File name: | 9.rar |
Full analysis: | https://app.any.run/tasks/a8a23635-5fe8-483b-80c5-39315511d822 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 09:20:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | C3AB11C1BBD6EA349EBF9346FDAED09E |
SHA1: | 1F305EAFE3ED8C0FF4F979EB1D038DBADCCCD048 |
SHA256: | E6C6D0091EE3BC8396034BB0858387050CBB38109116316463CE8A245CCFBDD2 |
SSDEEP: | 12288:T5Fi+yV9YVzmoGUdIfDZ6NsIE0H3kmZjVILThH0Q58F/KyV2EZL:THRyV9YMoGtrZaE0F8F1KtJ/J |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3840 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\9.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2564 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2420 | "C:\Users\admin\Desktop\PornHub Checker.exe" | C:\Users\admin\Desktop\PornHub Checker.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
3092 | "C:\Users\admin\Desktop\PornHub Checker.exe" | C:\Users\admin\Desktop\PornHub Checker.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
904 | "C:\Users\admin\AppData\Local\Temp\Pornhub Cracked.exe" | C:\Users\admin\AppData\Local\Temp\Pornhub Cracked.exe | PornHub Checker.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2388 | "C:\Users\admin\AppData\Local\Temp\Pornhub Crackeddd.exe" | C:\Users\admin\AppData\Local\Temp\Pornhub Crackeddd.exe | PornHub Checker.exe | |
User: admin Company: Azetej Company Integrity Level: HIGH Description: ViaGoGo Checker Version: 1.0.0.0 | ||||
3496 | "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome.exe" | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome.exe | — | Pornhub Cracked.exe |
User: admin Integrity Level: HIGH Description: Version: 0.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3092 | PornHub Checker.exe | C:\Users\admin\AppData\Local\Temp\Pornhub Cracked.exe | executable | |
MD5:80366770308B514A811821B4061AD6B7 | SHA256:8094F1855F81971C85D3403FCD30C9A0EA26FCF8C9C4A05349E063697AF39C2B | |||
904 | Pornhub Cracked.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome.exe | executable | |
MD5:3A9C6E1A88495E179813E07BF8682DA7 | SHA256:B51733AA9A57CD6C5FC43A350F69ED8C0B92DE3E3333F55B8D92582BCB74331E | |||
3840 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3840.24811\PornHub Checker.exe | executable | |
MD5:DFE91D7319D534A25B0B62B2D45FE9ED | SHA256:EDBBF072BC044652325CF1EC47E946759B184E753D478E7BF4F0D94494CA0AB8 | |||
904 | Pornhub Cracked.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dd.html | text | |
MD5:DC8F0123BC91D1C1257BA152C4D7369F | SHA256:348F8426059BF4FEB4E6394A1E13B30F8BFF640D36D2F3C1B4AD51D944D1E002 | |||
3092 | PornHub Checker.exe | C:\Users\admin\AppData\Local\Temp\Pornhub Crackeddd.exe | executable | |
MD5:FEAC0E9C86DEFC843B19B04D9801195F | SHA256:CEBF75C534D06D21C72A7E534193A20B7A83EDD9AF9F98154C9E8F8A9D8801DE | |||
3840 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3840.24811\Colorful.Console.dll | executable | |
MD5:5F3D2CFBC21591B8FEEF1EFA3E59A4D0 | SHA256:F31D4FD7E729FC6CF4ECAB972B6B1EE897918A325B1CA572030966F831E768FB | |||
3840 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3840.24811\Newtonsoft.Json.dll | executable | |
MD5:5AFDA7C7D4F7085E744C2E7599279DB3 | SHA256:F58C374FFCAAE4E36D740D90FBF7FE70D0ABB7328CD9AF3A0A7B70803E994BA4 | |||
3840 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3840.24811\Leaf.xNet.dll | executable | |
MD5:43C82221E0B667D0A0DA9BF73E9951A8 | SHA256:4D06AB17F6137362F254F389B071C235AABA37FC3F0C4D2E941B58517BC4E503 |