File name: | Snipaste-1.16.2-x64.zip |
Full analysis: | https://app.any.run/tasks/f7c49375-883f-4104-8d38-0d29799fc38c |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 03:23:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D1BA68AB665533F953633502FB7052F2 |
SHA1: | 07681CEEB45DC4F8ACBC1C2F3731773CEF82162D |
SHA256: | D72B81BB2858462EB88F26B81455ADEA2FE57E6E0A371BDC74D7333290BF2D55 |
SSDEEP: | 393216:T7Eg+MhlpgECAaI9XKEYFr4ulVHxL1GZy5eyAnShzD:T7EJMhUNoalFD/1Gk5epnmzD |
.zip | | | ZIP compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3548 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Snipaste-1.16.2-x64.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 |
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Snipaste-1.16.2-x64.zip | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3548) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\imageformats\qico.dll | executable | |
MD5:E2E0BDD080E57CFAFA002E9A77659725 | SHA256:41F7F1C6354FB7DF78EFA6C300069617E172565FDFDC009B1ADE8EE53E454283 | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\imageformats\qtga.dll | executable | |
MD5:6AF3C5B92CBB73092BA40A9F4AAE874D | SHA256:ED370BD43B491DDF754C65CC081C7EA3B77880CE930EDF02870570622B508422 | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\imageformats\qsvg.dll | executable | |
MD5:42C8FEC602252658F3D6DE2BFA2FE9FD | SHA256:45A11F9B597C2361C8A40837625C3F93AE3443562D088BC0DC6514E09E20B1ED | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\hoedown.dll | executable | |
MD5:563196B167690F130AD5DE9B49B293AC | SHA256:0C2BF16F68A64EDE7E2DA509C6497E41B735887D21678FB86CCFCCBBA164D4DF | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\lang\pl_pl.qm | qm | |
MD5:4961728A7C351246B7B9F565DECE2924 | SHA256:51D0DE56AC8DE09BAEB105E86737A1A0C26A243887B11ADC9BB1FD5001E36122 | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\audio\qtaudio_wasapi.dll | executable | |
MD5:A41F1C196AF648F8F7321E89B37775C0 | SHA256:917492BB950BB6D504466F8F1B211336B5F2B516DC79DA8A2032D083F131AD61 | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\imageformats\qwbmp.dll | executable | |
MD5:354EECCE0FDDD8330FA014D38C0E0812 | SHA256:B6671368CA4DB77F8F7227386CC24A6812C72B36C61946D43D39730035562D47 | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\imageformats\qicns.dll | executable | |
MD5:C969A2D69AE29DE635E90B808C204B80 | SHA256:541A8AB55D06BB1C45AE1AD5349EF4D12570F601D27276925E6D969B648A9182 | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\imageformats\qjpeg.dll | executable | |
MD5:85E46CA17B81821A568D721AFD93FA06 | SHA256:C6B283B89FB32320EEC47CD25C017F530F35DAB22C67DC2B9814F2F3B0DB9853 | |||
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3548.39827\imageformats\qgif.dll | executable | |
MD5:2E925B1ED3D825EB835E0705CE3889A4 | SHA256:2479326683045ED9A344FB60CBE9AC124648319E8AD14E75005228EAED5E0A5C |