analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

CarterOs.zip

Full analysis: https://app.any.run/tasks/032d9681-4776-4d9b-9363-b256ecb3d189
Verdict: Malicious activity
Analysis date: January 24, 2022, 18:19:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

24EF4394FC1A6F227D82D8EC4536550B

SHA1:

F370D79DCF0FADC349D44EEC398321E8C6A5B4AD

SHA256:

D0487C7F2A690CD415D38BA75A4DA5253BA54E40CBDE2F117FFAAC1AD7C358AE

SSDEEP:

192:dzJ/3hfnmaof77GHtX+RfSu7EwyglXflV3hrN91l32Rs4CP:bxfn1I2Ht0SusgFlV3lwXCP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 612)

    • Checks supported languages

      • cmd.exe (PID: 2440)
      • WinRAR.exe (PID: 612)
      • cmd.exe (PID: 2292)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 1508)
      • cmd.exe (PID: 3708)
      • cmd.exe (PID: 2800)
      • cmd.exe (PID: 1116)
      • cmd.exe (PID: 3428)
      • cmd.exe (PID: 3044)
      • cmd.exe (PID: 4028)
      • cmd.exe (PID: 2408)
      • cmd.exe (PID: 2940)
      • cmd.exe (PID: 2476)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 1228)
      • cmd.exe (PID: 2104)
      • cmd.exe (PID: 2580)
      • cmd.exe (PID: 3468)
      • cmd.exe (PID: 1112)
      • cmd.exe (PID: 3208)
      • cmd.exe (PID: 1220)
      • cmd.exe (PID: 2640)
      • cmd.exe (PID: 3552)
      • cmd.exe (PID: 2692)
      • cmd.exe (PID: 576)
      • cmd.exe (PID: 3608)
      • cmd.exe (PID: 2224)
      • cmd.exe (PID: 2420)
      • cmd.exe (PID: 2984)
      • cmd.exe (PID: 2992)
      • cmd.exe (PID: 3300)
      • cmd.exe (PID: 2332)
      • cmd.exe (PID: 2252)
      • cmd.exe (PID: 3056)
      • cmd.exe (PID: 2328)
      • cmd.exe (PID: 3992)
      • cmd.exe (PID: 3012)
      • cmd.exe (PID: 572)
      • cmd.exe (PID: 532)
      • cmd.exe (PID: 4028)
      • cmd.exe (PID: 3804)
      • cmd.exe (PID: 3044)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 684)
      • cmd.exe (PID: 2140)
      • cmd.exe (PID: 2688)
      • cmd.exe (PID: 4052)
      • cmd.exe (PID: 2104)
      • cmd.exe (PID: 3988)
      • cmd.exe (PID: 1096)
      • cmd.exe (PID: 3720)
      • cmd.exe (PID: 2640)
      • cmd.exe (PID: 2252)
      • cmd.exe (PID: 356)
      • cmd.exe (PID: 2708)
      • cmd.exe (PID: 3552)
      • cmd.exe (PID: 2692)
      • cmd.exe (PID: 3180)
      • cmd.exe (PID: 1296)
      • cmd.exe (PID: 1164)
      • cmd.exe (PID: 3952)
      • cmd.exe (PID: 1596)
      • cmd.exe (PID: 1248)
      • cmd.exe (PID: 2504)
      • cmd.exe (PID: 3300)
      • cmd.exe (PID: 2960)
      • cmd.exe (PID: 688)
      • cmd.exe (PID: 4024)
      • cmd.exe (PID: 2992)
      • cmd.exe (PID: 2696)
      • cmd.exe (PID: 2744)
      • cmd.exe (PID: 2132)
      • cmd.exe (PID: 2932)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 3804)
      • cmd.exe (PID: 3976)
      • cmd.exe (PID: 1472)
      • cmd.exe (PID: 2884)
      • cmd.exe (PID: 2688)
      • cmd.exe (PID: 576)
      • cmd.exe (PID: 3472)
      • cmd.exe (PID: 2464)
      • cmd.exe (PID: 3904)
      • cmd.exe (PID: 2080)
      • cmd.exe (PID: 1708)
      • cmd.exe (PID: 3412)
      • cmd.exe (PID: 2964)
      • cmd.exe (PID: 3740)
      • cmd.exe (PID: 3300)
      • cmd.exe (PID: 2392)
      • cmd.exe (PID: 1284)
      • cmd.exe (PID: 2096)
      • cmd.exe (PID: 3164)
      • cmd.exe (PID: 3712)
      • cmd.exe (PID: 2128)
      • cmd.exe (PID: 3352)
      • cmd.exe (PID: 4076)
      • cmd.exe (PID: 552)
      • cmd.exe (PID: 3068)
      • cmd.exe (PID: 3736)
      • cmd.exe (PID: 2372)
      • cmd.exe (PID: 2500)
      • cmd.exe (PID: 3976)
      • cmd.exe (PID: 3100)
      • cmd.exe (PID: 2884)
      • cmd.exe (PID: 3180)
      • cmd.exe (PID: 4072)
      • cmd.exe (PID: 3436)
      • cmd.exe (PID: 3280)
      • cmd.exe (PID: 564)
      • cmd.exe (PID: 1000)
      • cmd.exe (PID: 2736)
      • cmd.exe (PID: 2684)
      • cmd.exe (PID: 3148)
      • cmd.exe (PID: 2828)
      • cmd.exe (PID: 3688)
      • cmd.exe (PID: 3864)
      • cmd.exe (PID: 2332)
      • cmd.exe (PID: 1588)
      • cmd.exe (PID: 2960)
      • cmd.exe (PID: 2368)
      • cmd.exe (PID: 3460)
      • cmd.exe (PID: 3688)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 636)
      • cmd.exe (PID: 2572)
      • cmd.exe (PID: 3760)
      • cmd.exe (PID: 1024)
      • cmd.exe (PID: 2704)
      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 1228)
      • cmd.exe (PID: 1984)
      • cmd.exe (PID: 2792)
      • cmd.exe (PID: 3956)
      • cmd.exe (PID: 3804)
      • cmd.exe (PID: 1368)
      • cmd.exe (PID: 356)
      • cmd.exe (PID: 2948)
      • cmd.exe (PID: 3196)
      • cmd.exe (PID: 1096)
      • cmd.exe (PID: 2688)
      • cmd.exe (PID: 3904)
      • cmd.exe (PID: 2328)
      • cmd.exe (PID: 2836)
      • cmd.exe (PID: 676)
      • cmd.exe (PID: 1332)
      • cmd.exe (PID: 3484)
      • cmd.exe (PID: 4064)
      • cmd.exe (PID: 4092)
      • cmd.exe (PID: 1556)
      • cmd.exe (PID: 2148)
      • cmd.exe (PID: 1688)
      • cmd.exe (PID: 3768)
      • cmd.exe (PID: 876)
      • cmd.exe (PID: 3220)
      • cmd.exe (PID: 4080)
      • cmd.exe (PID: 1524)
      • cmd.exe (PID: 3444)
      • cmd.exe (PID: 3164)
      • cmd.exe (PID: 356)
      • cmd.exe (PID: 1696)
      • cmd.exe (PID: 3640)
      • cmd.exe (PID: 2824)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3456)
      • cmd.exe (PID: 1408)
      • cmd.exe (PID: 2932)
      • cmd.exe (PID: 3052)
      • cmd.exe (PID: 2828)
      • cmd.exe (PID: 1228)
      • cmd.exe (PID: 4072)
      • cmd.exe (PID: 3364)
      • cmd.exe (PID: 3420)
      • cmd.exe (PID: 652)
      • cmd.exe (PID: 3132)
      • cmd.exe (PID: 1124)
      • cmd.exe (PID: 2424)
      • cmd.exe (PID: 3224)
      • cmd.exe (PID: 2024)
      • cmd.exe (PID: 3144)
      • cmd.exe (PID: 3832)
      • cmd.exe (PID: 2148)
      • cmd.exe (PID: 2868)
      • cmd.exe (PID: 3844)
      • cmd.exe (PID: 1876)
      • cmd.exe (PID: 3848)
      • cmd.exe (PID: 3716)
      • cmd.exe (PID: 1228)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 3068)
      • cmd.exe (PID: 2256)
      • cmd.exe (PID: 3380)
      • cmd.exe (PID: 356)
      • cmd.exe (PID: 1408)
      • cmd.exe (PID: 3532)
      • cmd.exe (PID: 3032)
      • cmd.exe (PID: 472)
      • cmd.exe (PID: 3336)
      • cmd.exe (PID: 2948)
      • cmd.exe (PID: 3748)
      • cmd.exe (PID: 3644)
      • cmd.exe (PID: 1592)

    • Starts CMD.EXE for commands execution

      • WinRAR.exe (PID: 612)
      • cmd.exe (PID: 2292)

    • Application launched itself

      • cmd.exe (PID: 2292)

  • INFO

    • Manual execution by user

      • cmd.exe (PID: 2292)

    • Checks supported languages

      • findstr.exe (PID: 3248)
      • findstr.exe (PID: 3044)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: 4.txt
ZipUncompressedSize: 2056
ZipCompressedSize: 619
ZipCRC: 0x3177d1a5
ZipModifyDate: 2021:12:31 07:17:29
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
244
Monitored processes
205
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
612"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CarterOs.zip"C:\Program Files\WinRAR\WinRAR.exeExplorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
2440C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa612.1140\carteros.bat" "C:\Windows\system32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
3221225786
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
2292C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Desktop\carteros.bat" "C:\Windows\system32\cmd.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3248findstr /v "ljkshlfjhdas" boot.txtC:\Windows\system32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
2244C:\Windows\system32\cmd.exe /S /D /c" echo"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1508C:\Windows\system32\cmd.exe /S /D /c" set /p="#""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3708C:\Windows\system32\cmd.exe /S /D /c" echo"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
1116C:\Windows\system32\cmd.exe /S /D /c" set /p="#""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
3044C:\Windows\system32\cmd.exe /S /D /c" echo"C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2800C:\Windows\system32\cmd.exe /S /D /c" set /p="#""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
4 437
Read events
4 397
Write events
40
Delete events
0

Modification events

(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(612) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\CarterOs.zip
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(612) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
0
Suspicious files
0
Text files
12
Unknown types
1

Dropped files

PID
Process
Filename
Type
612WinRAR.exeC:\Users\admin\Desktop\font.txttext
MD5:A2513C4CDBE89909FF7FB5CF6E7A9AD7
SHA256:B33DFAD175B63F2CEC86DC9EAD162D302011C1F33A622732D8EE0690671D5DAC
612WinRAR.exeC:\Users\admin\Desktop\menu.txttext
MD5:AD52F04A39EC03A55BD79DE641437AAE
SHA256:9EE4EDBB23A9A892A0CE54F6B34BDD8C8B55C450CE86A6C67C3D69BFC47CE7EF
612WinRAR.exeC:\Users\admin\Desktop\boot.txttext
MD5:0C84A63DB3464922FB5079429F4515A1
SHA256:F9F4B66F6AE1A776F2AFF6478D98599968DC44857E3E1C07B49966CEDD13101C
612WinRAR.exeC:\Users\admin\Desktop\4.txttext
MD5:2A1FBB536351825238E19A6AAF7C7A92
SHA256:77486019539260EA39DFF9712667DBE28AC0EFBACCB055C08F1942C57374244C
612WinRAR.exeC:\Users\admin\Desktop\loading2.txttext
MD5:5297F9B74CE7A236E69874D04AF632B7
SHA256:E4359630263731F03E32C7E41ECFB96D5BDAB81C90EE4636431E0C7C0476D7D7
612WinRAR.exeC:\Users\admin\Desktop\loading.txttext
MD5:B0EAEB4E45B9D22BF049B5C6094ECED2
SHA256:A5C7D548C886A387F437B2955954712488BF6A78802EDF6676B47C37B569CEFC
612WinRAR.exeC:\Users\admin\Desktop\carteros.battext
MD5:023046B7B8BCC660B24642706CCCC4E8
SHA256:17AC4777CA14509FB4839E5D7F963C587CD322D879FD627BC0FC9E888A6B3EB7
612WinRAR.exeC:\Users\admin\Desktop\carteros.lnklnk
MD5:113342FFCA4D9710B12869C1597330F7
SHA256:1F974FD63669548CD1478EECCAE7D372F5EA2234209E4CA8EAD672AACF2A3578
612WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa612.1140\carteros.battext
MD5:023046B7B8BCC660B24642706CCCC4E8
SHA256:17AC4777CA14509FB4839E5D7F963C587CD322D879FD627BC0FC9E888A6B3EB7
612WinRAR.exeC:\Users\admin\Desktop\Notepad.txttext
MD5:E4D909C290D0FB1CA068FFADDF22CBD0
SHA256:EF537F25C895BFA782526529A9B63D97AA631564D5D789C2B765448C8635FB6C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.2:53
whitelisted

DNS requests

Domain
IP
Reputation
www.microsoft.com
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
CarterOs.zip