download: | Eziriz%20.NET%20Reactor%206.8.0.rar |
Full analysis: | https://app.any.run/tasks/cf0f834e-8b20-4ef5-9276-ced298adcadf |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 07:24:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 5A60B830657E94AF29DC192940B07F50 |
SHA1: | 3BE35B1F66DB91F9773ADBB3200A50F04E1EFEA8 |
SHA256: | A3AE0AD73C9ACF359D76999B5082D33F599BAEB1A39EB69ADCD4EA43BAFE4E94 |
SSDEEP: | 393216:eJYk7hditOx6YYPmCKyUTFXBVR1GR8/bJNrz:eYk7icQ9mCKFBXxbDz |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3388 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\666fa86e-d88b-4c56-b35a-6cdb7d15cd30.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3540 | "C:\Users\admin\Desktop\Eziriz .NET Reactor 6.8.0\dotNET_Reactor.exe" | C:\Users\admin\Desktop\Eziriz .NET Reactor 6.8.0\dotNET_Reactor.exe | — | Explorer.EXE |
User: admin Company: EZIRIZ Integrity Level: MEDIUM Description: .NET Reactor Version: 6.8.0.0 | ||||
3604 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
900 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | dotNET_Reactor.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Pen and Touch Input Component Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3352 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | dotNET_Reactor.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 24 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\dotNET_Reactor.Console.exe | executable | |
MD5:84D5568047C37A9CB014A2589F627FBE | SHA256:851B8036BEB2FE21C0BAD3BFC4F1B25F61CA3C89ED2CBAB086EA3DF2F73A3586 | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\SDK\Binaries\StackTraceDeobfuscator.dll.txt | text | |
MD5:E579A9E8D642D6E554EAD4D722F90A58 | SHA256:03CCE62E4FFD3907FF6522A2B0863C4934B76EE06FA8F165DF25DE00657F6C01 | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\SDK\Binaries\License.dll.txt | text | |
MD5:FBC41C51D8E3124A1A5E431A57E7A9DF | SHA256:2A861D2C203453EECA9F4D3C16C7FB3CF7711A71A230F330CFF79C5A7291FD0E | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\.NET Reactor SDK Test Apps\License Examination Windows Forms\VB.NET\SDK_TestApp\bin\Release\LicenseExamination_Secure\LicenseExamination.exe | executable | |
MD5:D09FE35EAF7FD817B743CE6046C2A172 | SHA256:E908D8EE45D2DEA6B0B0BE106262C74C5051E217C5DB8EFC45B1710411B0C4D8 | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\.NET Reactor SDK Test Apps\License Examination .NET Core Console\C#\LicenseExamination\bin\Release\netcoreapp3.0\LicenseExamination.exe | executable | |
MD5:50E4CC3A51066FCC856F06B7C55E95F0 | SHA256:60EDB81934B6A5995FE96979184716FDC57243307FBE43AFB7A6601B2926CF86 | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\VSPackage\17\[Content_Types].xml | xml | |
MD5:6D509405F78992D7B6549E82A58D978A | SHA256:2103094BE12ABA4C2A3E3CC234A1E40A967983636F67CC539D68520A7A4D3742 | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\.NET Reactor SDK Test Apps\License Examination Windows Forms\VB.NET\SDK_TestApp\bin\Release\LicenseExamination.exe | executable | |
MD5:58AC86B2CE7B6C33F47F795B0EDBA8CA | SHA256:7EEFF2D7498313C89254A0B0A804B223B7F0DD94F1724C82404FD3F291057703 | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\.NET Reactor SDK Test Apps\Customizeable MessageBox Windows Forms\VB.NET\VS2012\bin\MyMessageBox.exe | executable | |
MD5:6B4D9AFAA4B54206F7268CB10095B7A9 | SHA256:BE0FBECF07D1A86B853D192C912EDF1748ACB650A00BD6F0DD9E3D43362BFE1A | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\VSPackage\16\[Content_Types].xml | xml | |
MD5:EB2A6F6183149485432478C6BBFE8D82 | SHA256:80E58A3FCE2F285C9B3DB607A4EB57F79FEE2B800E20738E02320ABFBD075245 | |||
3388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3388.2565\Eziriz .NET Reactor 6.8.0\.NET Reactor SDK Test Apps\License Examination Windows Forms\C#\SDK_TestApp\bin\Release\LicenseExamination_Secure\LicenseExamination.exe | executable | |
MD5:3F09D2B76FAD3A2C441298A234C4E3BD | SHA256:1AC098A76FF7BE36F40BD4FD71B736577834A073047CA290FD875BD83911BCF2 |