA512

                1a8e9f0c13d565cdae77cc17942792e33861f056f73422eb2df79fba5dc241a37106c0bf7173f9ba83f517e2016e9d3b8e117df2bd2d5972155781dbf147f90a

                Download Submit

              • C:\Program Files\WinRAR\RarFiles.lst
                Filesize

                1KB

                MD5

                e70e22d45ecb35217d66a4ce30f081fa

                SHA1

                a5f6c6e1335596d50e89f99267773e30bebe159e

                SHA256

                9eb1099d7231cd24d8740609d3ac6985139f2334730356df983ab01d7896ad6f

                SHA512

                638ab88bcf95aa16e2f15036f3de1c5803a30b518b1a283464444a9b2f04b45f7927fb3c4bf666740c8d042c991d872b6d5749bbd9a721a42dde6dbf9f549cd3

                Download Submit

              • C:\Program Files\WinRAR\Resources.pri
                Filesize

                1KB

                MD5

                43cb15c1f1cc705305aeba33b0a9ee73

                SHA1

                52b4cbf1c3ed4494837f54eafa3e7294ba8e5485

                SHA256

                a7bb097441d9f06dd7a8d08874d70e7495626760c05284ca1ae3a208c11b52f0

                SHA512

                179dda1518aec276ae01bd7966272bbd545072077b34fb07396ec47c5b11adbddd00ab385d4ee2131a3c1c5265857434a51be4f33ac7ccd8c4e4b4dfda8d9c6f

                Download Submit

              • C:\Program Files\WinRAR\Uninstall.lst
                Filesize

                793B

                MD5

                6eeefcb85673c14201d024b6e6ac6258

                SHA1

                dd3bbad1b014f8d8e9f981ac0deb9f2f343c5cf4

                SHA256

                b75fdee208d2834ab147dacb51f4e7d70e44457c8b639048fe67b252b8d61f1f

                SHA512

                d68322f4b861f05876e9b3f349d135b3df115a52b93c52590a1dc240089ab0dcdb256f91fca01fd65dc8e689ee53cbd106337bbda42d402d12b9dca90434671b

                Download Submit

              • C:\Program Files\WinRAR\WhatsNew.txt
                Filesize

                45KB

                MD5

                1c44c85fdab8e9c663405cd8e4c3dbbd

                SHA1

                74d44e9cb2bf6f4c152aadb61b2ffc6b6ccd1c88

                SHA256

                33108dd40b4e07d60e96e1bcfa4ad877eb4906de2cc55844e40360e5d4dafb5d

                SHA512

                46d3fb4f2d084d51b6fd01845823100abc81913ebd1b0bcfeb52ef18e8222199d282aa45cae452f0716e0e2bf5520f7a6a254363d22b65f7ab6c10f11292ee2d

                Download Submit

              • C:\Program Files\WinRAR\WinRAR.chm
                Filesize

                316KB

                MD5

                6ca1bc8bfe8b929f448e1742dacb8e7f

                SHA1

                eca3e637db230fa179dcd6c6499bd7d616f211e8

                SHA256

                997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344

                SHA512

                d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973

                Download Submit

              • C:\Program Files\WinRAR\WinRAR.exe
                Filesize

                3.1MB

                MD5

                53cf9bacc49c034e9e947d75ffab9224

                SHA1

                7db940c68d5d351e4948f26425cd9aee09b49b3f

                SHA256

                3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3

                SHA512

                44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda

                Download Submit

              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk
                Filesize

                1KB

                MD5

                2d48439c9bbeb71914e010c2937b4373

                SHA1

                7ac2ab3df84d057ee16302ec2864787a6cd53b0b

                SHA256

                160c0fc32f4ffaa2d35ac58c91d89c5c587e35957050e62f6a736c6f74d60208

                SHA512

                f6eced931b452f89130d322d18b8804bb5248bfbfd9dc412f4e67983fcba88e6f61e2bcd0a3c7afcedd5771591b69409f0be2884cc4bca18ac19f68a0ee9865c

                Download Submit

              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk
                Filesize

                1KB

                MD5

                d9cc76f94e2758a53309e48602e70787

                SHA1

                e1dc924b36a1d913ceb7bb1b314b525c9c91416a

                SHA256

                7950efd83214b36d46da8167a0d35c1b16af93712816d1b5b85b40206581dd98

                SHA512

                de4c82c6f904d636df9838d2856b21aeeb93ea204ad7cffe8d8ee73c4138f17516e39c4c22456664638c9749002e83f5dee8620c9649a548ba5266aae1409024

                Download Submit

              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
                Filesize

                1KB

                MD5

                904998e69079ce380b5007a1bbc08643

                SHA1

                9f0fdd388efe900ff5c66a6cfeccb0681d5b3509

                SHA256

                a840c5beff7ae0141d1aa29f40ee0a5d55e8ab95f30f2d2b684fc70545eb0e8c

                SHA512

                3d4c2e13921c2146d21c4090151034c50dadf5d3f0ba6a99efd763f73a398cf6ca6f9680737c5791f88df885e04cdbbc7d53f9813d485ceac4c3c92b69b0d9fa

                Download Submit

              • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
                Filesize

                1KB

                MD5

                56b3fd2c3564c79e8814ca5a6ed83ae2

                SHA1

                7205a016fe63f92ccb564ed24b49533b55b3bc29

                SHA256

                6b6c9f6c8222163659554317bd50f163cd2ccdf1087567ae92fe2bda53b54ee7

                SHA512

                7511b3e85b26b9c5577f9b86ba23a985adbcac98977c36c88e117f1f983075fb86c217c851ea2545d5e8caf3ed5c6e6237ca4291fa561da5cb545ad164590e1d

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                9b6d9ae3ae0f1b7124996d0a59aa9c99

                SHA1

                753fc5d563e33adfcfe7120630381922abfc45fb

                SHA256

                dc42ff7d01447c9512157a55d902026d42134a4d2e0d27c82b24a6109fe84c82

                SHA512

                72c6863686ec24f837ea86d8715a57074ab1e8f25ee8174597b3a30eef183768c27259db4c4099425192493c4f90ae0cb4b614bfc61954dd5ba3495200977aa1

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                8895635b0c8bc55363166926e3a7d7f2

                SHA1

                88ec5d873870ca871790537423c7210b5fe2efd7

                SHA256

                74ff4d4fca70a3036bacdc005c118819ba82771943d78cc1232366bac2426517

                SHA512

                95901dfb1a9b6d3344da8898eb1c5074381cdfbea8a1389893d2caf50b09a791a118496bffcad26e662b9b9335708ec572097fc64803ce4f6ab7b0bdee9955f7

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                a83d789a65419ac72e3735e4744a364c

                SHA1

                6e0458da333f01ab8ecb395a326a7230cec32cb8

                SHA256

                088ee06de6c1391f94c60bec4761e11ea9c14ff33f8e39d0212477d6825ac5b5

                SHA512

                81f0b21ba1db1a3b8dd94d2f406c1ca2d7f4549423b46bd7c4ed9889e34ce682916259669100a362d7f002c6395b76a4ff716d40bcde04c2c50b0e29742961c4

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                d939e9e53469f6a236cea1d5f31701fa

                SHA1

                00bc8e37e7d85c6a5dc8d51f34547a92856ea891

                SHA256

                561b1c4c220add91a0ec0bf7b902da4fb06eb5024247756956945348c909b9a4

                SHA512

                852d4c997687304a7e2d616fe21d1f6af03b5cd896c9bff2b0d93b6945b719f4c19f581287466533531e8131cdf272675040f339edf535c455132b8f10d9b5cd

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                b7b9e0eb5683dc9e56f56e3f37df3673

                SHA1

                0c2b8d5010cf11264a699e2dc163b47b11e243b6

                SHA256

                f0b67fef193a3c735007efaeed1a40955e64b338ddbed2c5d78e5fec743cd3ec

                SHA512

                4e1c29b40b31e89a1b279aff618947c80386c3d828eb5ea6e67fc3337ab1b4668ea83d87e921be5f05bb3a2e9c23f04d35705107856c23d29dd85bfa41520c64

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                5f819f62c30a6c35c76fe107a9993326

                SHA1

                2f491ff8b928fb0d0e7049f515ddc7cf9a15db35

                SHA256

                82f29fb2a8874a41809e6cbfcb07c5ace1ce50004e279ef7564df5cfbe8515e1

                SHA512

                4d250e6fbe0188ab4592294b7ed43b6f489444c0df5b73d57cfa9c827cd43f3a69b3ca2fb80f914e91164de3079d740c533fd74835adff8f06aad0793560f22b

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                fbfc53d7845e90425db56c8f0288e707

                SHA1

                d704e161b198df301ed3e9fe9b55cd2439cdfcd0

                SHA256

                783fc5313293d339fec56e31e7570e0855955f50d2db3472b7ce42f32292df09

                SHA512

                d1dd31e448944f1036d188d646dddb4596fb1473cdf49c049bc211b724b676f76bdef30f994952d17b81dc415abe481e73c72bf8c7e79d7c32806f179ecb3840

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                3abfad8d08dff2bc3ea4f41fd15c7894

                SHA1

                9f8b808f0a417a43fa0432af05438df067710f75

                SHA256

                aad6ea9d38b51ab1c5516a797d4774d59b0afbb2da9f6794660d264d49f45611

                SHA512

                9c3087b25427d7c7b807534923f2895d56cc61cb2acdc4f96d704564be7edff823ca4ce10e250c837c5fab8081fd8bb8086953627a245df3029ca8fc3008cf8d

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                Filesize

                342B

                MD5

                ffe34288d83c556f5a9f3538eca62eab

                SHA1

                0d63914ac8f8dd826dea23c7f32c7d2f6d9ad89b

                SHA256

                3199bc6e2538fb414b11cbfff289d0800a12d30d04e1451a6755f95b1db98733

                SHA512

                82e3d7603cb4c038e1ded3bed4329b4f565cf84e1db9705cb8ca77f7abd16b28dd0b48d247fe7632c8cf637078080a5f57739f587c52c834521615b793ea4e8e

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\CabF9AB.tmp
                Filesize

                70KB

                MD5

                49aebf8cbd62d92ac215b2923fb1b9f5

                SHA1

                1723be06719828dda65ad804298d0431f6aff976

                SHA256

                b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                SHA512

                bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\TarFA1E.tmp
                Filesize

                181KB

                MD5

                4ea6026cf93ec6338144661bf1202cd1

                SHA1

                a1dec9044f750ad887935a01430bf49322fbdcb7

                SHA256

                8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                SHA512

                6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk
                Filesize

                1KB

                MD5

                8b7eaef2fae11b4e3559f4c172dd8f0c

                SHA1

                89ac530024d46fc4dfc5f81ba659323056fbd0f8

                SHA256

                1bc4d80415e7d6d0466fccdae32cfb242004862baa4e7e49b064f297154083cb

                SHA512

                74f525cb6d2add23be28fb22dc4cfc31f6705a8c551bf22f970a94b179eea35e353fc192435cb84d1831334b24f848530e184e2307057e5b233376fe16a0b472

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk
                Filesize

                1KB

                MD5

                9f1f63863ec57be59a1fd14e6a07f25b

                SHA1

                2dcf656054d9f908832889ad79afdf8d23cfd0b3

                SHA256

                d4a299253a1c1860f1494eb3fc3b85baf6f16a4487891493b7c7ad51fb0deb73

                SHA512

                477dd3497ba85980bde834c4166abe12004f0abfe3072045691b8a742a2fa194926ee191a89b2adb8ddc086f78e08c4b52cb7dd10c64aede6d4cd309c7266dd0

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
                Filesize

                1KB

                MD5

                c52e59130c1466639e8eb51c3c77d547

                SHA1

                f4ee7705cd95e638d7c37af77bb31a5d26726492

                SHA256

                4a4f254515466f1fe1083edd2549cef17ed69a445509e9bf0d627c433b302766

                SHA512

                7e38442fb5a052e8a25d17c22480665e04f25a0898693585ef354924f788455407ecba3c7d836a834567c85d1558765550836f440323ad19ca29a8ad7b78914d

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
                Filesize

                1KB

                MD5

                74d01635e6c8f6fb684d0d1df0458571

                SHA1

                6ffd0f2ab15c1379b03261a51e0eeaf4be353e50

                SHA256

                eadaf38a8b389f10e3ceccc02d31cb84dc8bfa2eb538bedf6b61b37a4d23c234

                SHA512

                5a5023e30842f30aa7cdbc6fcdfe141075348ac4b98f18446ead74ec7a3bf2762d99fd6c4737f97a2806864a2769d5ccc7c880195fd42e89aa014f34f4c4135e

                Download Submit

              • \Program Files\WinRAR\RarExt.dll
                Filesize

                636KB

                MD5

                1e86c3bfcc0688bdbe629ed007b184b0

                SHA1

                793fada637d0d462e3511af3ffaec26c33248fac

                SHA256

                7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef

                SHA512

                4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac

                Download Submit

              • \Program Files\WinRAR\Uninstall.exe
                Filesize

                477KB

                MD5

                4783f1a5f0bba7a6a40cb74bc8c41217

                SHA1

                a22b9dc8074296841a5a78ea41f0e2270f7b7ad7

                SHA256

                f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c

                SHA512

                463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e

                Download Submit

              • \Users\Admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp
                Filesize

                3.2MB

                MD5

                aff219649afa568ae2a283fe31b403f4

                SHA1

                44b4e832270c613d565f64a5a55487e58c7d8160

                SHA256

                528dd55855335341bb396c2ee75a8b41e6896c96578055d051d0301673f3907a

                SHA512

                1ac746eec2033f46ae6fd05b5c9c1812bae76dd9de23a5428ee1ba37c894be2e7c2353ac7bcea185546c29a8d6d9c9be2cc192dbe4f3b5c503dc7b6f05cf3028

                Download Submit

              • memory/1856-541-0x0000000000F50000-0x000000000128D000-memory.dmp

                Filesize

                3.2MB

                Download

              • memory/1932-539-0x00000000002C0000-0x00000000005FD000-memory.dmp

                Filesize

                3.2MB

                Download