Edit tour

Windows Analysis Report
winrar-x64-624es.exe

Overview

General Information

Sample name:winrar-x64-624es.exe
Analysis ID:1412305
MD5:1da8374156fc6492f06828e55ea4dc13
SHA1:4923d045851434d65ce7c56b7e1bd73a08fc2305
SHA256:c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:64
Range:0 - 100

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Classes Autorun Keys Modification
Stores files to the Windows start menu directory
Tries to load missing DLLs
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Sample searches for specific file, try point organization specific fake files to the analysis machine
  • System is w10x64_ra
  • winrar-x64-624es.exe (PID: 6228 cmdline: "C:\Users\user\Desktop\winrar-x64-624es.exe" MD5: 1DA8374156FC6492F06828E55EA4DC13)
    • Uninstall.exe (PID: 6584 cmdline: "C:\Program Files\WinRAR\uninstall.exe" /setup MD5: 62C61B5BC915F81C8038AA83ED1A3B01)
  • rundll32.exe (PID: 2528 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • WinRAR.exe (PID: 6284 cmdline: "C:\Program Files\WinRAR\WinRAR.exe" MD5: 437C59059419449FF4D7CC13E76F37D6)
    • msedgewebview2.exe (PID: 6248 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6284.532.6479263106983139252 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6256 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7fff27d78e88,0x7fff27d78e98,0x7fff27d78ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6028 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1824 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 5968 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 5492 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2348 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 4048 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710926652087785 --launch-time-ticks=4615613498 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
  • cleanup
No yara matches
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: , EventID: 13, EventType: SetValue, Image: C:\Program Files\WinRAR\Uninstall.exe, ProcessId: 6584, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\(Default)
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance

barindex
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_4598640
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Descript.ion
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Leame.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\License.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Novedades.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Rar.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Order.htm
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarFiles.lst
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Uninstall.lst
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\licencia.rtf
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Rar.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtInstaller.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Uninstall.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\UnRAR.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\WinRAR.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\7zxa.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExt.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExt32.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\rar.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\rarext.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\uninstall.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\winrar.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtPackage.msix
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Resources.pri
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Default.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Default64.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\WinCon.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\WinCon64.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Zip.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Zip64.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\winrar.chm
Source: C:\Program Files\WinRAR\Uninstall.exeDirectory created: C:\Program Files\WinRAR\rarnew.dat
Source: C:\Program Files\WinRAR\Uninstall.exeDirectory created: C:\Program Files\WinRAR\zipnew.dat
Source: C:\Program Files\WinRAR\Uninstall.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\License.txt
Source: winrar-x64-624es.exeStatic PE information: certificate valid
Source: winrar-x64-624es.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Local Storage\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Local Storage\leveldb\
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: notifier.win-rar.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: C:\Users\user\Desktop\winrar-x64-624es.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: <pi-ms-win-core-louserzation-l1-2-1.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: dxgidebug.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: sfc_os.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: riched20.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: usp10.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: msls31.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: ieframe.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: wkscli.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: dataexchange.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: d3d11.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: dcomp.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: dxgi.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: msiso.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: mshtml.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: powrprof.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: umpdc.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: srpapi.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: msimtf.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: d2d1.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: dwrite.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: dxcore.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: mlang.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: edputil.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: appresolver.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: slc.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: sppc.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: pcacli.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeSection loaded: mpr.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: riched20.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: usp10.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: msls31.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: wintypes.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: wintypes.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: wintypes.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: wldp.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: propsys.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: profapi.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: textshaping.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: linkinfo.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: ntshrui.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: sspicli.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: srvcli.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: cscapi.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: edputil.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: urlmon.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: iertutil.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: netutils.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: apphelp.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: explorerframe.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: sxs.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: actxprxy.dll
Source: C:\Program Files\WinRAR\Uninstall.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: powrprof.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: msimg32.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: umpdc.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: wldp.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: propsys.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: profapi.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: riched20.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: usp10.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: msls31.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: textshaping.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: d3d11.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: dcomp.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: dxgi.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: wintypes.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: wintypes.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: wintypes.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: mpr.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: drprov.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: winsta.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: ntlanman.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: davclnt.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: davhlpr.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: wkscli.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: cscapi.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: netutils.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: apphelp.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: dlnashext.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: playtodevice.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: devdispitemprovider.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: mmdevapi.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: devobj.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: wpdshext.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: portabledeviceapi.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: msasn1.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: ehstorshell.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: ehstorapi.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: secur32.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: sspicli.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: samcli.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: samlib.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: thumbcache.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: iertutil.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: inputhost.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: edputil.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: provsvc.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: policymanager.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: linkinfo.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: urlmon.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: srvcli.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: version.dll
Source: C:\Program Files\WinRAR\WinRAR.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.onlineid.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: aadwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: tenantrestrictionsplugin.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: npmproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: classification engineClassification label: clean5.winEXE@17/128@7/19
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeMutant created: NULL
Source: C:\Program Files\WinRAR\WinRAR.exeMutant created: \Sessions\1\BaseNamedObjects\WinRAR_Busy
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile created: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2
Source: winrar-x64-624es.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile read: C:\Windows\win.ini
Source: C:\Users\user\Desktop\winrar-x64-624es.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile read: C:\Users\user\Desktop\winrar-x64-624es.exe
Source: unknownProcess created: C:\Users\user\Desktop\winrar-x64-624es.exe "C:\Users\user\Desktop\winrar-x64-624es.exe"
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess created: C:\Program Files\WinRAR\Uninstall.exe "C:\Program Files\WinRAR\uninstall.exe" /setup
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess created: C:\Program Files\WinRAR\Uninstall.exe "C:\Program Files\WinRAR\uninstall.exe" /setup
Source: unknownProcess created: C:\Program Files\WinRAR\WinRAR.exe "C:\Program Files\WinRAR\WinRAR.exe"
Source: C:\Program Files\WinRAR\WinRAR.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6284.532.6479263106983139252
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7fff27d78e88,0x7fff27d78e98,0x7fff27d78ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1824 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2348 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710926652087785 --launch-time-ticks=4615613498 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files\WinRAR\WinRAR.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6284.532.6479263106983139252
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7fff27d78e88,0x7fff27d78e98,0x7fff27d78ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1824 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2348 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710926652087785 --launch-time-ticks=4615613498 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\Desktop\winrar-x64-624es.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32
Source: C:\Users\user\Desktop\winrar-x64-624es.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_4598640
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Descript.ion
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Leame.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\License.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Novedades.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Rar.txt
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Order.htm
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarFiles.lst
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Uninstall.lst
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\licencia.rtf
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Rar.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtInstaller.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Uninstall.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\UnRAR.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\WinRAR.exe
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\7zxa.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExt.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExt32.dll
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\rar.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\rarext.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\uninstall.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\winrar.lng
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtPackage.msix
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Resources.pri
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Default.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Default64.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\WinCon.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\WinCon64.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Zip.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\Zip64.sfx
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDirectory created: C:\Program Files\WinRAR\winrar.chm
Source: C:\Program Files\WinRAR\Uninstall.exeDirectory created: C:\Program Files\WinRAR\rarnew.dat
Source: C:\Program Files\WinRAR\Uninstall.exeDirectory created: C:\Program Files\WinRAR\zipnew.dat
Source: C:\Program Files\WinRAR\Uninstall.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
Source: winrar-x64-624es.exeStatic PE information: certificate valid
Source: winrar-x64-624es.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: winrar-x64-624es.exeStatic file information: File size 3692112 > 1048576
Source: winrar-x64-624es.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: winrar-x64-624es.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: winrar-x64-624es.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: winrar-x64-624es.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: winrar-x64-624es.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: winrar-x64-624es.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: winrar-x64-624es.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: winrar-x64-624es.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: winrar-x64-624es.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: winrar-x64-624es.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: winrar-x64-624es.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: winrar-x64-624es.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: winrar-x64-624es.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_4598640
Source: winrar-x64-624es.exeStatic PE information: section name: .didat
Source: winrar-x64-624es.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\RarExt.dllJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\7zxa.dllJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\UnRAR.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Default.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Default64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Zip.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Rar.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\RarExtInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\WinRAR.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\WinCon.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\RarExt32.dllJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Uninstall.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Zip64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\WinCon64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Default.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Default64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\WinCon.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\WinCon64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Zip.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\Zip64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeFile created: C:\Program Files\WinRAR\License.txt
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ayuda WinRAR.lnk
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual RAR para consola.lnk
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Que hay de nuevo en la ltima versi n.lnk
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ayuda WinRAR.lnk
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual RAR para consola.lnk
Source: C:\Program Files\WinRAR\Uninstall.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Que hay de nuevo en la ltima versi n.lnk
Source: C:\Program Files\WinRAR\WinRAR.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\WinRAR\WinRAR.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\WinRAR\WinRAR.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WinRAR\WinRAR.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\WinRAR\WinRAR.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\winrar-x64-624es.exeMemory allocated: 18104B70000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\winrar-x64-624es.exeMemory allocated: 18108C00000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\RarExt.dllJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\7zxa.dllJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\UnRAR.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\Default.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\Default64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\Zip.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\RarExtInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\Rar.exeJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\WinCon.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\RarExt32.dllJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\Zip64.sfxJump to dropped file
Source: C:\Users\user\Desktop\winrar-x64-624es.exeDropped PE file which has not been started: C:\Program Files\WinRAR\WinCon64.sfxJump to dropped file
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\blob_storage\fc229951-f32b-49cb-8d31-9342467c3503 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Local Storage\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Local Storage\leveldb\
Source: C:\Users\user\Desktop\winrar-x64-624es.exeProcess created: C:\Program Files\WinRAR\Uninstall.exe "C:\Program Files\WinRAR\uninstall.exe" /setup
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7fff27d78e88,0x7fff27d78e98,0x7fff27d78ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1824 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2348 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710926652087785 --launch-time-ticks=4615613498 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files\WinRAR\WinRAR.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=6284.532.6479263106983139252
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7fff27d78e88,0x7fff27d78e98,0x7fff27d78ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1824 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2348 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710926652087785 --launch-time-ticks=4615613498 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files\WinRAR\WinRAR.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=6284.532.6479263106983139252
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7fff27d78e88,0x7fff27d78e98,0x7fff27d78ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1824 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2044 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2348 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\temp\winrar.exe.webview2\ebwebview" --webview-exe-name=winrar.exe --webview-exe-version=6.24.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710926652087785 --launch-time-ticks=4615613498 --mojo-platform-channel-handle=3380 --field-trial-handle=1832,i,12488137136180686112,6651680280843944053,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Users\user\Desktop\winrar-x64-624es.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\winrar-x64-624es.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\winrar-x64-624es.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\winrar-x64-624es.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Users\user\Desktop\winrar-x64-624es.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\winrar-x64-624es.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\Uninstall.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\WinRAR.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\WinRAR\WinRAR.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter
1
Windows Service
1
Windows Service
13
Masquerading
OS Credential Dumping1
Query Registry
Remote Services1
Email Collection
2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder
11
Process Injection
1
Virtualization/Sandbox Evasion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading
1
Registry Run Keys / Startup Folder
11
Process Injection
Security Account Manager1
Remote System Discovery
SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading
1
Rundll32
NTDS2
File and Directory Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Software Packing
LSA Secrets23
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
winrar-x64-624es.exe6%ReversingLabs
winrar-x64-624es.exe0%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Program Files\WinRAR\7zxa.dll0%ReversingLabs
C:\Program Files\WinRAR\7zxa.dll0%VirustotalBrowse
C:\Program Files\WinRAR\Default.sfx0%ReversingLabs
C:\Program Files\WinRAR\Default.sfx1%VirustotalBrowse
C:\Program Files\WinRAR\Default64.sfx0%ReversingLabs
C:\Program Files\WinRAR\Default64.sfx0%VirustotalBrowse
C:\Program Files\WinRAR\Rar.exe0%ReversingLabs
C:\Program Files\WinRAR\Rar.exe0%VirustotalBrowse
C:\Program Files\WinRAR\RarExt.dll0%ReversingLabs
C:\Program Files\WinRAR\RarExt.dll0%VirustotalBrowse
C:\Program Files\WinRAR\RarExt32.dll0%ReversingLabs
C:\Program Files\WinRAR\RarExt32.dll0%VirustotalBrowse
C:\Program Files\WinRAR\RarExtInstaller.exe0%ReversingLabs
C:\Program Files\WinRAR\RarExtInstaller.exe0%VirustotalBrowse
C:\Program Files\WinRAR\UnRAR.exe0%ReversingLabs
C:\Program Files\WinRAR\UnRAR.exe0%VirustotalBrowse
C:\Program Files\WinRAR\Uninstall.exe4%ReversingLabs
C:\Program Files\WinRAR\Uninstall.exe3%VirustotalBrowse
C:\Program Files\WinRAR\WinCon.sfx3%ReversingLabs
C:\Program Files\WinRAR\WinCon.sfx0%VirustotalBrowse
C:\Program Files\WinRAR\WinCon64.sfx0%ReversingLabs
C:\Program Files\WinRAR\WinCon64.sfx0%VirustotalBrowse
C:\Program Files\WinRAR\WinRAR.exe0%ReversingLabs
C:\Program Files\WinRAR\WinRAR.exe0%VirustotalBrowse
C:\Program Files\WinRAR\Zip.sfx0%ReversingLabs
C:\Program Files\WinRAR\Zip.sfx5%VirustotalBrowse
C:\Program Files\WinRAR\Zip64.sfx3%ReversingLabs
C:\Program Files\WinRAR\Zip64.sfx3%VirustotalBrowse
No Antivirus matches
SourceDetectionScannerLabelLink
chrome.cloudflare-dns.com0%VirustotalBrowse
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
notifier.win-rar.com
51.195.68.173
truefalse
    high
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs
    IPDomainCountryFlagASNASN NameMalicious
    162.159.61.3
    chrome.cloudflare-dns.comUnited States
    13335CLOUDFLARENETUSfalse
    142.250.81.232
    unknownUnited States
    15169GOOGLEUSfalse
    1.1.1.1
    unknownAustralia
    13335CLOUDFLARENETUSfalse
    20.25.227.174
    unknownUnited States
    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    51.195.68.173
    notifier.win-rar.comFrance
    16276OVHFRfalse
    52.159.108.190
    unknownUnited States
    8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    13.107.42.16
    unknownUnited States
    8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    172.64.41.3
    unknownUnited States
    13335CLOUDFLARENETUSfalse
    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1412305
    Start date and time:2024-03-20 11:40:17 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:26
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:winrar-x64-624es.exe
    Detection:CLEAN
    Classification:clean5.winEXE@17/128@7/19
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 13.107.42.16, 52.159.108.190, 20.25.227.174, 142.250.81.232
    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):225432
    Entropy (8bit):6.357907171989064
    Encrypted:false
    SSDEEP:
    MD5:85026CFBA1AFED081A84F70C3CF46815
    SHA1:4231A9A70229FE7A6F8AA92109002CAEB642A8CE
    SHA-256:F4953BEBEB4B71F3F83E4684C5349B0EE9263499DF3CC0B2BE830EF2C478D50A
    SHA-512:742AD90F66C6815A61262C48685AF7676CB94783E59FCD05D4F53329491E7B1C2BE4C8F2C9EEEB02422F2A7B4D8EF224FFC39A76BC53270D2CE8E31DF7FA8EBD
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.w9...j...j...jebdj...jebbj...j...j*..jebwjX..j...k...jebtj...j...k...jebcj...jebej...jebaj...jRich...j................PE..d....\.d.........." .....n...".......O....................................................`.................................................d...P............`..p&...H...(..............................................................h............................text....m.......n.................. ..`.rdata..c............r..............@..@.data....M..........................@....pdata..p&...`...(..................@..@.rsrc................(..............@..@.reloc..l............@..............@..B........................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):347952
    Entropy (8bit):6.632242202214286
    Encrypted:false
    SSDEEP:
    MD5:E73113571ED27DABDED60B13EA3FA83B
    SHA1:6679837C14CEA282F9AE482C321D275C5E54AEB7
    SHA-256:E23D60998D1EB03AE283645B062FB6D62A599CCD5199AA243472773E1F10D9A5
    SHA-512:5C62C162299E7907FE38AA6A2B5927B1AF6A8E1572A71126454557A6135B373CD926805FFE18294D46120C26D3825A62763C570EF9C4B3FC63F01297D99F3A34
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 1%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W..6..6..6....V.6....T.'6....U.6..)MZ.6..)M..6..)M..6..)M..6..N$.6..N4.6..6..7..'M..6..'M..6..'MX.6..'M..6..Rich.6..................PE..L......e...............!.F..........P........`....@.......................................@.............................4.......P............................`..\%......T...............................@............`..x....... ....................text....E.......F.................. ..`.rdata.......`.......J..............@..@.data...XG... ......................@....didat.......p......................@....rsrc...............................@..@.reloc..\%...`...&..................@..B........................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):399664
    Entropy (8bit):6.425845076417154
    Encrypted:false
    SSDEEP:
    MD5:816E69C4C839676EE4AAE4ECDB0CE1EF
    SHA1:EF83927A70D6427186F1ACCC5C7A44E453F420E3
    SHA-256:85C3533AF20EE870C1B2AFBE5233C9D6B05F88FC1F506B5185ED8777AEBB2F84
    SHA-512:35179F467FCBC13944091D7222F44459DB520AB440CFF6EF4231A605517113AD3179771F12FEA1C0B4122DFD03C09C27C9693494C3AE55984CD40BC4E8385D79
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......t..0..I0..I0..I.'.I8..I.'.I...I.'.I=..I...I2..I...H"..I...H9..I...H...I9.rI9..I9.vI2..I9.bI7..I0..I/..I...H...I...H1..I...I1..I...H1..IRich0..I................PE..d......e.........."....!.....~.......q.........@.............................p............`............................................4...$...P............0...+...........`..,...@t..T...............................@...................<... ....................text...n........................... ..`.rdata..............................@..@.data....U..........................@....pdata...+...0...,..................@..@.didat..X....`......................@..._RDATA..\....p......................@..@.rsrc...............................@..@.reloc..,....`......................@..B................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):2758
    Entropy (8bit):4.606275349642451
    Encrypted:false
    SSDEEP:
    MD5:8F05BE0CA67702CD89E01FBA73FE1CDC
    SHA1:16E7F0CA3669F22C509634B72F4CC87A7062F9A1
    SHA-256:F46F11B6EFA3BF528217DFD545B18BB22895D227194C467689D0BDF1345EC731
    SHA-512:4483327FEE210910D2D41F9EA96280FEC91DFBEF5FD510AB5792CA89E71BF3402D1CEBD454FDD4AA6C5AB91BEC4A1B3BC81537045A5BBD5C0A1EDD59CE2A41EE
    Malicious:false
    Reputation:unknown
    Preview:7zxa.dll Librer.a de descompresi.n 7z..Default.SFX M.dulo de autoextracci.n gr.fico para Windows de 32 bits..Default64.SFX M.dulo de autoextracci.n gr.fico para Windows de 64 bits..Descript.ion Descripci.n de los ficheros..Licencia.rtf Licencia de uso y distribuci.n..Novedades.txt Novedades de esta versi.n..Order.htm Informaci.n de registro..Rar.exe Consola RAR..rar.lng Traducci.n para RAR..Rar.txt Manual de la consola de RAR..RarLng.dll Recursos de idiomas..RarExt.dll Integraci.n WinRAR con el Explorador de Windows..RarExt.lng Traducci.n para RarExt.dll..RarExt32.dll Integraci.n WinRAR con el Explorador de Windows de 32 bits..RarExt64.dll Integraci.n WinRAR con el Explorador de Windows de 64 bits..RarExtInstaller.exe Utilidad para instalar y desinstalar la integraci.n WinRAR con el Explorador de Windows..RarExtLogo.altform-unplated_targets
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):1508
    Entropy (8bit):4.6833473045753715
    Encrypted:false
    SSDEEP:
    MD5:9CA7B51C043AE285F06F779B24138837
    SHA1:E7D277B26316D50175B5CE17AC1176956A2B349D
    SHA-256:D1A22A76FC4AC0072E4F3D72A9F5D6CB91F62DF817806E37CE3C70EC6E8E137F
    SHA-512:86757C14BB74D90B65BF473A4E72F7685E338E4B9523E1B6FC15839C6449DB5AE22F0C4430BDA95917A768855C7D4FED05144E7FACF536B5D0859B5574EF5E1F
    Malicious:false
    Reputation:unknown
    Preview: Este archivo contiene el gestor multifunctional de archivos WinRAR.... Caracter.sticas de WinRAR:.... * WinRAR introduce un algoritmo original de compresi.n. Proporciona.. mayores relaciones de compresi.n que otras herramientas de compresi.n.. para PCs, especialmente en ficheros ejecutables, bibliotecas de.. objetos, grandes archivos de texto, etc..... * Internamente, el formato RAR no limita el tama.o de ficheros y.. archivos ni el n.mero de ficheros dentro del archivo. Estos valores.. solo estan limitados por el sistema operativo y la mem.ria disponible..... * WinRAR proporciona soporte completo de archivos RAR y ZIP 2.0 y puede.. descomprimir archivos 7Z, ARJ, BZ2, CAB, GZ, ISO, JAR, LZ, LZH, TAR, UUE,.. XZ, Z y ZST..... * WinRAR ofrece una interfaz cl.sica de Windows, gr.fica e interactiva,.. y una interfaz en l.nea de comandos. .... * WinRAR proporciona funcionalidad para crear un archivo 's.lido', que.. puede aumentar el grado de compresi.n de un 10% - 50% e
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):8010
    Entropy (8bit):4.347397557077913
    Encrypted:false
    SSDEEP:
    MD5:B6B0EBF5C6109A761C78B32B2416BBC7
    SHA1:6DF90AEF7DF704548D8DF0E37060462DF9EA99FD
    SHA-256:2BB5EAB31A0ADDF68DF63026161470B524E4C36F6D38E015C128139112194456
    SHA-512:774B1DDC5965885DF5FCB1D3E35970E8C9DCC6A2D9A6B06FB96BD599E186D2B85905228A3F14F96B5607CE2A17AAAE5366AFC5673DEEA2BAE2DF1FB570DB5EF6
    Malicious:false
    Reputation:unknown
    Preview:ACUERDO DE LICENCIA DE USUARIO FINAL....El siguiente acuerdo de licencia es una traducci.n del acuerdo original,..escrito en ingl.s en incluido en la versi.n inglesa de WinRAR. En caso de errores..o ambig.edades en la traducci.n prevalecer.n siempre los t.rminos originales de..la versi.n inglesa.....El siguiente acuerdo acerca de el compresor RAR (y su versi.n para Windows - WinRAR)..- en adelante el "programa" - se establece entre win.rar GmbH - en adelante..el "licenciador" - y cualquiera que instale, acceda o de alguna otra forma use..el programa - en adelante el "usuario".....1. El autor y propietario de los derechos de copia del programa es Alexander.. L. Roshal. El licenciador y como tal el emisor de la licencia y titular de los.. derechos de uso a nivel mundial, incluyendo los derechos de reproducir,.. distribuir y hacer que el programa este disponible al p.blico en cualquier forma.. es win.rar GmbH, Marienstr. 12, 10117 Berl.n, Alemania... ....2. El programa se
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):257600
    Entropy (8bit):3.2272597745628584
    Encrypted:false
    SSDEEP:
    MD5:62EE9AD906F2478B3E39F7DBAD6777FA
    SHA1:C118B5F3FAD345ED1A54D7B1B34F14F5B2C289AE
    SHA-256:390889E0BFE986016A11265BA60C1BFF567A30883AD395A25A6857C607D48638
    SHA-512:8059485D6C18F6F9405632E419254284FD072F42572F7D4546851015CFC2C63F537075FAA86291F91999E58AB9BBC9574A2BEA199FFE3BBD6F0814F789BD4DFA
    Malicious:false
    Reputation:unknown
    Preview:...... . . . . . . . . . . . . . . . . . . . .W.i.n.R.A.R. .-. .N.o.v.e.d.a.d.e.s. .d.e. .l.a. ...l.t.i.m.a. .v.e.r.s.i...n......... . . .V.e.r.s.i...n. .6...2.4......... . . .1... .F.a.l.l.o.s. .a.r.r.e.g.l.a.d.o.s.:......... . . . . . .a.). .L.a. .o.r.d.e.n. .d.e. .e.x.t.r.a.c.c.i...n. .e.n. .W.i.n.R.A.R. .y. .U.n.R.A.R...d.l.l. .d.e.s.r.e.f.e.r.e.n.c.i.a.b.a.n..... . . . . . . . . .u.n. .p.u.n.t.e.r.o. .n.u.l.o. .y. .f.a.l.l.a.b.a.n. .a.l. .p.r.o.c.e.s.a.r. .n.o.m.b.r.e.s. .d.e. .a.r.c.h.i.v.o. .d.e..... . . . . . . . . .l.o.n.g.i.t.u.d. .c.e.r.o. .e.n. .l.o.s. .m.e.t.a.d.a.t.o.s. .a.l.m.a.c.e.n.a.d.o.s. .c.o.n. .e.l. .m.o.d.i.f.i.c.a.d.o.r..... . . . . . . . . .-.a.m........... . . . . . . . . .D.a.m.o.s. .l.a.s. .g.r.a.c.i.a.s. .a. .R.a.d.o.s.l.a.w. .M.a.d.e.j. .d.e. .C.h.e.c.k. .P.o.i.n.t. .s.o.f.t.w.a.r.e..... . . . . . . . . .p.o.r. .r.e.p.o.r.t.a.r. .e.s.t.e. .p.r.o.b.l.e.m.a........... . . . . . .b.). .a. .o.r.d.e.n. .d.e. .e.x.t.r.a.c.c.i...n. .e.n. .W.i.n.R.A.R. .y. .U.n.R.
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:HTML document, ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):6364
    Entropy (8bit):5.265442524740879
    Encrypted:false
    SSDEEP:
    MD5:C72CD50B92DBA793311C112A6EB7131A
    SHA1:BF87D33B2812923402983E34BE3F43B74DC8C71A
    SHA-256:52AE66630ACFF51123391601F7B1A8AAEA54EA969F54AA7B9F3A8B58141559B2
    SHA-512:0979AF125AA44F9B61DC53A160714AF797BFFFCF7FB89ED89F272A12F41D6BF73F55E6516EB925517E7F459EB8A84071D5B77E3A41B6F927C11CFD867A1753B9
    Malicious:false
    Reputation:unknown
    Preview:<html>..<head>..<meta http-equiv=Content-Type content="text/html; charset=windows-1252">..<script type="text/javascript">.. ..function px(addr)..{.. for (I=0;I<addr.length;I++).. if (addr.charAt(I)=='z' && I+1<addr.length && addr.charAt(I+1)=='y').. I++.. else.. document.write(addr.charAt(I));..}....function mx(addr,text)..{.. document.write("<a href=\"mailto:");.. px(addr);.. document.write("\">");.. px(text);.. document.write("<\a>");..}..//-->..</script>..<style>..#content {..max-width:500px;..font-size:14px;..font-family: "Arial",serif;..margin:auto;..}....h4 {..color: rgb(36, 63, 136);..font-size: 24px;..font-weight: bold;..margin-top: 15px;..margin-bottom: 20px;..line-height: 25px;..text-align:center;..}.....button {..text-decoration:none;..font-size:1.1em;..line-height:16px;..padding:2px 12px;..width:auto;..margin:5px;..cursor:pointer;..border:1px solid #bbb;..white-space:nowrap;..color:#464646;..-moz-border-radius:5px;..-khtml-border-radius:5px;..-webki
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):637080
    Entropy (8bit):6.421070571935265
    Encrypted:false
    SSDEEP:
    MD5:F7C0C38BDF23992FC92CA8A55AFA28F2
    SHA1:E3AEF33B09BEA58A37F0F9A25F6AC055CB4293DD
    SHA-256:A9CEC009503D067F241B5EDDAEA4E42C38EDCB0B57C1B46E946C5281B7F1EA21
    SHA-512:2A7ECFA14EE8D3CC83B07A7F89185F1ACD082622DC859C550B694A4A587ABE37E2FE5006111CCB474CFB1B205F4744D2FB4235545F23131C3FD9DFB327490160
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............|...|...|..Q....|..Q...f|..Q....|....b..|..e....|..e....|..e....|..e....|....v..|...|..^|..k...|..k....|..k....|..Rich.|..................PE..d......e.........."....!."...,.................@....................................*^....`.................................................L...........P........F.......(.......... '..T....................'..(....%..@............@...............................text...N .......".................. ..`.rdata..X\...@...^...&..............@..@.data...l........4..................@....pdata...F.......H..................@..@_RDATA..\...........................@..@.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):254414
    Entropy (8bit):3.1266787368450033
    Encrypted:false
    SSDEEP:
    MD5:56956DF4B1B4C4E860133674929993EC
    SHA1:587E6AD93AAAC4E98AF4CA3CAB8A7982484FC526
    SHA-256:87FAC26160F3A1ACE1C560F6E706E03B6868BE62F88B09AD98E5AA0B1DBC8A1B
    SHA-512:15643ED67C9C21D9E481C0862413A555BC0E00FDC4A46B63ED6462B30D9455B6AB17873718772A682F38BBEFD0B32B148E2364838F464402DFC363A5E00FCE23
    Malicious:false
    Reputation:unknown
    Preview:.......... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .M.a.n.u.a.l. .d.e. .U.s.u.a.r.i.o..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . .R.A.R. .6...2.1. .v.e.r.s.i...n. .c.o.n.s.o.l.a..... . . . . . . . . . . . . . . . . . . . . . . . . . . . . .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......... . . . . . . . . . . . . . . . . . . . . . . . . . . .=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=..... . . . . . . . . . . . . . . . . . . . . . . . . . . ...B.i.e.n.v.e.n.i.d.o. .a.l. .c.o.m.p.r.e.s.o.r. .R.A.R.!..... . . . . . . . . . . . . . . . . . . . . . . . . . . .-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-.=.-............. .I.n.t.r.o.d.u.c.c.i...n..... .~.~.~.~.~.~.~.~.~.~.~.~......... . .R.A.R. .e.s. .u.n.a. .a.p.l.i.c.a.c.i...n. .p.a.r.a. .c.o.n.s.o.l.a. .q.u.e. .p.e.r.m.i.t.e. .m.a.n.e.j.a.r. .a.r.c.h.i.v.o.s. .c.o.m.p.r.
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):673944
    Entropy (8bit):6.704036103517576
    Encrypted:false
    SSDEEP:
    MD5:D0F4632BE7031CC372FFDD2D9063FFB2
    SHA1:B99F58AE5B6D169BE95785A9A25EF27582E194C9
    SHA-256:5F21FD414A3767DF77F31BE26352FC2FE63ADBFFC75EE48AE4ADE06DEEF07B50
    SHA-512:C620CEEE308DAF1CDD83568529042F17929DD4AA29D3D092B63FCD7B4751FF912247E68DE2788C7D225A69F3D2C1DBFACDBA2841C85A11308A029612E38C5595
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..X...X...X..b*.(X..1#...X..1#.X..1#.X..1#.X..b*.X..b*.X..b*.X..b*.X...X.Y..?#.X..?#...X..?#...X...Xw..X..?#.X..Rich.X..........PE..d......e.........." ...!.....r......`........................................@............`A............................................l...............@....0...L... ...(...0......0...T.......................(.......@............... ............................text............................... ..`.rdata...h.......j..................@..@.data........ ......................@....pdata...L...0...N...&..............@..@_RDATA..\............t..............@..@.rsrc...@............v..............@..@.reloc.......0......................@..B................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):579224
    Entropy (8bit):6.910041114600072
    Encrypted:false
    SSDEEP:
    MD5:8510BEA1DC5A2245A72DFE5ECD20CDA6
    SHA1:2A8446BDD4692096361E59F050D2F45BDA089D88
    SHA-256:53322BE2FDF24B09DE1070A2713855EA3D01BBC895C6D24A2991D1E2139CA585
    SHA-512:10252788BFC7D9FD8E93CEBCCFD9019897F6D1A897D1BBF6E26C38EF6A98917FFE2D6F2E3D9E6DF6571CA49F749B86EDC58014CE77CE564C94FD9E85A8C785CE
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......F....ji..ji..ji...j..ji...l.ji.....ji..m..ji..j..ji..l.-ji...m..ji...o..ji...h..ji..jh..ji..l.=ji..i..ji.....ji..j...ji..k..ji.Rich.ji.................PE..L......e...........!...!.............T....................................................@A........................p...l..............@................(...p..X1......T..............................@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...@...........................@..@.reloc..X1...p...2...|..............@..B........................................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):183448
    Entropy (8bit):6.248930646075255
    Encrypted:false
    SSDEEP:
    MD5:1E1CAC0725CF47E62EA96669EAC678FC
    SHA1:BBCE70AA9D4177E637C41673FFF97C77E932D672
    SHA-256:48B44BD3342A68ECBBD40A485930A22E02FDF157B2939EE346C2B123F6D5E99C
    SHA-512:9A0F544349A0DC6C4E1335D6EC5D84D29904330C3F93C3D88F3D1DADDD6499851E624532B5D3D7719E42E16267371A3CD820EB18EFCDC27A3312CA5E3646B614
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.....P...P...P.f.Q...P.f.Q...P.f.QC..PIv.Q...PIv.Q...PIv.Q...P.uEP...P.f.Q...P...P...PGv.Q...PGv)P...P..AP...PGv.Q...PRich...P........................PE..d......e.........."....!.....$.......w.........@...................................._.....`..................................................e..................`........(......,...p7..p...........................06..@............................................text...`........................... ..`.rdata..............................@..@.data...P*...p.......d..............@....pdata..`............|..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):2183
    Entropy (8bit):7.892242389507994
    Encrypted:false
    SSDEEP:
    MD5:85EE643E6B0837849E300B11395422C4
    SHA1:4634019350AD8DD59FD6C99B4AABEA99CDF06BDD
    SHA-256:8D42F3961E0E381EE32D3E1E144BFBB59294D43A9965E895FC75B8827ACD98E6
    SHA-512:C744A6B2D64121A7AA279CD197790512C9B97264E70D7399BE992FC6F53BAE31B7143ED299B1A47E5DB1AD9BB82D982AE0988CDDF5E4E52814C5A3EADD107D95
    Malicious:false
    Reputation:unknown
    Preview:.PNG........IHDR... ... .....szz....NIDATX..Y..U..?g...2...m....i...4.....`.q..../jLT....#...E....1.<H.F.D.........e...s....v...p......y......]~.w.=^J~.._S...y.?7z..|.x.*...(epY.H...{.N....,[.G...R...*5....Lv.g.(..#.<...C......\.l...~.^/e....2.>0.4......0q5...,.K%.Z.........wZ....O.. ].BX.:.8...L..$.U./.d.+.a..........[.A.A..R.@=.F.....7......4.K.o...g.K`..V-......%0?...6s......g..$t.N.^\"..}....2*......&.C.l...`....p.. /...~.;y.,.B.d...J.[G...7r..:{..J..2....k%o..d..NZ......,.K.%P.PR0.+Y.[.;.^..ePz..96.o..Lh.-..aW.h..YH...t...NC.P.z.Zyg.G..._.G.1...j(.....ix.........3.g..K2..b2ow.1)'.\>.}..0[&k....y.p~>..p...2P1..X....9s...i{MUi.f..XNHy..j.....I=.^............2............}.d.. 3....j..J..T..Qh...V..F.r0.j...<.DcyC~Q.7^7..C.Le. t..Z....\c.Zc#...].F@.....w.0.kl.U.......+..(..J.j.@D.J.%.+.b(..yQR...Aj.J..U9<..S.c.Ch....7$.".s..6..k....]6v.2.{w......5x...Y....e..yT..=.M..?..V.-uXB.....[v36v..Z...Jk.V.R......iM.y.,g.....;>...f......o....OC.c.j<..(
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):4179
    Entropy (8bit):7.941638225376268
    Encrypted:false
    SSDEEP:
    MD5:EC177CBE676473543E8C9B5D9FB0B797
    SHA1:0D1BB7649D090831D2AB1F2FB44F580E0D4004D3
    SHA-256:5E3C8BBCD81CD0C08819EDCBE04772DBD157F79373A0171B7BD914CF7A2CDEF9
    SHA-512:925A86B5BE1C9FE91CC587B71A3E0D2FBF8EDDEF06093A8356BFFA955B63C296A041729DB38A9538DFC811B723E0ACA4B7A183AB0E9D12D0A302D1239DB12374
    Malicious:false
    Reputation:unknown
    Preview:.PNG........IHDR...0...0.....W.......IDATh..K.f.u..k.}...~..zWwU..v.6....+(....l).@+J.(AH.d..+(R..D...2.H.D....!A..A@..+...v...U....{o..=.c.V..[..KL...Ogp......_...o.o.oi...-....0...5'D....K.q..{A.......y................/P.~...* . .....O.T.....,..'...G..a.....Sd~.a...O.={..&{%E..............;...(..;..|.\.Sp.5..._....}.[..>.+....C...p...&G.c.mX.7..O.'.5....]..*....b.e...;...~...v.....h...-G.PRxG.. ...1.......fq#.Z.D...=6..o~.....~.{..?..#....2u......ABg.?.c..z....B.K.`6......5.}k...1.o...../*6RR.. ........CM.#:m^...@l`}.&6.....?3....5..o....t...W.....6_3?\a(.....|..>...7x..ekLL...9.].....O...#..+7.>~,prp..#.O8..;.....f...0..)..s.oX.#.~....[.O..M&.....:.Y<Xs...|..........T#.PO1W...........'H...9....h..r.-Yh...D....1|....h,..H.[.....rxx..L{.C.Q.W....q......?..s.X..Da...I<^@..|.|.B....:.,N..8.7<..Q........C...2..R..b.M{L...&Xg.&.{$...4.H=...|........).&G.."lS.E`[..(.g..$.i8.N79..R.a.9>.;.b.Y..z".....I.V.G.......X.d....h.{4e....p...(
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):6234
    Entropy (8bit):7.9623011066892895
    Encrypted:false
    SSDEEP:
    MD5:248FA2B659874A14B43B5E0E17AC1CFF
    SHA1:B6B0671E015104EE7F4BAC4E6ABF961EC55FDB12
    SHA-256:ED99246EBC6FAD80103F1E887DD8388F67EB509FCBBA187AAA13556B8D884AB2
    SHA-512:1A8E9F0C13D565CDAE77CC17942792E33861F056F73422EB2DF79FBA5DC241A37106C0BF7173F9BA83F517E2016E9D3B8E117DF2BD2D5972155781DBF147F90A
    Malicious:false
    Reputation:unknown
    Preview:.PNG........IHDR...@...@......iq....!IDATx..Y.^...k.}.7....5:UI%.......M..4$.R.@..~@B.7@<.3.... .H./-!.....A.PBe.RT..*..l.....^..}.]e...<um....g..............._..V7~...z.+.......H.4.. ..D.04.1'............../.......KW@.h....`. L....F.6.........6`.!.5c.g.6..B..F.s!..........W.....vu...........'......./.."ORx.=....- ....n.....=].....pn.....0S.*1.......}`I.Y.Z..m.4...O....h..3......p...l..t[...SB......N.@1..3..u...q.".J .y.....s..?d.)9;..G.a..G....K.49r...=...i2......Pq..6..o1............N....4aZy....G.v...[.j.8T.......?.*...=N*B.T._.h|...l.l6.L7.......}...^~./..e~.@#Ml8z...W......[|..|.q...>.Z.7.6=......W.........#..c.....h&..j...)..4..m..0..r..}.z.f..b.4.....i..^.G.;...}>B...eH...h..v....Z...Oq.._..~.f.F.M.l.dH....=......W..{..>....Y..cz.i4#=..G.G............y:.Y.G.....A.. ........'..t......._.....?z..j..'w=.<).........%.7x...X~.......h]d..S."a.X....... ..%b.C...6.3..~.2...5.U..Q..#.dSz..5...._."....-6.._9...L.<i....g....zLo..\.;.
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Zip archive data, at least v4.5 to extract, compression method=store
    Category:dropped
    Size (bytes):24446
    Entropy (8bit):7.9269123477824674
    Encrypted:false
    SSDEEP:
    MD5:9301F2AD24DAA60404407053635CB2AD
    SHA1:A2DF6E5AF472DEC9594D32B9595FEEB4C48C1C44
    SHA-256:10A9E66B22922211668C9D9BE62E309E824CA72114BE9E0D090C15BA297CA787
    SHA-512:14DDF7C2CB464A9E5156B023EFAAF428B264606CD6CF01EAF96EA0F0C192DE7C7B3960C66EF67C2FED90D8A4764A0673E720FEFA0300F225653F9B1FE4F6D1C2
    Malicious:false
    Reputation:unknown
    Preview:PK..-.....[fCW................StoreLogo.png.PNG........IHDR...2...2......?......sRGB.........gAMA......a.....pHYs..........o.d...WIDAThC.... .......)...I.k?.5?.n?.H...#5Fj....1Rc..H...#5Fj....1Rc..H...#5Fj....1Rc.e..<..`........IEND.B`.PK..@.k.................PK..-.....[fCW................Square150x150Logo.png.PNG........IHDR.............<.q.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....0..........o.......e..V....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H....H......|"A.(.2.....IEND.B`.PK..^bO.................PK..-.....[fCW............-...RarExtLogo.altform-unplated_targetsize-48.png.PNG........IHDR...0...0.....W.......IDATh..K.f.u..k.}...~..zWwU..v.6....+
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:ISO-8859 text, with CRLF line terminators
    Category:dropped
    Size (bytes):1303
    Entropy (8bit):4.69509018402685
    Encrypted:false
    SSDEEP:
    MD5:B3296A0EDE53B685D483D25872E9284F
    SHA1:4059C8E33B3F05D1D6353CDA086188027608310C
    SHA-256:E100FE30226FC21A3DAC203F57333A2386A5E77492705C4DD30BFB300A67D846
    SHA-512:BAE4CD4451D352CA4F1680DAF21A1EC98A3E3432B1B098F0AA10B76ECFDB1BFBA5A43E5763BD2DF80CB0BD8D583B04C7BE9A0E095825705C944CEA4C5691DFF4
    Malicious:false
    Reputation:unknown
    Preview:; Listado de orden para compresi.n s.lida..;..; Aqui puede modificar la lista que usa RAR para ordenar los ficheros..; a un archivo s.lido...;..; Esta lista puede contener nombres de ficheros, comodines o una entrada ..; especial, $default, que define la posici.n de los ficheros no definidos..; en la lista. Las lineas que empiezan con el simbolo del punto y coma ';'..; se consideran comentarios y no son procesadas...;..; Este fichero debe estar en la misma carpeta que RAR.EXE...;..; Consejos para aumentar la compresi.n y su velocidad:..;..; - los ficheros que contengan tipos similares de informaci.n deben agruparse..; en el archivo siempre que sea posible;..; - los ficheros a los que se accede mas frequentemente deben especificarse..; al principio de la lista...;..file_id.diz..descript.ion..read.*..readme.*..*.nfo..*.doc..*.txt..*.htm..*.html..*.shtml..*.css..*.xsl..*.xml..*.js..*.php..*.lst..*.log..*.ini..*.bat..*.cmd..*.h..*.hpp..*.c..*.cpp..*.java..*.asm..*.bas..*.bak..*.cue..*.
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:data
    Category:dropped
    Size (bytes):1640
    Entropy (8bit):3.946312688270784
    Encrypted:false
    SSDEEP:
    MD5:43CB15C1F1CC705305AEBA33B0A9EE73
    SHA1:52B4CBF1C3ED4494837F54EAFA3E7294BA8E5485
    SHA-256:A7BB097441D9F06DD7A8D08874D70E7495626760C05284CA1AE3A208C11B52F0
    SHA-512:179DDA1518AEC276AE01BD7966272BBD545072077B34FB07396EC47C5B11ADBDDD00AB385D4EE2131A3C1C5265857434A51BE4F33AC7CCD8C4E4B4DFDA8D9C6F
    Malicious:false
    Reputation:unknown
    Preview:mrm_pri2....h... ... ...........[mrm_decn_info].................[mrm_pridescex].............P...[mrm_hschemaex] ........@...x...[mrm_res_map2_].................[mrm_dataitem] .................[mrm_dataitem] .............h...[mrm_dataitem] .........h...h...[mrm_dataitem] .............h...[mrm_decn_info]...................................................................,.......d.......,.......,.......................................................................................3.2...U.N.P.L.A.T.E.D...4.8...6.4.............[mrm_pridescex].........P...................................................P...[mrm_hschemaex] ........x...............[def_hnamesx] .........Z..z........m.s.-.a.p.p.x.:././.R.a.r.E.x.t.I.n.s.t.a.l.l.e.r./...R.a.r.E.x.t.I.n.s.t.a.l.l.e.r.............................K...................F..0........A.. ........R.. ........S.. '.......S.. =............................Files.AppxManifest.xml.RarExtLogo.png.Square150x150Logo.png.StoreLogo.png..........x...[mrm_res_map2_].
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):432280
    Entropy (8bit):6.360361576765069
    Encrypted:false
    SSDEEP:
    MD5:1EE4846CCA962F50C85AE93AF0376BD1
    SHA1:4B18A97F070FEA94AC896C98B669ADAB23E07BF2
    SHA-256:90C2B2107A22EA8EB3593A155C4C0007B18B1BA552BF65F963C040038DA248BE
    SHA-512:9CB39FD0F55E0B2BF436E6811AC019490596E1B73710CACFA5B024973D68C925BBE408D833EB86ED4F2B0064F158CC754C29E7371CE1470B091B6FBFCB7D6A2F
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x.y.+.y.+.y.+ ._+.y.+ .]+.y.+ .\+.y.+..)+.y.+..S+.y.+...*.y.+...*.y.+...*.y.+..=+.y.+.y.+%y.+...*.y.+..Q+.y.+...*.y.+Rich.y.+........................PE..d......e.........."....!.Z...z.................@............................. ...........`............................................................P....@.../...p...(......,...pA..T....................B..(...0@..@............p...............................text....Y.......Z.................. ..`.rdata..&#...p...$...^..............@..@.data...............................@....pdata.../...@...0..................@..@_RDATA..\....p......................@..@.rsrc...P...........................@..@.reloc..,............d..............@..B................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):439448
    Entropy (8bit):7.062903866815427
    Encrypted:false
    SSDEEP:
    MD5:62C61B5BC915F81C8038AA83ED1A3B01
    SHA1:D6E611C6BBC3F878E551D12C876B597CB88C2DBC
    SHA-256:A4ED7C4C337C1068CFC4298B8C5E166A66A6F6697352B1F3DF0B9C9B1428F353
    SHA-512:919B4294152403A3BE25127FB078A26E540BA5335454E29F865340FB6121C18078E0D1ACB5F5D2DEB8B8375932EB7D27F472060595020A258AE9639479FBFE53
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 4%
    • Antivirus: Virustotal, Detection: 3%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I...'...'...'./.".\.'.|....'.|.#...'.|.$...'.|."...'./.$...'./.#...'./.!...'./.&...'...&...'.r."...'.r....'.r.%...'.Rich..'.................PE..d......e.........."....!.x..........P..........@....................................j.....`..................................................s...............P..L .......(...p..8....H..T...........................@G..@...............p............................text....w.......x.................. ..`.rdata..|............|..............@..@.data...............r..............@....pdata..L ...P..."..................@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..8....p......................@..B........................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):517
    Entropy (8bit):4.742104665724198
    Encrypted:false
    SSDEEP:
    MD5:51BF38B67B040A3CC0B4A3330C83707A
    SHA1:DED49ED27C1FAAE5044B70FFEE1377B302B78B02
    SHA-256:DD4D74643EA0C5D37E9BF54A4156872183D3414507DC1DF8BAF2A7040F402287
    SHA-512:47D0992430D8FD535AAD8C4E6EC32100670753CF2352FB7617B4CB536BA0DA2A87E510D6C1D6870F2C57E917849753C32ACA54C81F56C1BA848DC4B53369AC7F
    Malicious:false
    Reputation:unknown
    Preview:7zxa.dll..Default.SFX..Descript.ion..License.txt..Order.htm..Rar.exe..Rar.txt..RarExt.dll..RarExt64.dll..RarFiles.lst..ReadMe.txt..UNACEV2.DLL..Uninstall.exe..Uninstall.lst..UnRAR.exe..WhatsNew.txt..WinCon.SFX..WinRAR.chm..WinRAR.exe..Zip.SFX..winrar.chw..rarlng.dll..rarnew.dat..zipnew.dat..rar.lng..rarext.lng..setup.lng..sfx.lng..uninstall.lng..winrar.lng..Default64.SFX..Zip64.SFX..WinCon64.SFX..RarExt32.dll..ace32loader.exe..Leame.txt..Licencia.rtf..Novedades.txt..rar.lng..rarext.lng..uninstall.lng..winrar.lng
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32 executable (console) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):301568
    Entropy (8bit):6.430483769182205
    Encrypted:false
    SSDEEP:
    MD5:D27A3D83167276DA2847EC3D385446F7
    SHA1:5A9FF6BAF46543C8414E0A387DABD1085BAC6A3A
    SHA-256:36B6A07833FE16E701C68A6775B711707D962C9057646D7181E762633B07EB9C
    SHA-512:E72EE0B8E4B40310BF6B9475A889547DF4CC4C43FE1CFBD3DBF8E62600EE7B12AF725818EF4C45E4099694F35126851003F3D9756EC7FA3091C83551372D1489
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 3%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................'......%.5.....$.....U....2.+....2......2......2.......E...........<......<......<.)....<......Rich............PE..L......e...............!.....................0....@..........................@............@.........................0...4...d...P.......P........................ ......T...........................Xd..@............0......t...`....................text...\........................... ..`.rdata..,....0......................@..@.data....|....... ..................@....didat..8....p......................@....rsrc...P...........................@..@.reloc... ......."...x..............@..B................................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (console) x86-64, for MS Windows
    Category:dropped
    Size (bytes):414636
    Entropy (8bit):5.962162950782582
    Encrypted:false
    SSDEEP:
    MD5:6B655367059FABD163E17B27C70B7F41
    SHA1:18722303FFE4DC5575D474DCF6552CA77BBFFAD9
    SHA-256:0DB9A4DC15F9A1504E581426FF11956079F0FB58D2F1D7714C260A15925400F0
    SHA-512:166B9F4C97FE6E38F6F7E1A3C9DE427F9CA933D28142F402CD27C9FBF439C35D32D04EB1A9C40572CD112BA9F0AF07D65C21128413B3D4677E09E4623224A128
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.d$6d.w6d.w6d.w...w>d.w...w.d.w...w;d.w?..w7d.w...w4d.w...v$d.w...v?d.w...v.d.w?..w1d.w6d.w.d.w...v.d.w...v7d.w...w7d.w...v7d.wRich6d.w........PE..d......e.........."....!.n...\.......-.........@............................. ............`.............................................4......P.......P....0...)..............8...PK..T...........................p...@...............0...d...`....................text....l.......n.................. ..`.rdata...............r..............@..@.data............(..................@....pdata...)...0...*..................@..@.didat..p....`......................@..._RDATA..\....p......................@..@.rsrc...P...........................@..@.reloc..8............\..............@..B................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):2564760
    Entropy (8bit):6.893038645020555
    Encrypted:false
    SSDEEP:
    MD5:437C59059419449FF4D7CC13E76F37D6
    SHA1:4C9ECCDE7F86FF9ECDD2C87DEE253ED449720CDC
    SHA-256:D6EB9206A59E2E128898337B3CD9BC6AC46CBAC166005C4B22A462A33892612C
    SHA-512:F9030F70CE5B4D478998335D89E0F38B14385D0A60BD8424F33279D043D45216655B19CCF3E691C65A82895D6478DC8F0F82A0777FD6E4B1D825DAC4157BA987
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 0%, Browse
    Reputation:unknown
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..Ku...u...u..............r.......f.......}.......1...............c.......t.......n...u...y...u...s..............t.......t...Richu...................PE..d......e.........."....!......................@..............................1.....H.'...`..................................................`........#.d.....".......&..(....1.l....6..T....................7..(... ...@...............h...h[..@....................text............................... ..`.rdata..T...........................@..@.data....\...........|..............@....pdata........"......8..............@..@.didat........#.....................@..._RDATA..\.....#.....................@..@.rsrc.........#.....................@..@.reloc..l.....1.......&.............@..B........................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):298800
    Entropy (8bit):6.626240747914647
    Encrypted:false
    SSDEEP:
    MD5:852008BA7B250215327B0182D72E3F83
    SHA1:F2B3D492D0F4759BC1FF02DF18DEBE5F89F313AB
    SHA-256:8DD5C828BEC103FB1459B95B7982B3526D3CA6E465658E8D5514A99C1BCB2664
    SHA-512:0D5CEAE3030DFABDF3DE53D7423179D224C03517D76F8756D0D8F2D11BD6D0E28CEE1E60890F80439120CE4133CB9FA28E3875C61620AF0D57D569A48CE95D92
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 0%
    • Antivirus: Virustotal, Detection: 5%, Browse
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......#.=lgwS?gwS?gwS?..?jwS?..?.wS?..?.wS?...?ewS?..W>twS?..P>qwS?..V>UwS?n..?lwS?n..?`wS?gwR?ovS?..V>AwS?..S>fwS?...?fwS?..Q>fwS?RichgwS?........................PE..L......e...............!............@o............@.......................................@.........................p:..4....:..P...............................p*..@...T...........................@...@...............0....0.......................text............................... ..`.rdata..>...........................@..@.data....\...P.......<..............@....didat..x............L..............@....rsrc................N..............@..@.reloc..p*.......,..................@..B................................................................................................................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:PE32+ executable (GUI) x86-64, for MS Windows
    Category:dropped
    Size (bytes):338224
    Entropy (8bit):6.381822088400954
    Encrypted:false
    SSDEEP:
    MD5:683CFC42AEC48F57D859C9634CB53531
    SHA1:4E82A27B7E28525B0C06C59B0A08FB6A08D884BC
    SHA-256:99368B57D83039E7A13585B59E9459459F951BCFBBBBD35EAABB9BBA31DBAFD4
    SHA-512:0378548C9D4488558592BF83A6403A0FEF1CD8B799E8E3269A031099E66445993CDC54AD873B02EA98E4EC508ED0A5C5D50B3436F4C0265CF5D2D6D89B00A747
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 3%
    • Antivirus: Virustotal, Detection: 3%, Browse
    Reputation:unknown
    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......u..!1jhr1jhr1jhr...r9jhr...r.jhr...r<jhr...r3jhr..ls#jhr..ks8jhr..ms.jhr8..r8jhr8..r3jhr8..r6jhr1jir<khr..ms.jhr..hs0jhr...r0jhr..js0jhrRich1jhr................PE..d......e.........."....!.....|.................@..........................................`.........................................0...4...d...P............P...$..................p...T...............................@...............p............................text...~........................... ..`.rdata..j...........................@..@.data....k..........................@....pdata...$...P...&..................@..@.didat..............................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025
    Category:dropped
    Size (bytes):34991
    Entropy (8bit):4.890953672569193
    Encrypted:false
    SSDEEP:
    MD5:21A8C92819658C242AF1291CF3F06297
    SHA1:4F5B19630B12D769F5E0D9639894ED148A4BE514
    SHA-256:A0170BDDB45F13158A7334DDACFF649C3D02A981A639380CD93548658F687098
    SHA-512:C3CA9D271BD7472DC68A28519186254C5C9BA62BDB642C96469AF5F5EE255B2DE4DE89363913111E27FAF1D471CD597BE68582BDD385CA9E5EC1541CE306B4C6
    Malicious:false
    Reputation:unknown
    Preview:{\rtf1\adeflang1025\ansi\ansicpg1252\uc1\adeff0\deff0\stshfdbch0\stshfloch0\stshfhich0\stshfbi0\deflang3082\deflangfe3082{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;}..{\f2\fmodern\fcharset0\fprq1{\*\panose 02070309020205020404}Courier New;}{\f37\fmodern\fcharset0\fprq1{\*\panose 00000000000000000000}Lucida Console;}{\f38\froman\fcharset238\fprq2 Times New Roman CE;}{\f39\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f41\froman\fcharset161\fprq2 Times New Roman Greek;}{\f42\froman\fcharset162\fprq2 Times New Roman Tur;}{\f43\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f44\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}..{\f45\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f46\froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f48\fswiss\fcharset238\fprq2 Arial CE;}{\f49\fswiss\fcharset204\fprq2 Arial Cyr;}{\f51\fswiss\fcharset161\fprq2 Arial
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):60332
    Entropy (8bit):3.1103324623027704
    Encrypted:false
    SSDEEP:
    MD5:93592AF67AE73000BE0533A571979F9A
    SHA1:5CA00004368A75A68CCCB4E8E9BC3AD1BA6F32C5
    SHA-256:C79ECE4D23C022178543437EE2E74B7369E9C3CC27CEFCFDFB0875D91F0EF547
    SHA-512:465423270D246B298AD386F5408A0726D49C1F631678163C743F0112BEE1DEE73CC019C0C678E511E73274F5C5A5C7819E0D58E4743896FCA065F4C677C46B2F
    Malicious:false
    Reputation:unknown
    Preview:..*.*.*.m.e.s.s.a.g.e.s.*.*.*.........:.S.T.R.I.N.G.S.........;. .T.h.e.s.e. .a.r.e. .s.t.r.i.n.g.s. .f.o.r. .p.r.o.m.p.t.s. .p.r.o.p.o.s.i.n.g. .u.s.e.r.s. .t.o. .c.h.o.o.s.e. .f.r.o.m. .s.e.v.e.r.a.l.....;. .o.p.t.i.o.n.s. .d.e.f.i.n.e.d. .b.y. .w.o.r.d.s... .E.v.e.r.y. .s.u.c.h. .w.o.r.d. .i.s. .s.t.a.r.t.e.d. .f.r.o.m. ._.......;. .I.n. .e.v.e.r.y. .w.o.r.d. .t.h.e. .f.i.r.s.t. .c.h.a.r.a.c.t.e.r. .n.o.t. .u.s.e.d. .y.e.t. .b.y. .p.r.e.v.i.o.u.s. .w.o.r.d.s.....;. .i.s. .a.s.s.i.g.n.e.d. .a.s. .h.o.t.k.e.y... .I.t. .i.s. .n.e.c.e.s.s.a.r.y. .t.o. .m.a.k.e. .s.u.c.h. .c.h.a.r.a.c.t.e.r.....;. .u.p.p.e.r.c.a.s.e.,. .s.o. .u.s.e.r.s. .w.i.l.l. .k.n.o.w. .w.h.a.t. .t.o. .e.n.t.e.r. .f.o.r. .e.v.e.r.y. .c.h.o.i.c.e.......M.Y.e.s.N.o. . . . . . . . . . . . . . . . . . . . . . . . . ."._.S..._.N.o.".....M.Y.e.s.N.o.A.l.l. . . . . . . . . . . . . . . . . . . . . . ."._.S..._.N.o._.T.o.d.o.".....M.Y.e.s.N.o.A.l.l.Q. . . . . . . . . . . . . . . . . . . . . ."._.S..._.N.o._.T.o.d.o._.n.U.n.c.
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):5996
    Entropy (8bit):3.2239824957715997
    Encrypted:false
    SSDEEP:
    MD5:8E6E811181C1FE78E46D933BFBF7A00D
    SHA1:4364DD473287F4E3A3F8D5534E1E46D998F7B2C5
    SHA-256:8B0EDEDC72E70B688FE1463E55C0B4B1D31BBA7F3834DADA25BD0825C6D2E79C
    SHA-512:44A7C81B8CEAA28AE66F8B90A87C573798EB9B3F6545A0332E1D3E022EB59202E75ED52674168B60978C8940BA611350700B632286D9CB4BBA993BC00416D982
    Malicious:false
    Reputation:unknown
    Preview:..*.*.*.m.e.s.s.a.g.e.s.*.*.*.........:.S.T.R.I.N.G.S.........I.D.S._.E.X.T.R.A.C.T.T.O. . . . . . . . . . . . . . . . . . .".E.x.t.r.a.e.r. .&.f.i.c.h.e.r.o.s.......".....I.D.S._.E.X.T.R.A.C.T. . . . . . . . . . . . . . . . . . . . .".E.&.x.t.r.a.e.r. .e.n. .%.s.".....I.D.S._.E.X.T.R.A.C.T.H.E.R.E. . . . . . . . . . . . . . . . .".E.&.x.t.r.a.e.r. .a.q.u...".....I.D.S._.E.X.T.R.A.C.T.S.E.P.A.R.A.T.E. . . . . . . . . . . . .".E.x.t.r.a.e.r. .c.a.d.a. .a.r.c.h.i.v.o. .e.n. .c.a.r.p.e.t.a.s. .&.s.e.p.a.r.a.d.a.s.".....I.D.S._.E.X.T.R.T.O.H.E.L.P. . . . . . . . . . . . . . . . . .".E.x.t.r.a.e.r. .f.i.c.h.e.r.o.s... .S.e. .p.e.r.m.i.t.e.n. .o.p.c.i.o.n.e.s. .a.d.i.c.i.o.n.a.l.e.s.".....I.D.S._.E.X.T.R.H.E.L.P. . . . . . . . . . . . . . . . . . . .".E.x.t.r.a.e.r. .f.i.c.h.e.r.o.s. .e.n. .l.a. .c.a.r.p.e.t.a. .e.s.p.e.c.i.f.i.c.a.d.a.".....I.D.S._.E.X.T.R.H.E.R.E.H.E.L.P. . . . . . . . . . . . . . . .".E.x.t.r.a.e.r. .f.i.c.h.e.r.o.s. .e.n. .l.a. .c.a.r.p.e.t.a. .a.c.t.u.a.l.".....I.D.S._.
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:RAR archive data, v5
    Category:dropped
    Size (bytes):24
    Entropy (8bit):4.053508854797679
    Encrypted:false
    SSDEEP:
    MD5:C69D0B5902A959577C02E9DCDDA77DE0
    SHA1:6233724F8B3AC18649DC248D1C778E2BCA78A7F2
    SHA-256:4301EC2E9592E7A22262D1C046954545033B73BE322B33A8117D201556C4254B
    SHA-512:2E8945172EF567D4AE84D6317EFCE63502A6D9496CAA48B8DC09CF12D1CEEC3E89D033D6D9FCEEBA82F403107D15341BCDB72B4A6F60BA3E6DF4D2A2CB6E48CD
    Malicious:false
    Reputation:unknown
    Preview:Rar!......_V.....wVQ....
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):14786
    Entropy (8bit):3.35062545034025
    Encrypted:false
    SSDEEP:
    MD5:64915BD350C1F039E8B3DE24CB0921C8
    SHA1:3BC59EB66C6B0C68A20460B7F41695E8503BB667
    SHA-256:150CF78526A7A4275398DEE2C01ABB4BF907E981FFA65ACBEDB03AD3983CFAB9
    SHA-512:D72F2754EBC4932EE1C02CB213683BC088BB35D813303D61082F8BFB76D842E7EF32B05B2ABE1935337BD61BACD15666F970FBAD5C16FE4607A94DD8F12C9855
    Malicious:false
    Reputation:unknown
    Preview:..*.*.*.m.e.s.s.a.g.e.s.*.*.*.........:.S.T.R.I.N.G.S.........I.D.S._.U.N.I.N.S.T.T.I.T.L.E. . . . . . . . . . . . . . . . .".C.o.m.p.r.e.s.o.r. .W.i.n.R.A.R.".....I.D.S._.W.I.N.R.A.R.H.E.L.P. . . . . . . . . . . . . . . . . .".A.y.u.d.a. .W.i.n.R.A.R.".....I.D.S._.R.A.R.H.E.L.P. . . . . . . . . . . . . . . . . . . . .".M.a.n.u.a.l. .R.A.R. .p.a.r.a. .c.o.n.s.o.l.a.".....I.D.S._.W.H.A.T.S.N.E.W. . . . . . . . . . . . . . . . . . . .".Q.u.e. .h.a.y. .d.e. .n.u.e.v.o. .e.n. .l.a. ...l.t.i.m.a. .v.e.r.s.i...n.".....I.D.S._.W.H.A.T.S.N.E.W.N.A.M.E. . . . . . . . . . . . . . . .".N.o.v.e.d.a.d.e.s...t.x.t.".....I.D.S._.U.N.I.N.S.T.A.L.L.R.A.R. . . . . . . . . . . . . . . .".D.e.s.i.n.s.t.a.l.a.r. .W.i.n.R.A.R.".....I.D.S._.U.N.I.N.S.T.A.L.L.C.O.M.P.L.E.T.E.D. . . . . . . . . .".D.e.s.i.n.s.t.a.l.a.c.i...n. .c.o.m.p.l.e.t.a.d.a.".....I.D.S._.U.N.I.N.S.T.A.L.L.S.H.O.U.L.D.D.E.L.E.T.E. . . . . . .".D.e.b.e.r...a. .e.l.i.m.i.n.a.r. .%.s. .m.a.n.u.a.l.m.e.n.t.e.".....I.D.S._.C.O.N.T.I.N.U.E.U.N.
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:MS Windows HtmlHelp Data
    Category:dropped
    Size (bytes):373596
    Entropy (8bit):7.95079033050001
    Encrypted:false
    SSDEEP:
    MD5:6E53FA6CA58CA0CD3B700CCD2DAABA84
    SHA1:960ED9FBF23DD348AAF1D47BAFC3ED82C71A3824
    SHA-256:C6C5FFFDB448EDE4FF0FE3DD42A9C18433E2678356C74A579F16B5AF3F6F79AD
    SHA-512:0986363A2B3D106473B21336E675A0352607695B9E939F9E4463B07622E13FC798CD9D8671256E6234AD474A85BF255BAA9495E9B42CD29D3E539D945658DEFA
    Malicious:false
    Reputation:unknown
    Preview:ITSF....`..........-.......|.{.......".....|.{......."..`...............x.......T@.......@..............\...............ITSP....T...........................................j..].!......."..T...............PMGLL................/..../#IDXHDR...W.../#ITBITS..../#STRINGS...[.r./#SYSTEM..>."./#TOPICS...W.0./#URLSTR..k.p./#URLTBL....d./#WINDOWS.....L./$FIftiMain...4..#./$OBJINST......./$WWAssociativeLinks/..../$WWAssociativeLinks/Property....../$WWKeywordLinks/..../$WWKeywordLinks/BTree...R..L./$WWKeywordLinks/Data.....E./$WWKeywordLinks/Map...c.../$WWKeywordLinks/Property...u ./html/..../html/HELPAcknowledgments.htm...4.E./html/HELPAddShortcut.htm.....|./html/HELPAppData.htm...*.:./html/HELPArcComment.htm...'.O./html/HELPArcEncryption.htm...%.../html/HELPArchiveTypes.htm...5.r./html/HELPArcLocking.htm.....x./html/HELPArcNonRAR.htm...O.../html/HELPArcOptimal.htm...|.S./html/HELPArcPassword.htm...m.|./html/HELPArcRecovery.htm...v.../html/HELPArcRecVolumes.htm...j.2./html/HELPArcSFX.htm......
    Process:C:\Users\user\Desktop\winrar-x64-624es.exe
    File Type:Unicode text, UTF-16, little-endian text, with very long lines (361), with CRLF line terminators
    Category:dropped
    Size (bytes):197178
    Entropy (8bit):3.340673130561587
    Encrypted:false
    SSDEEP:
    MD5:4FD54B8A7A2EBB4D610A3132A20EABE5
    SHA1:BD0E0E810C4C0D7B4A14B516395CCCBA73F74A3D
    SHA-256:B0D8AE38D88DEBB1C649DAFE2AD4A7951E23702CEC2DC3B0B7EB103064AA61CF
    SHA-512:F99449FEA7F7DB01D1302734B83DEE12C57A2125F5A2A7A3FFAB5C1464C636E75C68AE31130544C09AD4521FBC615FA3ABE51591CBCA1F970DAC007CACE3439B
    Malicious:false
    Reputation:unknown
    Preview:..*.*.*.m.e.s.s.a.g.e.s.*.*.*.........:.S.T.R.I.N.G.S.........;. .T.r.a.d.u.c.i.d.o. .p.o.r. .O.n.-.L.i.n.e. .S.e.r.v.i.c.e.s. .2.0.0.0.,. .S...L.......;.....;. .h.t.t.p.s.:././.w.i.n.r.a.r...e.s.........I.D.S._.O.K. . . . . . . . . . . . . . . . . . . . . . . . . .".A.c.e.p.t.a.r.".....I.D.S._.W.A.R.N.I.N.G. . . . . . . . . . . . . . . . . . . . .".A.d.v.e.r.t.e.n.c.i.a.".....I.D.S._.E.R.R.O.R. . . . . . . . . . . . . . . . . . . . . . .".E.r.r.o.r.".....I.D.S._.D.R.I.V.E.N.O.T.A.C.C.E.S.S.I.B.L.E. . . . . . . . . .".N.o. .s.e. .p.u.e.d.e. .a.c.c.e.d.e.r. .a. .l.a. .u.n.i.d.a.d. .%.c.:.".....I.D.S._.P.S.W.N.O.T.M.A.T.C.H. . . . . . . . . . . . . . . . .".L.a.s. .c.o.n.t.r.a.s.e...a.s. .n.o. .c.o.i.n.c.i.d.e.n.".....I.D.S._.F.I.L.E.T.Y.P.E. . . . . . . . . . . . . . . . . . . .".F.i.c.h.e.r.o. .%.s.".....I.D.S._.R.E.G.O.N.L.Y. . . . . . . . . . . . . . . . . . . . .".S.o.l.o. .d.i.s.p.o.n.i.b.l.e. .p.a.r.a. .v.e.r.s.i.o.n.e.s. .r.e.g.i.s.t.r.a.d.a.s.".....I.D.S._.A.R.C.H.I.V.E. . . . .
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:Zip archive data (empty)
    Category:dropped
    Size (bytes):22
    Entropy (8bit):1.0476747992754052
    Encrypted:false
    SSDEEP:
    MD5:76CDB2BAD9582D23C1F6F4D868218D6C
    SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
    SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
    SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
    Malicious:false
    Reputation:unknown
    Preview:PK....................
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:51 2024, atime=Fri Oct 6 03:32:57 2023, length=373596, window=hide
    Category:dropped
    Size (bytes):1094
    Entropy (8bit):4.626743659816053
    Encrypted:false
    SSDEEP:
    MD5:529BE48B1B8418D7EC6691A6AB7CD5B3
    SHA1:445EB14F3D57FCF7D97970B616D5DB02612F1264
    SHA-256:1C65159C7DC383CE2CD68F23D8634A53827286FFB03328CC7ABEA84E7809CB90
    SHA-512:8861C18A63C9FA38A068CD3E6CC39AA96040D934D4E838C754ED6076F608651F63CA995E5919C132CF97A4C03D154C9E2C96DC83BBCAC44F51731655778E0281
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... .. ....z..(W...z..U.=.....\.......................o....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..........................6...W.i.n.R.A.R.....`.2.\...FW.$ winrar.chm..F......tX.UtX.U.....\.....................Ch.w.i.n.r.a.r...c.h.m.......Q...............-.......P...........=.......C:\Program Files\WinRAR\winrar.chm..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.1.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.w.i.n.r.a.r...c.h.m...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:51 2024, atime=Mon Feb 20 07:18:28 2023, length=254414, window=hide
    Category:dropped
    Size (bytes):1075
    Entropy (8bit):4.641060689566104
    Encrypted:false
    SSDEEP:
    MD5:F4036781A91DB967CD8EE1843A87D3AC
    SHA1:E6254A08335FFDE0C26482367ED906ACE24E1F1F
    SHA-256:EDCD348DEC179728169BBD35337BF2C981A3E958717B06F3BC5F7D0BBAB072BA
    SHA-512:CA8E3A80F84023D203DF48AF2C158AA682B2BACE8F778501B37656D5C33DFEEEA6A08B50FE5E70B6FF92201D83C599669AB898D8D6514B10803A5834050ECE3A
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... ...V...z...}...z..G.9..E..........................e....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..........................6...W.i.n.R.A.R.....V.2.....TVOB Rar.txt.@......tX.UtX.U....kY.....................X..R.a.r...t.x.t.......N...............-.......M...........=.......C:\Program Files\WinRAR\Rar.txt..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.......\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.R.a.r...t.x.t...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:51 2024, atime=Fri Oct 6 03:30:06 2023, length=257600, window=hide
    Category:dropped
    Size (bytes):1111
    Entropy (8bit):4.670108894816259
    Encrypted:false
    SSDEEP:
    MD5:0EB179A99D0C8BA2C620F6A3B9003959
    SHA1:E31AED4F2DC059B341077A79802CCC9F0E48A14E
    SHA-256:A75E470022F82754EA1D4B8B03375594CFB0041436D400BE9BD31D04ED3BFB4A
    SHA-512:47AD4328A61F241F1A11316115687DB934B7B90A8C13EF292558C48C57499C55639C9C935D138703C1C5F02BAF6A8BB71EC04CAE520B1357FE712C54FECF62E1
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... .......z...3...z..V.u.....@.......................w....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..........................6...W.i.n.R.A.R.....h.2.@...FW.# NOVEDA~1.TXT..L......tX.UtX.U....wU........................N.o.v.e.d.a.d.e.s...t.x.t.......T...............-.......S...........=.......C:\Program Files\WinRAR\Novedades.txt..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.4.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.N.o.v.e.d.a.d.e.s...t.x.t...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:54 2024, atime=Thu Oct 5 08:30:59 2023, length=2564760, window=hide
    Category:dropped
    Size (bytes):1094
    Entropy (8bit):4.6392764412512175
    Encrypted:false
    SSDEEP:
    MD5:B5789A9901C8B691F4FBB8EE3BD5760E
    SHA1:EE8FB370237816EAC8611ED0924707693EB55D21
    SHA-256:9EC4696C6257AFAC338C9AEA3D561D65138E169F143036B87479F1EEF34EBD27
    SHA-512:459C04259BD325EDBE2CF1E597CBB2BC3ED1468B6F89D4E50480C30B339D448E43BD4E775DED4A1B6385CEE347074B38AC0A7DFE5FB1F0C0E1BC68496A707B5C
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... .......z..?....z....J.n...."'.....................o....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..........................6...W.i.n.R.A.R.....`.2.."'.EW.K WinRAR.exe..F......tX.UtX.U....?\..................../.r.W.i.n.R.A.R...e.x.e.......Q...............-.......P...........=.......C:\Program Files\WinRAR\WinRAR.exe..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.1.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.W.i.n.R.A.R...e.x.e...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):2278
    Entropy (8bit):3.8671326716046424
    Encrypted:false
    SSDEEP:
    MD5:08F020A1A8972E759624C2112B577DB0
    SHA1:4ACF187A0E6649E9DED1F85D5EF05BFAEB368299
    SHA-256:982B9BDC7F0C5397F29DE527E0DD2E50DDAC9F2D407E2527670D8796CC03E612
    SHA-512:DD254AB5320083E73BF751511DDB0EA743AFE4D57BC93F48F4B3208E59A0A0A2904E2521D34A1A08402167294BCCA12CEEBF8CC367678898A0876FE48590ED0D
    Malicious:false
    Reputation:unknown
    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.F.K.i.g.r.t.6.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.y.e.p.7.I.T.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:GIF image data, version 89a, 195 x 53
    Category:modified
    Size (bytes):3848
    Entropy (8bit):7.868713930719913
    Encrypted:false
    SSDEEP:
    MD5:5F412DFD080BCFB0AE5D9E96BD0B4B2B
    SHA1:59EF636C771AF720A07997A88601D3B554AC3EAD
    SHA-256:C36DDB37D737E658C4CCC010AF640A14FA69DEBAD4FF85CCF0606A96BABDF931
    SHA-512:61F841A6F35A1DF483D020742D9C77667E9545B5A6DF15934148C04ED418E55F67E2108710E1FEE17E84A68BC1F68F49A309790DA137509F0E7CB59E09219816
    Malicious:false
    Reputation:unknown
    Preview:GIF89a..5....#.!......]Y[...5Y.....=.......z..?==......wsuXu.%K....Gg.i.....1--...MKK..............@a.gee......E./S....a}....q..+'(.................Po.GEE.........)O.956USS;]..A....{yymkk...\y.m...........De.'#$...a__}...........................9[....GCCLk.311...#I.e..x..-++...........Us....-Q.YWW.........8[.....?....C?A......Ac.kii G.3W......MIJ......,Q.YUW.}...._]]|..C??...yww[w.'M.k..QOOqoo..............=99.......ecckgiKGI....{}qmoeac735-)+)%'......`{.............Ii...........1U.d..t................Sq.XUU=_....q.....................733%!"wuu3//.......igg......-))............C....}{{...)%%...Mm.......SQQ977........._[[......6Y..=....A=?...&K....ieg...c}.s..........IEG*O.WSU}y{...o.....Ee................513g../+-Ws.Bc.!G.a]_SOQsoqKi....2U....?_....yuw!.....I.,......5........H......*\.D....J.H.......!b.G.....E.W.....,.Q....M....PH.>.c.i.cm.yRD?o........O..J.Ju..X.j.E .6Zy......U.d....ye..dW.,.0P.T..+E...K.....<Bhu.$L..g.v..).5o$.)6K.k..t.K.A...R0..j.+%
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2898
    Entropy (8bit):5.308081198405894
    Encrypted:false
    SSDEEP:
    MD5:E75D6A2AFBACA50F194076F3613BDD16
    SHA1:6163064701E922433D267F7823E9EC70AE975FF5
    SHA-256:69993017890DE71AE7F25D67B531C2095AA50888C641B4049C7691436E3BBD72
    SHA-512:F8D66DCD6A3F02FB2867C1FFEC2A77BDEC0007D355CC321A4C812CBE42A4A7630D73F37813AF7D5A818098D94FA3E0E237BF3094060F37884A288B859F808370
    Malicious:false
    Reputation:unknown
    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/Xqe5jAuoWYPZfSBuMJs3xgvN1Y5CzTWbDSn2eEK1x0jIDVQ=="},"policy":{"last_statistics_update":"13355404867203139"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://t
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):3551
    Entropy (8bit):5.284357883256405
    Encrypted:false
    SSDEEP:
    MD5:B4D5D015C4217ED782143A457E42247D
    SHA1:86EB074A241F35F442E61BDC552AA6765D3DF943
    SHA-256:A522FA9F210B445B64000C22EF093B8FC680CB98D6198988A20BAA02C28CB96B
    SHA-512:12C5A37AE62817E271B07756BE3C5F5B3AEAC8CF89BA7E092D9A1F98BF36622164A39CA8E2AFDB02D0074B34241FAFCD2B288D5FDECA701E0143500702E7542E
    Malicious:false
    Reputation:unknown
    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.71093126806531e+12,"network":1.710931269e+12,"ticks":4615976870.0,"uncertainty":1755256.0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/X
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):948
    Entropy (8bit):5.734123993806057
    Encrypted:false
    SSDEEP:
    MD5:996D05E894679BB9A601662117728889
    SHA1:0411B5F1DCD0CFB166657980E003BCA1B9B17739
    SHA-256:3A3DA2A77E8F05F2F2C97FC8A8B80E1D3B6CD24DE9BA8415B0145F82C8FE82A5
    SHA-512:6B573CD4E207A2CB8CC085246FC99643BF72F1F2BF68A7CF40DEC9026FC29DD482C977893DA1258177CA0AB5F3C9875CF1BD1631849A1C5D2C235C3F7DE35AF8
    Malicious:false
    Reputation:unknown
    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/Xqe5jAuoWYPZfSBuMJs3xgvN1Y5CzTWbDSn2eEK1x0jIDVQ=="},"uninstall_metrics":{"installation_date2":"1710931267"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7166,"pseudo_low_entropy_source":110,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13355404867066991","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):1310720
    Entropy (8bit):0.6802810267448353
    Encrypted:false
    SSDEEP:
    MD5:E55E136376C4BE263944708AC99C4AA5
    SHA1:9C01F04F6C805EE76C0526830C32CE7EBEB7C635
    SHA-256:392F91CFAB09DEFF85F0739390868E55FE36E76D624B400C13B9031905DEE0D7
    SHA-512:AC192AB3F0F3B6A1132B9B486EC129F8B869AD486C48906EA6315AA653469C6D1B19AF7DA20016DEAA57B9B75258186D01FCD9117D3D0B5B38B26C280C57263E
    Malicious:false
    Reputation:unknown
    Preview:...@............C.].....@...................`...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....3.........117.0.2045.47-64".en-GB*...Windows NT..10.0.190452(..x86_64..?.......".vbckyf20,1...x86_64J....?.^o..P....7..............n.>..*......fW:00000000000000000000000000000000000000000000!00000000000000000000000000000000000000000000!WinRAR.exe..1900/01/01:00:00:00!WinRAR.exe".6.24.02...".*.:..............,..(.......EarlyProcessSingleton.......Default3.(..$.......msEdgeEDropUI.......triggered....8..4... ...msDelayLoadAuthenticationManager....triggered....<..8...#...msSleepingTabsShorterTimeoutDefault.....triggered....8..4... ...msEdgeMouseGestureDefaultEnabled....triggered....8..4.......msEdgeShowHomeButtonByDefault.......triggered....<..8...$...msConsumerIEModeToolbarButtonDefault
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):280
    Entropy (8bit):1.8802514265597516
    Encrypted:false
    SSDEEP:
    MD5:65CBC955000473A5B21493BF81DD6EBB
    SHA1:8381ECA57FC4987BC427D1775F906151CFFE0D39
    SHA-256:406467EB75B48462C277FEF26D4558E8D2D1708378B32DA1DB6ED984700F990C
    SHA-512:9908B763A50BCE3A739404EA280841699045EF2019BBA01DAF922D03C047B8C93E7EA0D79B0AC22AD16454C555AC30DEFE6CAA6AA9A4947FD259071461E6B8B9
    Malicious:false
    Reputation:unknown
    Preview:sdPC....................|..N..PN..ouz...................................................................................................................................................................................................{F3017226-FE2A-4295-8BDF-00C3A9A7E4C.}C:........
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):20
    Entropy (8bit):3.6219280948873624
    Encrypted:false
    SSDEEP:
    MD5:9E4E94633B73F4A7680240A0FFD6CD2C
    SHA1:E68E02453CE22736169A56FDB59043D33668368F
    SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
    SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
    Malicious:false
    Reputation:unknown
    Preview:level=none expiry=0.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):6780
    Entropy (8bit):5.580629068507002
    Encrypted:false
    SSDEEP:
    MD5:CC9719CFFCDD45689DFF7C3FED5705FF
    SHA1:24CD897874FC6669A77FC08EE36EDCD1930735D7
    SHA-256:33ED8F4B9ECD078AE3FC2644F776270554CE07560D3FAF7539982B4DFA3AB45C
    SHA-512:BE993BC49817B18CA540E97FF5A6702525965E8D38CAD94BE97FA710071945AABF2C2F052A7435DFCB31D563475D248227B5FA734AFED30A2CFF14099A99827A
    Malicious:false
    Reputation:unknown
    Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355404867301036","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355404867301036","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.3202460253800455
    Encrypted:false
    SSDEEP:
    MD5:40B18EC43DB334E7B3F6295C7626F28D
    SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
    SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
    SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):45056
    Entropy (8bit):0.09640639193922981
    Encrypted:false
    SSDEEP:
    MD5:3D89B50A1D1CC7AFB42E0439EB363B77
    SHA1:C00BC7D349D8F190D036385ED127F81E2D756166
    SHA-256:54F4BD5EEF658DAD4908E5A60D33D30BA5E67601746CD1863AABCA5EBE0409B9
    SHA-512:DFEB13F21E735F9EA62664088547D9B84625D34DCA8F16F78414FDD83E7703AA3F98F2E07AC0D91434A212DCD76BE78F70438CC7BDF6164228B6A355577CF93B
    Malicious:false
    Reputation:unknown
    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):270336
    Entropy (8bit):0.17619089126933365
    Encrypted:false
    SSDEEP:
    MD5:BB7E845095D64CE9830C44D719672B01
    SHA1:3CDEE754BAB5892A82957BBB9A1DE0B43DB64DC0
    SHA-256:27248F48BD8D7051D7D16E400A98CA975E09E7784E0F6461AB60E86B026B4F43
    SHA-512:7F89244E93E506759E4565F17E7774A2660F8BD9088F6A0BBDEAFC2E91A1B246BDD65FF6D8F4A0F741317C8A4B7E1AB94CBB05FC8C7889C0EC05CD62698F308A
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):1056768
    Entropy (8bit):0.6934423300183611
    Encrypted:false
    SSDEEP:
    MD5:B9AC4396E75796F0CA54DD81F5AAA25E
    SHA1:7372D03B66398E0228B25C1168DC3406DBFAEB4C
    SHA-256:E530A32A879C49FA1A35935B7C726FDD9142486BA1DBA85F547F53504F3CA0E5
    SHA-512:075579C9A419F4E6E82488A7B12FBC40B5896D9237881773E8B638BD19637A97E0A4FFE0B689742AC0103D3E1AA464A623575147D93D563B747D6C8F7CC5B3E4
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):4202496
    Entropy (8bit):0.03408857104890323
    Encrypted:false
    SSDEEP:
    MD5:3EC084C5D78AD400B5DEE10BE5057EDD
    SHA1:C2C6B88BC31A32FEB0F5680E1D37F95DA63B1674
    SHA-256:B471C54D8EF8601EB7BA3B0C61651DBDF893105E43EB8141BE09234E19589B3E
    SHA-512:07DCA41D10AE798A7BD1968672AC4F152AFB445E30D2E8AD6BE9F71FDEE58C64C1971609FE334871B27EDE0BAB8C837C3F1ED6815F443E81071DA5722D071947
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with very long lines (32038)
    Category:dropped
    Size (bytes):95956
    Entropy (8bit):5.39090392829012
    Encrypted:false
    SSDEEP:
    MD5:B091A47F6B91E26C93A848092C6F3788
    SHA1:52918AF2D431E73464060B35D364640C8DB75606
    SHA-256:329AB92B9276EF4E3148F69BE6B208969BEBDF2DB3121A589CAA172453FD9F10
    SHA-512:AB444102BE476F0104EEFF79C9B596174852B4FE8CBD0B5A0279D56F106A166EC39304636E09326213DE000B102CE8F517BB268A9ABB2955C56EE4F18B464EA8
    Malicious:false
    Reputation:unknown
    Preview:/*! jQuery v1.11.3 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l="1.11.3",m=function(a,b){return new m.fn.init(a,b)},n=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,o=/^-ms-/,p=/-([\da-z])/gi,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,constructor:m,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map(this,function(b,c){ret
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with very long lines (7711)
    Category:dropped
    Size (bytes):310517
    Entropy (8bit):5.567856072991015
    Encrypted:false
    SSDEEP:
    MD5:781C14E29ECD574FC99633F48CDA2F6C
    SHA1:E7A680BD7920011671D549FF50DF8DA72AEE9E9B
    SHA-256:66DEE19FE80E32510529E8DFF9133B79797560E4F54C96CA82EB69F4DEC5DC6F
    SHA-512:0AB68BB7EE48402135D7FD2D2CE9D0910DEFF11056AC733FE5ABA8A552C99F19A8C4329904DBC06A4C52D124B3D7334153AC52B862D0361D0C4200C93C4E0072
    Malicious:false
    Reputation:unknown
    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_session_timeout","priority":16,"vtp_engagementSeconds":60,"vtp_sessionMinutes":55,"vtp_sessionHours":7,"tag_id":111},{"function":"__ogt_1p_data_v2","priority":16,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_S
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
    Category:dropped
    Size (bytes):524656
    Entropy (8bit):5.027445846313988E-4
    Encrypted:false
    SSDEEP:
    MD5:D8D89F80826C5FFF7E96373705B6C99C
    SHA1:8F949038AB0C0ADDA3D173CCAF993926B16716CD
    SHA-256:6A1B49D22D142806EC11FCEEAFFE8FDFA0C94768A37384853434171DFB33D69A
    SHA-512:5109339ED2B0FEF02E29068E348D6D5F1E62463647C18A080A5D43DDD8F57A64CDA05685F11E3AE8E8903CDCBB5925C7DFE47EDAFC307BA5AAB1C41F785507F1
    Malicious:false
    Reputation:unknown
    Preview:.............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):218
    Entropy (8bit):5.335869214170387
    Encrypted:false
    SSDEEP:
    MD5:2D7454CA8F4F0D53FBBF8690954D69CF
    SHA1:D9DE4171B81AEBA7C45379B9F6376E3852377B92
    SHA-256:D3569DB511517AAC3FC5A7C58FCF75597D6BBFE231D809EBEC636CD67D694F17
    SHA-512:455FF4BAB3410582FE982AED4E3677D9D7F1BCB57E8E8294A3940CCB000922DDF35922217D963DDA5CCFCE312C2682B84BC0C50090F1BD3CB1719C21EEBB3E77
    Malicious:false
    Reputation:unknown
    Preview:0\r..m......N.....%...._keyhttps://notifier.win-rar.com/js/jquery-1.11.3.min.js .https://win-rar.com/.A..Eo.......................r/.........Z............{F.......:g........t.....}.....FN.C=...A..Eo..........$.......
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):72
    Entropy (8bit):3.6529820369840817
    Encrypted:false
    SSDEEP:
    MD5:59D6607711AE3D773702D4B844754F73
    SHA1:039214C67F91FAEF4F21261094F1CB7E5ABC6E36
    SHA-256:55ECBA1784E37465DD6043DC919A3C1A03233F1A6F90881BE81042CDDAFB01D3
    SHA-512:3E8DBC9F07B1027ABA6652A10999C214B64D8A2DEB5BAA235F6022382EB4465AE28DAF8E02781856E4C6D254B43A6FEBAA211344B8C5D6AA4FA1E3076A7F18BB
    Malicious:false
    Reputation:unknown
    Preview:@....].\oy retne........................J.8.9.;..*..r/..........v...r/.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:59D6607711AE3D773702D4B844754F73
    SHA1:039214C67F91FAEF4F21261094F1CB7E5ABC6E36
    SHA-256:55ECBA1784E37465DD6043DC919A3C1A03233F1A6F90881BE81042CDDAFB01D3
    SHA-512:3E8DBC9F07B1027ABA6652A10999C214B64D8A2DEB5BAA235F6022382EB4465AE28DAF8E02781856E4C6D254B43A6FEBAA211344B8C5D6AA4FA1E3076A7F18BB
    Malicious:false
    Reputation:unknown
    Preview:@....].\oy retne........................J.8.9.;..*..r/..........v...r/.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:59D6607711AE3D773702D4B844754F73
    SHA1:039214C67F91FAEF4F21261094F1CB7E5ABC6E36
    SHA-256:55ECBA1784E37465DD6043DC919A3C1A03233F1A6F90881BE81042CDDAFB01D3
    SHA-512:3E8DBC9F07B1027ABA6652A10999C214B64D8A2DEB5BAA235F6022382EB4465AE28DAF8E02781856E4C6D254B43A6FEBAA211344B8C5D6AA4FA1E3076A7F18BB
    Malicious:false
    Reputation:unknown
    Preview:@....].\oy retne........................J.8.9.;..*..r/..........v...r/.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):24
    Entropy (8bit):2.1431558784658327
    Encrypted:false
    SSDEEP:
    MD5:54CB446F628B2EA4A5BCE5769910512E
    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
    Malicious:false
    Reputation:unknown
    Preview:0\r..m..................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):48
    Entropy (8bit):2.9555576533947305
    Encrypted:false
    SSDEEP:
    MD5:AFC41EEFAEF20F5C0A93C1F07FF1289D
    SHA1:E00D27ED1B2C3F0291A95BD519D96D5C70C851F0
    SHA-256:ECE2BED9575DB48BE5F0D01260839992EBD12033CB265D8379B5567E85BACD4D
    SHA-512:6E59D77484455845C31A260FB7B4DF75A66187EFCAD5449A259FAF4C410F191CB30E6121D15F58A6D251FC4E258A9E6761D314AB724F668F06DA512A061187BB
    Malicious:false
    Reputation:unknown
    Preview:(...5.G.oy retne........................$..r/.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:AFC41EEFAEF20F5C0A93C1F07FF1289D
    SHA1:E00D27ED1B2C3F0291A95BD519D96D5C70C851F0
    SHA-256:ECE2BED9575DB48BE5F0D01260839992EBD12033CB265D8379B5567E85BACD4D
    SHA-512:6E59D77484455845C31A260FB7B4DF75A66187EFCAD5449A259FAF4C410F191CB30E6121D15F58A6D251FC4E258A9E6761D314AB724F668F06DA512A061187BB
    Malicious:false
    Reputation:unknown
    Preview:(...5.G.oy retne........................$..r/.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
    Category:dropped
    Size (bytes):28672
    Entropy (8bit):0.4649195136368127
    Encrypted:false
    SSDEEP:
    MD5:7CC38D46A601F8F9A55222D740A6FFB0
    SHA1:0D7AA43939134232901465CE39FF62F581FC27AE
    SHA-256:3126A435D92FB0E539F1B5538B8F868E77A45087C5D9E285786E9333190EC459
    SHA-512:5BC78C34D345FDA4ED208B09CF5CA15D7FF42AAE227C7222A83A9FE1711D4AA56D10F72712FB8E85D2FD6A46284CBE896D64300B520937740E1211CFB811100A
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
    Category:dropped
    Size (bytes):262512
    Entropy (8bit):9.553120663130604E-4
    Encrypted:false
    SSDEEP:
    MD5:B7CF4C2230127C7730133EF747784CFA
    SHA1:A5D5AAF7136287926E4CB46709EA0B4C2A87B0A6
    SHA-256:06F167B6453642EE44744C8BAB1F4FE417831D4700A61C5FC1E214BBD70B43BF
    SHA-512:B85C7AD04E85138B94D1CA6546AE6D1FE3B958F8EF4227DB65A0B85DDD64C90D85FAE0E624068E4ADF5E0481414F78EF8A7725C43F4CC4371DCA3A3A2DCA83BD
    Malicious:false
    Reputation:unknown
    Preview:.............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):38
    Entropy (8bit):1.8784775129881184
    Encrypted:false
    SSDEEP:
    MD5:51A2CBB807F5085530DEC18E45CB8569
    SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
    SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
    SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
    Malicious:false
    Reputation:unknown
    Preview:.f.5................f.5...............
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):299
    Entropy (8bit):5.217118882661042
    Encrypted:false
    SSDEEP:
    MD5:72BC742F770D9B9661AD2319EBFC8284
    SHA1:231CDE68CCEF3E6EB6A14C0825B751B2C2FEDF0A
    SHA-256:34778F5A63908C64D95D29DC3FD5E3BF594562AD4827444C14AAC7FD2C209730
    SHA-512:C17563785DDE0CFE7E4155F7EF8F571CBBDA328405D20541BAB6DC11DDDDE2DC76489F0DDD1E50D644DCB75A66C51646E39E6373BBAA8EA5667C3FC925F251BA
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.301 1bf4 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Extension Rules since it was missing..2024/03/20-11:41:07.327 1bf4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Extension Rules/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):303
    Entropy (8bit):5.252329551900459
    Encrypted:false
    SSDEEP:
    MD5:3B9C4499B5FF8217F07ABDECAD776750
    SHA1:46368F63CD1BE8FC3616FB4FBCE9A7FCB794B8AE
    SHA-256:A904514736A92222FA6B6D889A6E21CA77098EA1676662A57FBFC7FCA8AA5F70
    SHA-512:E93CBCFD2C2D95CF3FD71DC0283617C7526E79C49CAAA0A5EDCCE6CF39B8A6856C4EE224C18D4B7CC2F8397AF8E966469245280B7E2BB762F3A76A7EFDE17DE7
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.381 1bf4 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Extension Scripts since it was missing..2024/03/20-11:41:07.462 1bf4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Extension Scripts/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:OpenPGP Secret Key
    Category:dropped
    Size (bytes):41
    Entropy (8bit):4.704993772857998
    Encrypted:false
    SSDEEP:
    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
    Malicious:false
    Reputation:unknown
    Preview:.|.."....leveldb.BytewiseComparator......
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):16
    Entropy (8bit):3.2743974703476995
    Encrypted:false
    SSDEEP:
    MD5:46295CAC801E5D4857D09837238A6394
    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
    Malicious:false
    Reputation:unknown
    Preview:MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):114
    Entropy (8bit):1.8784775129881184
    Encrypted:false
    SSDEEP:
    MD5:891A884B9FA2BFF4519F5F56D2A25D62
    SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
    SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
    SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
    Malicious:false
    Reputation:unknown
    Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:46295CAC801E5D4857D09837238A6394
    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
    Malicious:false
    Reputation:unknown
    Preview:MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):299
    Entropy (8bit):5.252130595211777
    Encrypted:false
    SSDEEP:
    MD5:91F1AF928C8850C00F72141B227D5832
    SHA1:A1175A40E3D4C5C5A926B52BF7243EB43ABCB185
    SHA-256:A12D0EB14C681A0AB41DF4B45A069B0830D122C122AF4727DFF4ADAFF41221E4
    SHA-512:90A8FACE16F1380BFBD1CA98C7763CB5E73941193085B05756F374231010F02413455EC2C301D4C7B9B1D546CA5E81E8D3E52FEA54A245A1A3F64ADF9D69BDD6
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.854 1a54 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Extension State since it was missing..2024/03/20-11:41:07.879 1a54 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Extension State/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
    Category:dropped
    Size (bytes):4096
    Entropy (8bit):0.3169096321222068
    Encrypted:false
    SSDEEP:
    MD5:2554AD7847B0D04963FDAE908DB81074
    SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
    SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
    SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):0.40981274649195937
    Encrypted:false
    SSDEEP:
    MD5:1A7F642FD4F71A656BE75B26B2D9ED79
    SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
    SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
    SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):1.5993083725316855
    Encrypted:false
    SSDEEP:
    MD5:EC063D21E1BC76B88EF1B488C5DB77D1
    SHA1:50A7F8CBE8B741185E7A16825F7B479426FC70FA
    SHA-256:8B2B9FDB54C07174CD649DC751364D05ABA56BCFB8FBF08B5287DDCEB8D1907C
    SHA-512:E7D1C271A18FB1E790CA796628ECC53BDA0B9F31CF34123416DDD5A4CECAE92A12AC22D8F188A1629C83EFCC7C346829EC5BC1776C3F0CF3DB4976BEADADCC6D
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):8192
    Entropy (8bit):0.011852361981932763
    Encrypted:false
    SSDEEP:
    MD5:0962291D6D367570BEE5454721C17E11
    SHA1:59D10A893EF321A706A9255176761366115BEDCB
    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
    Category:dropped
    Size (bytes):262512
    Entropy (8bit):9.553120663130604E-4
    Encrypted:false
    SSDEEP:
    MD5:F2DFCE7A1EF4092B5DBB624461262471
    SHA1:5E4CD3A64795BE3D2DD38B8CBEBA75BF093A4658
    SHA-256:5DC6920D97340F7A61F958AE92DF616100AAD53603195FD0EA9EDC7877AA46FF
    SHA-512:74003AF8F1F78AFA55E10F0873FA887C0B93625F189D0C73C78B756A25BD49E24CC01ADAB13CB38D3799D6BD8302F7BC43C4B363AB4FBBC9240E159E25714C39
    Malicious:false
    Reputation:unknown
    Preview:............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):155648
    Entropy (8bit):0.5852340869665993
    Encrypted:false
    SSDEEP:
    MD5:E0A4FF19943260CC6614B890006DC7C8
    SHA1:F0CBB98BA613FF4CFDE332F890A388246D33C9EA
    SHA-256:708CBDAAE6B26A656F29760C0E1B5BDCFC0621DC942A34B61D391874BD5C9CBA
    SHA-512:6F2E2686BBDA4D4E95EE9672F76571133216A230B38A7670072C7D925A9FD25CCEE3BF1F79076C78A8A8C83D0268D1B1A136A43C1307E4D909AFA644BDDB63D6
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):311
    Entropy (8bit):5.293337472686634
    Encrypted:false
    SSDEEP:
    MD5:68F2FFD54F1854160E69396A4822FD6C
    SHA1:B42B5395F3BB402B1FCB4B093445E37E043A245A
    SHA-256:6E6A0A458A21DED010F55F0C4530635EB982C3C8C997BA7CDE56FB29AF329421
    SHA-512:BF99CCDC6CE6D94717B99AAA1F271D4BAD1CE5AAECD7591F8E87C93A862E5AAA7DA50FF0F80815103A99AD1A0CB40FD7EE869F77AD08CFD2E14B1D016FFA2B8F
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.601 11b8 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Local Storage\leveldb since it was missing..2024/03/20-11:41:07.655 11b8 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Local Storage\leveldb/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 21, cookie 0xc, schema 4, UTF-8, version-valid-for 1
    Category:dropped
    Size (bytes):43008
    Entropy (8bit):0.9009435143901008
    Encrypted:false
    SSDEEP:
    MD5:FB3D677576C25FF04A308A1F627410B7
    SHA1:97D530911F9CB0C37717ABB145D748982ADA0440
    SHA-256:A79300470D18AF26E3C5B4F23F81915B92D490105CE84A8122BF8100EC0C7517
    SHA-512:ED6666B064958B107E55BD76E52D2E5BF7A4791379902D208EF909A6B68803240D372CE03641249EB917C241B36A5684656A48D099A8A084AD34BA009857B098
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
    Category:dropped
    Size (bytes):45056
    Entropy (8bit):0.40293591932113104
    Encrypted:false
    SSDEEP:
    MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
    SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
    SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
    SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2
    Entropy (8bit):1.0
    Encrypted:false
    SSDEEP:
    MD5:D751713988987E9331980363E24189CE
    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
    Malicious:false
    Reputation:unknown
    Preview:[]
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):0.6732424250451717
    Encrypted:false
    SSDEEP:
    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:E77B8E8416D010905FFC8E6937FEEE27
    SHA1:D265C9CEA51AD69A948BD4526688359BAF466E60
    SHA-256:D28EBBC5724D6D88E255C9FDF4166194EAA4A242D2F8F9A6043EFA1626F7BD2A
    SHA-512:CD3D25CEA3DFA1D279092D64F9DEA15C2EB16410A14460ADF6CAD108FCEDADA1B91565D9AA4E811310A981FD614428F2F91D4011F1F776FA59849F5061D3A5AD
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357996872409255","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABMAAABodHRwczovL3dpbi1yYXIuY29tAA==",false],"server":"https://www.googletagmanager.com"}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
    Category:dropped
    Size (bytes):36864
    Entropy (8bit):0.5559635235158827
    Encrypted:false
    SSDEEP:
    MD5:9AAAE8C040B616D1378F3E0E17689A29
    SHA1:F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
    SHA-256:5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
    SHA-512:436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:D751713988987E9331980363E24189CE
    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
    Malicious:false
    Reputation:unknown
    Preview:[]
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:20D4B8FA017A12A108C87F540836E250
    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
    Malicious:false
    Reputation:unknown
    Preview:{"SDCH":{"dictionaries":{},"version":2}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
    Category:dropped
    Size (bytes):36864
    Entropy (8bit):0.36515621748816035
    Encrypted:false
    SSDEEP:
    MD5:25363ADC3C9D98BAD1A33D0792405CBF
    SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
    SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
    SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):40
    Entropy (8bit):4.1275671571169275
    Encrypted:false
    SSDEEP:
    MD5:20D4B8FA017A12A108C87F540836E250
    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
    Malicious:false
    Reputation:unknown
    Preview:{"SDCH":{"dictionaries":{},"version":2}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):341
    Entropy (8bit):5.230352458271072
    Encrypted:false
    SSDEEP:
    MD5:E77B8E8416D010905FFC8E6937FEEE27
    SHA1:D265C9CEA51AD69A948BD4526688359BAF466E60
    SHA-256:D28EBBC5724D6D88E255C9FDF4166194EAA4A242D2F8F9A6043EFA1626F7BD2A
    SHA-512:CD3D25CEA3DFA1D279092D64F9DEA15C2EB16410A14460ADF6CAD108FCEDADA1B91565D9AA4E811310A981FD614428F2F91D4011F1F776FA59849F5061D3A5AD
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357996872409255","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABMAAABodHRwczovL3dpbi1yYXIuY29tAA==",false],"server":"https://www.googletagmanager.com"}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:F1AD1B9C79F2F92B2CC2C891649E82AE
    SHA1:6F9AF3B7D44C92B996511A88688E8F1AF7D91E1B
    SHA-256:D4844C07167AA07229511CA0A8885CF0EE2DB4FF2E093FAD0E1BA4798BC7068A
    SHA-512:BAC2C17AEBC1FBB8EFE0E131C1AFF703B80EB77C6B6048C16F8E7B8A2448996CEF11F5AC1E059FE3266430BCA401668E2BBEF40028B14AB7D4FB574B44D26536
    Malicious:false
    Reputation:unknown
    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355404867734850","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":600,"browser_content_container_width":792,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13355404867684592","domain_diversity":{"last_reporting_timestamp":"13355404867734929"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):33
    Entropy (8bit):4.051821770808046
    Encrypted:false
    SSDEEP:
    MD5:2B432FEF211C69C745ACA86DE4F8E4AB
    SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
    SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
    SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
    Malicious:false
    Reputation:unknown
    Preview:{"preferred_apps":[],"version":1}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):182
    Entropy (8bit):4.2629097520179995
    Encrypted:false
    SSDEEP:
    MD5:643E00B0186AA80523F8A6BED550A925
    SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
    SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
    SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
    Malicious:false
    Reputation:unknown
    Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:CC9719CFFCDD45689DFF7C3FED5705FF
    SHA1:24CD897874FC6669A77FC08EE36EDCD1930735D7
    SHA-256:33ED8F4B9ECD078AE3FC2644F776270554CE07560D3FAF7539982B4DFA3AB45C
    SHA-512:BE993BC49817B18CA540E97FF5A6702525965E8D38CAD94BE97FA710071945AABF2C2F052A7435DFCB31D563475D248227B5FA734AFED30A2CFF14099A99827A
    Malicious:false
    Reputation:unknown
    Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13355404867301036","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13355404867301036","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:modified
    Size (bytes):253
    Entropy (8bit):5.115576169197745
    Encrypted:false
    SSDEEP:
    MD5:F82E97B17AE0F62853A3E7BADDD02536
    SHA1:2469BB8DDFFBB0280FC7F5CFDDE296C17905D1C8
    SHA-256:C4A0EEC835C9832B572AA737C61994C4FB3337248867616D19DD8678EE1ADD83
    SHA-512:5442B0984081098ADDFF05B838ED621C7FB5A867B063983B564DB3F5AB383316B8F0CD650D6095DE9847D646B4BD605E9CFEF1F2C9FF5CC79139239A2DE61ADF
    Malicious:false
    Reputation:unknown
    Preview:*...#................version.1..namespace-KC..k................next-map-id.1.Lnamespace-390a1abe_b870_4911_8b49_8f4d61d5f5f7-https://notifier.win-rar.com/.0...0Z...............Lnamespace-390a1abe_b870_4911_8b49_8f4d61d5f5f7-https://notifier.win-rar.com/
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):299
    Entropy (8bit):5.225407582228364
    Encrypted:false
    SSDEEP:
    MD5:E1A884FCC9A010B1E06516D3E496B50D
    SHA1:0DAA5897702B438D5AB3F72515558BBE23095A1B
    SHA-256:63623A164CCF67996B0C3C6BA0CF674F533BEC3721E3465FA37C7EDE407407E3
    SHA-512:7E316704172AAEC7DEED62FB56FF9CC93D5D093552FC764C0882AF0A856866857C7045986A61BF042328956E7449A4AD750A4F047072016144E572D5E5C1070B
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:08.703 11b8 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Session Storage since it was missing..2024/03/20-11:41:08.720 11b8 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Session Storage/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):112
    Entropy (8bit):4.634376867555711
    Encrypted:false
    SSDEEP:
    MD5:857E86827AAE46ACA9CF8E9249ACECF6
    SHA1:78B2012130E8F01B1939A708AFAEAE20AC106E15
    SHA-256:D652B64C125C9556C45CCE92563A82F20D9416318D664B537450D0DAC14D16AA
    SHA-512:5A8805F5D25827903147E06979E8161766986DDC2539621BF512531745B77B59E3C026E3AA1FEAFEF0E08E416BE6DAD926F45D221F121A8172500AEED5364180
    Malicious:false
    Reputation:unknown
    Preview:.On.!................database_metadata.1...A............... dbd4f54c6da0dd725455835929042622.............."...
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):327
    Entropy (8bit):5.174921440372795
    Encrypted:false
    SSDEEP:
    MD5:F547635903C1D43EA027A562A7371AF6
    SHA1:1C85FA4CBC8EEE36575F2CAED42CA29C09328319
    SHA-256:9DE54C3B55863A5255F2727C5EFC0C61FCF68370C1909DFBD585C670F8A027D4
    SHA-512:FC390D9DBEB21A4CD6354270BB90AE7A9926AC705DE0150BB091951D73CCBC49E179A25F1768C5EFC8BD40F2A3225EC137B82A96D704EA25F21E293E9C5D49BD
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.283 1bc0 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Site Characteristics Database since it was missing..2024/03/20-11:41:07.299 1bc0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Site Characteristics Database/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):46
    Entropy (8bit):4.019797536844534
    Encrypted:false
    SSDEEP:
    MD5:90881C9C26F29FCA29815A08BA858544
    SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
    SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
    SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
    Malicious:false
    Reputation:unknown
    Preview:...n'................_mts_schema_descriptor...
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):303
    Entropy (8bit):5.248355830836635
    Encrypted:false
    SSDEEP:
    MD5:1AA373BDBA57C1BCDF889BBBB35F94BD
    SHA1:61F8FDF6BEA6262B9CF85C606583A99943D5FD70
    SHA-256:02CEE00A694844900D67EAB96F31247D0C8BE952CEF64E72359C46727812413A
    SHA-512:0F2CF103FBDF5131BA9C462010D1A650EFDF706C13D89BB2ABD72E4692E7E4EBFAAA5263A26FE2A99CD850514486E56A6B831A37D355741B00FF95656183FCFE
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.700 1a54 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Sync Data\LevelDB since it was missing..2024/03/20-11:41:07.712 1a54 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Sync Data\LevelDB/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
    Category:dropped
    Size (bytes):20480
    Entropy (8bit):0.3528485475628876
    Encrypted:false
    SSDEEP:
    MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
    SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
    SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
    SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):131072
    Entropy (8bit):0.0033616753448762224
    Encrypted:false
    SSDEEP:
    MD5:04AB1D7F27BF06AA547CB1204ABF61B8
    SHA1:83618BCE47D7F2C89993AE7E6588585F80487160
    SHA-256:18C109CDCAB648907D5A1375AFF02900B26988972BDAE3E94005ED53A9C4A7DE
    SHA-512:F9E812E4BD7ABB758257E0742BE0CDDE7C62941EA74C80220EDCF9B8A616900C9E62AE7861D9362A45F4B994815B0EB92BB899D13A4BB6BCD63093EEA133AB96
    Malicious:false
    Reputation:unknown
    Preview:VLnk.....?........c^...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
    Category:dropped
    Size (bytes):178176
    Entropy (8bit):0.9338432204333277
    Encrypted:false
    SSDEEP:
    MD5:32C9720A2A401BC970213C79336CC400
    SHA1:B6433A5426E94DDA5C7D72B4060184411790E91A
    SHA-256:BF38C00920AD3AEB617FB09A9CF2A2BA209A981B1B54765362B6270734950B9F
    SHA-512:2D72159802799B1E83D055932373B9C29A37DE1B23ACA01DF25BF092327A94A110CA8C8870FB79727378563B0259A3491D8E868AAF39172361D2D46B5DC0DCD8
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):6085
    Entropy (8bit):4.826529576067692
    Encrypted:false
    SSDEEP:
    MD5:F1AD1B9C79F2F92B2CC2C891649E82AE
    SHA1:6F9AF3B7D44C92B996511A88688E8F1AF7D91E1B
    SHA-256:D4844C07167AA07229511CA0A8885CF0EE2DB4FF2E093FAD0E1BA4798BC7068A
    SHA-512:BAC2C17AEBC1FBB8EFE0E131C1AFF703B80EB77C6B6048C16F8E7B8A2448996CEF11F5AC1E059FE3266430BCA401668E2BBEF40028B14AB7D4FB574B44D26536
    Malicious:false
    Reputation:unknown
    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13355404867734850","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":600,"browser_content_container_width":792,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13355404867684592","domain_diversity":{"last_reporting_timestamp":"13355404867734929"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.35226517389931394
    Encrypted:false
    SSDEEP:
    MD5:D2CCDC36225684AAE8FA563AFEDB14E7
    SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
    SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
    SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):299
    Entropy (8bit):5.334491176573575
    Encrypted:false
    SSDEEP:
    MD5:6D11C1857B5581419D0DB073901108DB
    SHA1:4A361FFD07987273F9A5DE24D946A02D749ABE81
    SHA-256:3ED699DBD3F2D7E89B7B4A97DA91FC6A8525032BDF2D4BAA76EF093F64A2131F
    SHA-512:0F75B4F61D241A12C3161C85E9371781E7A699412FBC9BC03ED17B38A848908E89A948DF40B0DB434A0843C455E740C60058A23C24D83803773ED68C96393DE5
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.477 1b34 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\shared_proto_db since it was missing..2024/03/20-11:41:07.487 1b34 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\shared_proto_db/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):184
    Entropy (8bit):3.71325125317076
    Encrypted:false
    SSDEEP:
    MD5:AF826572446A866B993052AEC9760422
    SHA1:2BA6EF209765B9CEB75F4C7698F20A0992119565
    SHA-256:FE6EC58485FFA98BA4F69C7B67348F8F8128DD58AD3DAE577F993C32EEFA48ED
    SHA-512:538D97BEAEECAB5E24E628B2ED42C799DD82E12624C1077D1AE70FC2B5ED81EC1BC261C39B509C96AFF98DF0E837CA68A27A1032299B386C8590F046EE4391FE
    Malicious:false
    Reputation:unknown
    Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):317
    Entropy (8bit):5.301096874205248
    Encrypted:false
    SSDEEP:
    MD5:3D1A9E97ADEF15E76E184F8A3208712E
    SHA1:C5C8B75671B903B9282CCFEB1DB33E507F0099C6
    SHA-256:C8000610A1F7099F756D5B930CB3024DD374A6DC1B81F8FCDDD5CDAF48991A97
    SHA-512:AE25049E3F1DF9C18FEFE00B1DF33576B4F5801D32EE600A3E86FC7CB0E51A87ABF54F33FD5342878F5F77B2DE0F0F51F53AA761A662C618C53BC327DC4E3B5E
    Malicious:false
    Reputation:unknown
    Preview:2024/03/20-11:41:07.390 1b34 Creating DB C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\shared_proto_db\metadata since it was missing..2024/03/20-11:41:07.462 1b34 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\shared_proto_db\metadata/MANIFEST-000001.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
    Category:dropped
    Size (bytes):262512
    Entropy (8bit):9.553120663130604E-4
    Encrypted:false
    SSDEEP:
    MD5:DF183E15BB19D7614DA71FC824928CF7
    SHA1:9D018CE4F70B44FA13991BA446285D58AB9BCA1C
    SHA-256:23D79AF307E104E36382380C10131AE20F1555480F58E4CD4813BADEE50FC615
    SHA-512:86913592DB23583A534A0337402832202BF807F8102141825AFBA7D49A035485871BF04DEC3CE8BE9B48829D424A63A66AEAC69ADC1DBFFA62EDC19FF901C2C6
    Malicious:false
    Reputation:unknown
    Preview:.............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
    Category:dropped
    Size (bytes):8192
    Entropy (8bit):0.01057775872642915
    Encrypted:false
    SSDEEP:
    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
    Malicious:false
    Reputation:unknown
    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):270336
    Entropy (8bit):0.0012471779557650352
    Encrypted:false
    SSDEEP:
    MD5:F50F89A0A91564D0B8A211F8921AA7DE
    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):8192
    Entropy (8bit):0.012340643231932763
    Encrypted:false
    SSDEEP:
    MD5:41876349CB12D6DB992F1309F22DF3F0
    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
    Malicious:false
    Reputation:unknown
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
    Category:dropped
    Size (bytes):262512
    Entropy (8bit):9.553120663130604E-4
    Encrypted:false
    SSDEEP:
    MD5:2B0A6C420A6300E9C3B7FA5D55173F68
    SHA1:4611F5247F2EC1601753767858E81E0450D2F2A5
    SHA-256:097A0ADDB454B69D2114632FF2F1283A2343156B9A3D2C3EEB8E31CD0237B9AC
    SHA-512:64949D64A77AEB40A13FF2E8FB4E9332A206F45BFD09EC315BC1FACE9E522278EB5084B9104A5931E03338433C56A19C1504B35DAB593F48FEE9FEA3A06638D3
    Malicious:false
    Reputation:unknown
    Preview:........................................^j...r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):13
    Entropy (8bit):2.7192945256669794
    Encrypted:false
    SSDEEP:
    MD5:BF16C04B916ACE92DB941EBB1AF3CB18
    SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
    SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
    SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
    Malicious:false
    Reputation:unknown
    Preview:117.0.2045.47
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:996D05E894679BB9A601662117728889
    SHA1:0411B5F1DCD0CFB166657980E003BCA1B9B17739
    SHA-256:3A3DA2A77E8F05F2F2C97FC8A8B80E1D3B6CD24DE9BA8415B0145F82C8FE82A5
    SHA-512:6B573CD4E207A2CB8CC085246FC99643BF72F1F2BF68A7CF40DEC9026FC29DD482C977893DA1258177CA0AB5F3C9875CF1BD1631849A1C5D2C235C3F7DE35AF8
    Malicious:false
    Reputation:unknown
    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/Xqe5jAuoWYPZfSBuMJs3xgvN1Y5CzTWbDSn2eEK1x0jIDVQ=="},"uninstall_metrics":{"installation_date2":"1710931267"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7166,"pseudo_low_entropy_source":110,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13355404867066991","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:996D05E894679BB9A601662117728889
    SHA1:0411B5F1DCD0CFB166657980E003BCA1B9B17739
    SHA-256:3A3DA2A77E8F05F2F2C97FC8A8B80E1D3B6CD24DE9BA8415B0145F82C8FE82A5
    SHA-512:6B573CD4E207A2CB8CC085246FC99643BF72F1F2BF68A7CF40DEC9026FC29DD482C977893DA1258177CA0AB5F3C9875CF1BD1631849A1C5D2C235C3F7DE35AF8
    Malicious:false
    Reputation:unknown
    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/Xqe5jAuoWYPZfSBuMJs3xgvN1Y5CzTWbDSn2eEK1x0jIDVQ=="},"uninstall_metrics":{"installation_date2":"1710931267"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7166,"pseudo_low_entropy_source":110,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13355404867066991","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:996D05E894679BB9A601662117728889
    SHA1:0411B5F1DCD0CFB166657980E003BCA1B9B17739
    SHA-256:3A3DA2A77E8F05F2F2C97FC8A8B80E1D3B6CD24DE9BA8415B0145F82C8FE82A5
    SHA-512:6B573CD4E207A2CB8CC085246FC99643BF72F1F2BF68A7CF40DEC9026FC29DD482C977893DA1258177CA0AB5F3C9875CF1BD1631849A1C5D2C235C3F7DE35AF8
    Malicious:false
    Reputation:unknown
    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/Xqe5jAuoWYPZfSBuMJs3xgvN1Y5CzTWbDSn2eEK1x0jIDVQ=="},"uninstall_metrics":{"installation_date2":"1710931267"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7166,"pseudo_low_entropy_source":110,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13355404867066991","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:996D05E894679BB9A601662117728889
    SHA1:0411B5F1DCD0CFB166657980E003BCA1B9B17739
    SHA-256:3A3DA2A77E8F05F2F2C97FC8A8B80E1D3B6CD24DE9BA8415B0145F82C8FE82A5
    SHA-512:6B573CD4E207A2CB8CC085246FC99643BF72F1F2BF68A7CF40DEC9026FC29DD482C977893DA1258177CA0AB5F3C9875CF1BD1631849A1C5D2C235C3F7DE35AF8
    Malicious:false
    Reputation:unknown
    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/Xqe5jAuoWYPZfSBuMJs3xgvN1Y5CzTWbDSn2eEK1x0jIDVQ=="},"uninstall_metrics":{"installation_date2":"1710931267"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":7166,"pseudo_low_entropy_source":110,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13355404867066991","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
    Category:dropped
    Size (bytes):262512
    Entropy (8bit):9.553120663130604E-4
    Encrypted:false
    SSDEEP:
    MD5:253F5317B040A259C82706B964CF4918
    SHA1:5DF45553602471890144D7901DFE206E8BCCC606
    SHA-256:B34A30CCA9B9E326E97D2C501391D002E4A57F63CEBEA4769B027E313F1174D1
    SHA-512:1B0473B4F1E695C2C814B707EB0BE9174582DF6E55A1B27F41D8A30CC8C33B49D3E24CE24D96DBE0A04CFA46FEB0590921698534C41575A5C990BBB23839BD4B
    Malicious:false
    Reputation:unknown
    Preview:.............................................r/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):47
    Entropy (8bit):4.3818353308528755
    Encrypted:false
    SSDEEP:
    MD5:48324111147DECC23AC222A361873FC5
    SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
    SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
    SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
    Malicious:false
    Reputation:unknown
    Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):35
    Entropy (8bit):4.014438730983427
    Encrypted:false
    SSDEEP:
    MD5:BB57A76019EADEDC27F04EB2FB1F1841
    SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
    SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
    SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
    Malicious:false
    Reputation:unknown
    Preview:{"forceServiceDetermination":false}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):29
    Entropy (8bit):3.922828737239167
    Encrypted:false
    SSDEEP:
    MD5:7BAAFE811F480ACFCCCEE0D744355C79
    SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
    SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
    SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
    Malicious:false
    Reputation:unknown
    Preview:customSynchronousLookupUris_0
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):35302
    Entropy (8bit):7.99333285466604
    Encrypted:true
    SSDEEP:
    MD5:0E06E28C3536360DE3486B1A9E5195E8
    SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
    SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
    SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
    Malicious:false
    Reputation:unknown
    Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):81
    Entropy (8bit):4.3439888556902035
    Encrypted:false
    SSDEEP:
    MD5:177F4D75F4FEE84EF08C507C3476C0D2
    SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
    SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
    SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
    Malicious:false
    Reputation:unknown
    Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):3581
    Entropy (8bit):4.459693941095613
    Encrypted:false
    SSDEEP:
    MD5:BDE38FAE28EC415384B8CFE052306D6C
    SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
    SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
    SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
    Malicious:false
    Reputation:unknown
    Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):130439
    Entropy (8bit):3.80180718117079
    Encrypted:false
    SSDEEP:
    MD5:EB75CEFFE37E6DF9C171EE8380439EDA
    SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
    SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
    SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
    Malicious:false
    Reputation:unknown
    Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):40
    Entropy (8bit):4.346439344671015
    Encrypted:false
    SSDEEP:
    MD5:6A3A60A3F78299444AACAA89710A64B6
    SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
    SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
    SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
    Malicious:false
    Reputation:unknown
    Preview:synchronousLookupUris_638343870221005468
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):57
    Entropy (8bit):4.556488479039065
    Encrypted:false
    SSDEEP:
    MD5:3A05EAEA94307F8C57BAC69C3DF64E59
    SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
    SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
    SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
    Malicious:false
    Reputation:unknown
    Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):29
    Entropy (8bit):4.030394788231021
    Encrypted:false
    SSDEEP:
    MD5:52E2839549E67CE774547C9F07740500
    SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
    SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
    SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
    Malicious:false
    Reputation:unknown
    Preview:topTraffic_638004170464094982
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:data
    Category:dropped
    Size (bytes):575056
    Entropy (8bit):7.999649474060713
    Encrypted:true
    SSDEEP:
    MD5:BE5D1A12C1644421F877787F8E76642D
    SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
    SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
    SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
    Malicious:false
    Reputation:unknown
    Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:raw G3 (Group 3) FAX, byte-padded
    Category:dropped
    Size (bytes):460992
    Entropy (8bit):7.999625908035124
    Encrypted:true
    SSDEEP:
    MD5:E9C502DB957CDB977E7F5745B34C32E6
    SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
    SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
    SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
    Malicious:false
    Reputation:unknown
    Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:ASCII text, with no line terminators
    Category:dropped
    Size (bytes):9
    Entropy (8bit):3.169925001442312
    Encrypted:false
    SSDEEP:
    MD5:B6F7A6B03164D4BF8E3531A5CF721D30
    SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
    SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
    SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
    Malicious:false
    Reputation:unknown
    Preview:uriCache_
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):180
    Entropy (8bit):4.979233311844888
    Encrypted:false
    SSDEEP:
    MD5:4CBE87FB4688056F9FF698FD535354EE
    SHA1:C9A2223319517A3A3743594008100BBCD811960A
    SHA-256:E0CD7229E910B68604B1A8E1FFAADE5BF371CBFD6FFDD4CF17BA866281EF2A7B
    SHA-512:5581933EFDB6125E6064EB9460DB5D299102022CCD4CC933659CC7DFD9B82C265A3383949018B084BDF4EE733EB036C99BAEB4F77151A3B87ADCDA13D8373D12
    Malicious:false
    Reputation:unknown
    Preview:{"version":1,"cache_data":[{"file_hash":"42eba96467a2db4e","server_context":"1;c5faad59-a2e3-31f2-b86e-aaf958e12824;phsh:005;7e-05","result":0,"expiration_time":1711036544988389}]}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):85
    Entropy (8bit):4.3488360343066725
    Encrypted:false
    SSDEEP:
    MD5:BC6142469CD7DADF107BE9AD87EA4753
    SHA1:72A9AA05003FAB742B0E4DC4C5D9EDA6B9F7565C
    SHA-256:B26DA4F8C7E283AA74386DA0229D66AF14A37986B8CA828E054FC932F68DD557
    SHA-512:47D1A67A16F5DC6D50556C5296E65918F0A2FCAD0E8CEE5795B100FE8CD89EAF5E1FD67691E8A57AF3677883A5D8F104723B1901D11845B286474C8AC56F6182
    Malicious:false
    Reputation:unknown
    Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":0}
    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2051
    Entropy (8bit):5.476844724280823
    Encrypted:false
    SSDEEP:
    MD5:AFF40FC9F3E0928164AA21840A2F142F
    SHA1:E0968F783CCA7F858E4A7B78733DA4A4590C4F90
    SHA-256:3A7C347BAAD346B127875B6238931BD5AAF230024BFAA6809D8E57E004761E18
    SHA-512:9BDEF59F774B18ADBDCA4BC5AB5A25241454A678BC5709A4DBAEE6BC485FE301FCF64137426C177C00EE4433DDAE3585FC64864EA02C1F76360CE4FED6C3CBD8
    Malicious:false
    Reputation:unknown
    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADJ6nshPHp9TrQm6N6Y2njaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABXc5oM2CquszTC30hnPa25sQIv4EXJJVfxSEVlGur8ugAAAAAOgAAAAAIAACAAAACtTE4wpHiKuYgcMsd2TIwKaQqWNxGSN7d8tZoAnSKCpDAAAABCwb24nNoeQ2pGK9a4hLN3akGj8wMaGpSBHBn0/E5jYYtBx/VJv+iWZz/hNmCQ6DZAAAAAgSwOF0hJmX6osk/MQZuvcVUuy2Pgc9FHYmI6mh/Xqe5jAuoWYPZfSBuMJs3xgvN1Y5CzTWbDSn2eEK1x0jIDVQ=="},"policy":{"last_statistics_update":"13355404867203139"},"profile":{"info_cache":{},"profile_counts_reported":"13355404867213222","profiles_order":[]},
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:51 2024, atime=Fri Oct 6 03:32:57 2023, length=373596, window=hide
    Category:dropped
    Size (bytes):1112
    Entropy (8bit):4.606925045508071
    Encrypted:false
    SSDEEP:
    MD5:EA3C861F5DA6B6B5825354F8BF7F999E
    SHA1:736B26830B1B34D0117124842F9EBE7DDE3836A2
    SHA-256:B688B77DCAE7C37E53F43E3998A641837A553BE48D8C80F21C430C3E6093011F
    SHA-512:9945979E4AABB9A421FC72D80610CD31D56B690029DBF746E6363877324FC260EB7F08C6DBD7A6A4531EEFE04714C8816D9AB9691926DBF4BF723C2828A9AD09
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... .. ....z..(W...z..U.=.....\.......................o....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..........................6...W.i.n.R.A.R.....`.2.\...FW.$ winrar.chm..F......tX.UtX.U.....\.....................Ch.w.i.n.r.a.r...c.h.m.......Q...............-.......P...........=.......C:\Program Files\WinRAR\winrar.chm..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.:.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.w.i.n.r.a.r...c.h.m...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:51 2024, atime=Mon Feb 20 07:18:28 2023, length=254414, window=hide
    Category:dropped
    Size (bytes):1093
    Entropy (8bit):4.621621914810802
    Encrypted:false
    SSDEEP:
    MD5:88AFCBB1FE81188A4F987F81569161B9
    SHA1:0771F33910A15ADE67E9C26394BE6C6732776C2E
    SHA-256:393D0ECED295B34F835D81D6D90CE6C3B30A3F4928C72BA4006F4520B0159ED4
    SHA-512:FA0F32BC247486104DBA496FA2E1D7B41CA3DA64A11C11578F1D8F355562922BFF371662F1F125D0F2C1C6E3FBBB3797F7AC974E8A9EAB1337C6BC7B292F7BF7
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... ...V...z...}...z..G.9..E..........................e....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..........................6...W.i.n.R.A.R.....V.2.....TVOB Rar.txt.@......tX.UtX.U....kY.....................X..R.a.r...t.x.t.......N...............-.......M...........=.......C:\Program Files\WinRAR\Rar.txt..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.7.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.R.a.r...t.x.t...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:51 2024, atime=Fri Oct 6 03:30:06 2023, length=257600, window=hide
    Category:dropped
    Size (bytes):1129
    Entropy (8bit):4.6505782865241185
    Encrypted:false
    SSDEEP:
    MD5:C99DB111CAA7725737F71E4F1A243DCD
    SHA1:54519FC04E8F8555BC584403EE5849F89EC804A3
    SHA-256:4645DC2B513252DCA09C1C0E2B75216B8175E4EEBACCB56949AD2E1CB0628C25
    SHA-512:53F79082F452E8B128C15403275F489606F235123658669C22B0FE216C9A88E5EADA4B7F139B5CB56FC47748830F6256BF89BD3F00DA48BA33270222C11DDD1D
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... .......z...3...z..V.u.....@.......................w....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..........................6...W.i.n.R.A.R.....h.2.@...FW.# NOVEDA~1.TXT..L......tX.UtX.U....wU........................N.o.v.e.d.a.d.e.s...t.x.t.......T...............-.......S...........=.......C:\Program Files\WinRAR\Novedades.txt..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.=.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.N.o.v.e.d.a.d.e.s...t.x.t...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.
    Process:C:\Program Files\WinRAR\Uninstall.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Wed Mar 20 09:40:51 2024, mtime=Wed Mar 20 09:40:51 2024, atime=Thu Oct 5 08:30:59 2023, length=2564760, window=hide
    Category:dropped
    Size (bytes):1112
    Entropy (8bit):4.618942224411729
    Encrypted:false
    SSDEEP:
    MD5:0167FADFEE8D0550DAD973C77244FF81
    SHA1:8E47863C1D1621EB7D1799F9CF8A63C6F3E464F0
    SHA-256:FF08594D5BF6E5E3FD65E1AE172743767235FA3770FC8B1D8FB0C549001FD98E
    SHA-512:E88880DE688E329B45C528B6B4F5C4C655D903ECC1DA9685E52900406799EF76B057FE906CDFEF6BFD3FA23B20851CCCBA6B637855DC3DF77009CBF71D9D640E
    Malicious:false
    Reputation:unknown
    Preview:L..................F.... .......z.......z....J.n...."'.....................o....P.O. .:i.....+00.../C:\.....................1.....tX.U..PROGRA~1..t......O.ItX.U....B...............J..... '..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....tX.U..WinRAR..>......tX.UtX.U..............................W.i.n.R.A.R.....`.2.."'.EW.K WinRAR.exe..F......tX.UtX.U....?\..................../.r.W.i.n.R.A.R...e.x.e.......Q...............-.......P...........=.......C:\Program Files\WinRAR\WinRAR.exe..".P.r.o.c.e.s.a.r. .R.A.R.,. .Z.I.P. .y. .o.t.r.o.s. .f.o.r.m.a.t.o.s.:.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.R.A.R.\.W.i.n.R.A.R...e.x.e...C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.e.s.k.t.o.p.........&................c^...NI..e.2.......`.......X.......927537...........hT..CrF.f4... ...............%..hT..CrF.f4... ...............%.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5
    Process:C:\Program Files\WinRAR\WinRAR.exe
    File Type:data
    Category:dropped
    Size (bytes):12
    Entropy (8bit):3.418295834054489
    Encrypted:false
    SSDEEP:
    MD5:2E6087EF57E64E2B6D20B1903A58D39B
    SHA1:832E77FDA0CBFA23FC42EDAECFB3E2F772971876
    SHA-256:CC727EF3E5A6E32A109215403820809990FE6EEBE9CC465CD43B260A68CB8F6F
    SHA-512:F1BC4F95C2C3FE1AF9BF4B6B34FB2FED3294FA3690C9DCC41F347D2286B6F7514892197096DFB620324D351E8EFEE8BF429B2114E6F5B4A89CAC0530FD06FFF0
    Malicious:false
    Reputation:unknown
    Preview:.....[...z..
    File type:PE32+ executable (GUI) x86-64, for MS Windows
    Entropy (8bit):7.951491521153915
    TrID:
    • Win64 Executable GUI (202006/5) 92.65%
    • Win64 Executable (generic) (12005/4) 5.51%
    • Generic Win/DOS Executable (2004/3) 0.92%
    • DOS Executable Generic (2002/1) 0.92%
    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
    File name:winrar-x64-624es.exe
    File size:3'692'112 bytes
    MD5:1da8374156fc6492f06828e55ea4dc13
    SHA1:4923d045851434d65ce7c56b7e1bd73a08fc2305
    SHA256:c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b
    SHA512:445392ffca842263310d0f4b8371e0bfd6bcb40d9e846d645c73616b252315b0603d7e538d9e5415028c35f747989da5c14566cf356860304e889ae7f12565d2
    SSDEEP:98304:jwBOBfKqQ0K1MTXtbysMqIpmCcBQz/J6+14CeZx1kR7:jw/qQv1MTXhysMs1BQnG1G
    TLSH:0706231AA7E804F8F1B3D5748EB28A0AE777BC451B30878F176C515A2F732516E3A352
    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'A..c ..c ..c ...R... ...[}.a ...[..q ...[..d ...[..Z ...R..i ...R..u ...R..b ...R..d ..c ..}!...[..R ...[..b ...[..b ...[..b .
    Icon Hash:3b3b336b696ab269
    Entrypoint:0x1400268c0
    Entrypoint Section:.text
    Digitally signed:true
    Imagebase:0x140000000
    Subsystem:windows gui
    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Time Stamp:0x651BC807 [Tue Oct 3 07:51:35 2023 UTC]
    TLS Callbacks:
    CLR (.Net) Version:
    OS Version Major:6
    OS Version Minor:0
    File Version Major:6
    File Version Minor:0
    Subsystem Version Major:6
    Subsystem Version Minor:0
    Import Hash:a7c1e5228dc2514c5c5cc8010b9d4138
    Signature Valid:true
    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
    Signature Validation Error:The operation completed successfully
    Error Number:0
    Not Before, Not After
    • 08/08/2023 02:00:00 08/08/2026 01:59:59
    Subject Chain
    • CN=win.rar GmbH, O=win.rar GmbH, L=Berlin, S=Berlin, C=DE, SERIALNUMBER=HRB 109885, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Charlottenburg, OID.1.3.6.1.4.1.311.60.2.1.2=Berlin, OID.1.3.6.1.4.1.311.60.2.1.3=DE
    Version:3
    Thumbprint MD5:4E14FDD2231019D7E676235D9D81BCAE
    Thumbprint SHA-1:729AE1F8B489DE176CC099FF49937F85F9E412F7
    Thumbprint SHA-256:E0F8ABF2A732B2D82369C6CDF5657C85C231A924C82528D853AA8F38E0B3ACD9
    Serial:048B08399EC703623C72CD2077AD65D9
    Instruction
    dec eax
    sub esp, 28h
    call 00007F5CDC7BD748h
    dec eax
    add esp, 28h
    jmp 00007F5CDC7BD17Fh
    int3
    int3
    dec eax
    sub esp, 48h
    dec eax
    lea ecx, dword ptr [esp+20h]
    call 00007F5CDC7AD48Bh
    dec eax
    lea edx, dword ptr [00027F0Fh]
    dec eax
    lea ecx, dword ptr [esp+20h]
    call 00007F5CDC7BF5EAh
    int3
    jmp 00007F5CDC7C3C50h
    int3
    int3
    int3
    dec eax
    mov dword ptr [esp+10h], ebx
    dec eax
    mov dword ptr [esp+18h], esi
    push edi
    dec eax
    sub esp, 10h
    xor eax, eax
    xor ecx, ecx
    cpuid
    inc esp
    mov eax, ecx
    inc ebp
    xor ebx, ebx
    inc esp
    mov edx, edx
    inc ecx
    xor eax, 6C65746Eh
    inc ecx
    xor edx, 49656E69h
    inc esp
    mov ecx, ebx
    mov esi, eax
    xor ecx, ecx
    inc ecx
    lea eax, dword ptr [ebx+01h]
    inc ebp
    or edx, eax
    cpuid
    inc ecx
    xor ecx, 756E6547h
    mov dword ptr [esp], eax
    inc ebp
    or edx, ecx
    mov dword ptr [esp+04h], ebx
    mov edi, ecx
    mov dword ptr [esp+08h], ecx
    mov dword ptr [esp+0Ch], edx
    jne 00007F5CDC7BD35Dh
    dec eax
    or dword ptr [0002AEABh], FFFFFFFFh
    and eax, 0FFF3FF0h
    dec eax
    mov dword ptr [0002AE93h], 00008000h
    cmp eax, 000106C0h
    je 00007F5CDC7BD32Ah
    cmp eax, 00020660h
    je 00007F5CDC7BD323h
    cmp eax, 00020670h
    je 00007F5CDC7BD31Ch
    add eax, FFFCF9B0h
    NameVirtual AddressVirtual Size Is in Section
    IMAGE_DIRECTORY_ENTRY_EXPORT0x4f7700x34.rdata
    IMAGE_DIRECTORY_ENTRY_IMPORT0x4f7a40x50.rdata
    IMAGE_DIRECTORY_ENTRY_RESOURCE0x7c0000x260a8.rsrc
    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x770000x2d48.pdata
    IMAGE_DIRECTORY_ENTRY_SECURITY0x382db80x2898
    IMAGE_DIRECTORY_ENTRY_BASERELOC0xa30000x910.reloc
    IMAGE_DIRECTORY_ENTRY_DEBUG0x4af700x54.rdata
    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x42d200x140.rdata
    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
    IMAGE_DIRECTORY_ENTRY_IAT0x400000x508.rdata
    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x4e9740x100.rdata
    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
    .text0x10000x3e28e0x3e400700abd5209c09592aecef74399515047False0.5621862449799196data6.505167436024681IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    .rdata0x400000x108760x10a00dcbae7301c6be99fea3f4b5c731600c0False0.44532718515037595data5.126135750809436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .data0x510000x2556c0x140024c867ff22ad5e76095f4649af51ebd2False0.3287109375data3.6879897443143395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    .pdata0x770000x2d480x2e006478faa678055a38df9d47605c2b56d5False0.49074388586956524data5.491717260480862IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .didat0x7a0000x3300x400f6b31a2163413b79ca7e2d315d760b7aFalse0.24609375data2.906019229238076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
    _RDATA0x7b0000x15c0x2000c3d4c8a16597de7bad64b697ad716f6False0.3984375data3.3270781278334622IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .rsrc0x7c0000x270000x262006dccbb9937bb8716d07e431352ca3206False0.8943199282786886data7.75724011887877IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
    .reloc0xa30000x9100xa0076cc9db5ac7a0a73079b00f93b20a984False0.483203125data5.194055324459881IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
    NameRVASizeTypeLanguageCountryZLIB Complexity
    PNG0x7c5cc0x3318PNG image data, 256 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9983944954128441
    PNG0x7f8e40xdc20PNG image data, 512 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000461385576377
    RT_ICON0x8d5040x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4031791907514451
    RT_ICON0x8da6c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.6425992779783394
    RT_ICON0x8e3140xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.6156716417910447
    RT_ICON0x8f1bc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.43439716312056736
    RT_ICON0x8f6240x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.5175891181988743
    RT_ICON0x906cc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.5034232365145228
    RT_ICON0x92c740xd646PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9980675976227805
    RT_DIALOG0xa02bc0xdcdataEnglishUnited States0.7090909090909091
    RT_DIALOG0xa03980x12edataEnglishUnited States0.5927152317880795
    RT_DIALOG0xa04c80x338dataEnglishUnited States0.45145631067961167
    RT_DIALOG0xa08000x37adataEnglishUnited States0.5348314606741573
    RT_STRING0xa0b7c0x178dataEnglishUnited States0.4308510638297872
    RT_STRING0xa0cf40x1b4dataEnglishUnited States0.4426605504587156
    RT_STRING0xa0ea80x19adataEnglishUnited States0.4902439024390244
    RT_STRING0xa10440x146dataEnglishUnited States0.5153374233128835
    RT_STRING0xa118c0x1fcdataEnglishUnited States0.4547244094488189
    RT_STRING0xa13880xd6Matlab v4 mat-file (little endian) E, numeric, rows 0, columns 0EnglishUnited States0.46261682242990654
    RT_STRING0xa14600x9adataEnglishUnited States0.5974025974025974
    RT_STRING0xa14fc0x3adataEnglishUnited States0.6896551724137931
    RT_STRING0xa15380xd6dataEnglishUnited States0.5747663551401869
    RT_GROUP_ICON0xa16100x68dataEnglishUnited States0.7019230769230769
    RT_VERSION0xa16780x2e0dataEnglishUnited States0.46195652173913043
    RT_MANIFEST0xa19580x750XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3969017094017094
    DLLImport
    KERNEL32.dllGetLastError, SetLastError, FormatMessageW, CreateDirectoryW, CreateFileW, DeleteFileW, RemoveDirectoryW, SetFileTime, CloseHandle, DeviceIoControl, GetCurrentProcess, CreateHardLinkW, GetLongPathNameW, GetShortPathNameW, MoveFileW, GetStdHandle, FlushFileBuffers, GetFileType, ReadFile, SetEndOfFile, SetFilePointer, WriteFile, GetFileAttributesW, SetFileAttributesW, GetCurrentProcessId, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, Sleep, ExitProcess, GetSystemDirectoryW, LoadLibraryW, SetThreadExecutionState, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, CreateThread, SetThreadPriority, GetProcessAffinityMask, FileTimeToLocalFileTime, LocalFileTimeToFileTime, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, FileTimeToSystemTime, SystemTimeToFileTime, MultiByteToWideChar, WideCharToMultiByte, GetCPInfo, IsDBCSLeadByte, GlobalAlloc, SetCurrentDirectoryW, LoadResource, LockResource, SizeofResource, GlobalUnlock, GlobalLock, GlobalFree, GetDateFormatW, GetTimeFormatW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, GetExitCodeProcess, GetLocalTime, GetTickCount, CreateFileMappingW, OpenFileMappingW, MapViewOfFile, UnmapViewOfFile, LocalFree, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, GetConsoleMode, GetConsoleOutputCP, HeapSize, SetFilePointerEx, GetStringTypeW, SetStdHandle, GetProcessHeap, LCMapStringW, FlsFree, FlsSetValue, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, HeapFree, HeapReAlloc, HeapAlloc, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue
    OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
    gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc
    Language of compilation systemCountry where language is spokenMap
    EnglishUnited States