File name: | NetFlix Checker by xRisky v2.rar |
Full analysis: | https://app.any.run/tasks/27a2cc61-87e3-4825-a647-3efc452f542e |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 17:35:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | F8FB64E8D50CC6D9BF05D5C8E20D56C0 |
SHA1: | EDC49D759ADBA60C69A18BF9233E6E2035F1FCB0 |
SHA256: | D5E66C54CF7AC370D1701C48C73A8002F9437D8497D201EF1D784E813CD44945 |
SSDEEP: | 196608:fzAgmwkpgI6+BaICCSF2+vAvhqTZSWxGOk+YxoByFphgMU:fzh4x6ovqs+BExo47OMU |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3860 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NetFlix Checker by xRisky v2.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3796 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
3132 | "C:\Users\admin\Desktop\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe" | C:\Users\admin\Desktop\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: Launcher Exit code: 0 Version: 1.0.0.0 | ||||
584 | "C:\Users\admin\Desktop\NetFlix Checker by xRisky v2\debug\Launcher.exe" | C:\Users\admin\Desktop\NetFlix Checker by xRisky v2\debug\Launcher.exe | NetFlix Checker by xRisky v2.exe | |
User: admin Integrity Level: HIGH Description: Launcher Exit code: 0 Version: 1.0.0.0 | ||||
2572 | "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\ | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | Launcher.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows PowerShell Exit code: 1 Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) | ||||
2608 | "C:\Users\admin\Desktop\NetFlix Checker by xRisky v2\debug\NetCheck.exe" | C:\Users\admin\Desktop\NetFlix Checker by xRisky v2\debug\NetCheck.exe | NetFlix Checker by xRisky v2.exe | |
User: admin Company: __xRisky__ Integrity Level: HIGH Description: NetFlix Checker by xRisky v2 Version: 1.0.0.0 | ||||
4036 | "C:\Windows\IMF\Windows Services.exe" {Arguments If Needed} | C:\Windows\IMF\Windows Services.exe | — | Launcher.exe |
User: admin Integrity Level: HIGH Description: Windows Services Version: 1.0.0.0 | ||||
1972 | "C:\Windows\IMF\Secure System Shell.exe" | C:\Windows\IMF\Secure System Shell.exe | — | Windows Services.exe |
User: admin Integrity Level: HIGH Description: Secure System Shell Version: 1.0.0.0 | ||||
3856 | "C:\Windows\IMF\Runtime Explorer.exe" | C:\Windows\IMF\Runtime Explorer.exe | — | Windows Services.exe |
User: admin Company: Microsoft Windows Integrity Level: HIGH Exit code: 0 Version: 1.00 | ||||
2748 | "C:\Windows\IMF\Runtime Explorer.exe" | C:\Windows\IMF\Runtime Explorer.exe | — | Windows Services.exe |
User: admin Company: Microsoft Windows Integrity Level: HIGH Version: 1.00 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\debug\Launcher.exe | executable | |
MD5:C6D4C881112022EB30725978ECD7C6EC | SHA256:0D87B9B141A592711C52E7409EC64DE3AB296CDDC890BE761D9AF57CEA381B32 | |||
2572 | powershell.exe | C:\Users\admin\AppData\Local\Temp\0ne3fyuz.k1p.ps1 | binary | |
MD5:C4CA4238A0B923820DCC509A6F75849B | SHA256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\NetFlix Checker by xRisky v2.exe | executable | |
MD5:A936E1C25E761F0DAC98E9D42AD28637 | SHA256:CC93D5CB201A68DD673A5CF55AC97723B226FB670A73DF2D29548BF25245C2A4 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\MetroSuite 2.0.dll | executable | |
MD5:0D30A398CEC0FF006B6EA2B52D11E744 | SHA256:8604BF2A1FE2E94DC1EA1FBD0CF54E77303493B93994DF48479DC683580AA654 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\debug\Ionic.Zip.dll | executable | |
MD5:F6933BF7CEE0FD6C80CDF207FF15A523 | SHA256:17BB0C9BE45289A2BE56A5F5A68EC9891D7792B886E0054BC86D57FE84D01C89 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\debug\NetCheck.exe | executable | |
MD5:5767A86DEDD068E8F14F1570A9052303 | SHA256:CC815FCC20A41A0A2BF9C1574518004327EBB889E666D964E095482C5996EF11 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\debug\xNet.dll | executable | |
MD5:158DEFD55A804AA8D4D67BFDF7A4AF9C | SHA256:6C7EC4CC31A2CE0B97703B7A42E3448E9B87D96DDA12761CA24D8787AC27CFF1 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\debug\LICENCE.dat | compressed | |
MD5:F3014A18051F4E596AB95DA9138F6F6B | SHA256:1F84A00808D5ECA122FDE7F20708F272C349FAE1EAA1129B5C694750F2E047D6 | |||
2572 | powershell.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | dbf | |
MD5:446DD1CF97EABA21CF14D03AEBC79F27 | SHA256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3860.40162\NetFlix Checker by xRisky v2\Qoollo.Turbo.dll | executable | |
MD5:4E8246DF4EE956EC273C4BAA2054593C | SHA256:1172732FD0FE6B679F5C6BF750598133DC815622C55EF1FA84087087BF42B495 |