File name: | 2_checkers.rar |
Full analysis: | https://app.any.run/tasks/2456ea09-6195-4f5e-b169-cef7a04febef |
Verdict: | Malicious activity |
Analysis date: | August 17, 2019, 17:19:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | F400C2259E57262A657BDF3D16EEA1D1 |
SHA1: | 3EB5DA62E8E0898A02EFCBC94B3E9B9BE8C34A3E |
SHA256: | ECABF450BF9EFA8F20108666D96B5B3D4F1B8AFD516702191CCD3894DFFCBA09 |
SSDEEP: | 196608:sJj3zIZyT83rDvHIDQnwa43ZoiOPu+Jhx3kZcx/DuQpW7rNEPtH:E9T83fQDha8bOPughx3lru4mNc |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3768 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2_checkers.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
752 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3036 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -jar "C:\Users\admin\Desktop\Minecraft Checker (DMC)\DMCv2.1.jar" | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | explorer.exe | |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 | ||||
2536 | "C:\Users\admin\Desktop\MEGA Checkers\MEGA Checker Graphical\MEGAnz Cracker by Malex.exe" | C:\Users\admin\Desktop\MEGA Checkers\MEGA Checker Graphical\MEGAnz Cracker by Malex.exe | explorer.exe | |
User: admin Company: Malex Integrity Level: MEDIUM Description: MEGACracker Exit code: 0 Version: 1.0.0.0 | ||||
3056 | "C:\Users\admin\Desktop\MEGA Checkers\MEGA Checker + Capture\MegaChecker[byJayP].exe" | C:\Users\admin\Desktop\MEGA Checkers\MEGA Checker + Capture\MegaChecker[byJayP].exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: MegaCrack Exit code: 3221225786 Version: 1.0.0.0 | ||||
3060 | "C:\Users\admin\Desktop\MEGA Checkers\MEGA Checker\MegaCracker.exe" | C:\Users\admin\Desktop\MEGA Checkers\MEGA Checker\MegaCracker.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: MegaCracker Exit code: 3762504530 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\DMCv2.1.jar | compressed | |
MD5:8A96F6F2016B14FF805A489704D8A417 | SHA256:A1A1FC2702465C67F0B115EB35679D55319B189B6B1A421035698EC5295C31C7 | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\fontawesomefx-fontawesome-4.7.0-5.jar | compressed | |
MD5:EC27B88E803F9E3FB0B8EB097F047074 | SHA256:A68ECBE529F50987CDA7197550DA1C41EBB7A339DED89E30E5C4A71F6B0E891A | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\fontawesomefx-weathericons-2.0.10-5.jar | compressed | |
MD5:50AC4F1A75B04E88FD6DF93F61ED0C9A | SHA256:E7C3AA4AA843FBBC22946806260CCCB257A230AF013B48D333B54026277345D5 | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\fontawesomefx-controls-8.15.jar | compressed | |
MD5:A98B04A5B4FD0177F484D4398EEB8315 | SHA256:12920506CF4FD6982DD295C4001A0B6CFAA11CDEBFECC1D15E98FA5023387093 | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\fontawesomefx-materialdesignfont-1.7.22-4.jar | compressed | |
MD5:2075B89975D9C97CA67B6C9F82F45381 | SHA256:8F700556BBFDC4A581224D3BD6FF869B8A03F6670BD7E0FC78884BD2F31FDB64 | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\fontawesomefx-materialstackicons-2.1-5.jar | compressed | |
MD5:B573F4EB1F68082FAFDEFBF028018357 | SHA256:FBB5995F704F7C276F2371544AB304F9DA994613ED4D6D36C75EF01770B2C0FC | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\fontawesomefx-materialicons-2.2.0-5.jar | compressed | |
MD5:01A13AB543C2B16981CCFAF8C0E79F04 | SHA256:56AA592CF19C021AE4BE42B275C9934A0D158A0FD7B03A11FB5211193598E9C7 | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\MEGA Checkers\MEGA Checker\MegaCracker.exe | executable | |
MD5:905127B9182A5F916903DF3EE2408E3B | SHA256:5EBE6770F0ABA18A3329E1B100E94C178DAB7BB2C1F651922D50F58C8B78B408 | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\LexActivator-1.jar | java | |
MD5:8D42966B1DF48D561996CE3768839BE3 | SHA256:813EE552C0AF3648D67096F71641895635BCB3964FD79473AB38DD4C0E387863 | |||
3768 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3768.38123\Minecraft Checker (DMC)\lib\fontawesomefx-commons-8.15.jar | compressed | |
MD5:83D09854C5531A36D74D256430811C19 | SHA256:E1505A31433F1B2902478217651AFC78DAE5AB09670336AFC46E582A1DEA1E4D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3036 | javaw.exe | 104.25.74.29:443 | ru.namemc.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
ru.namemc.com |
| malicious |
Process | Message |
---|---|
MEGAnz Cracker by Malex.exe | MahApps.Metro.Behaviours.WindowsSettingBehaviour: Clean up from AssociatedObject closed event.
|
MEGAnz Cracker by Malex.exe | MahApps.Metro.Behaviours.WindowsSettingBehaviour: Clean up from AssociatedObject closed event.
|