154100x800000000000000073910Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.346{cf0731c2-c039-699e-7dd5-000000005702}6436C:\Users\ADMINI~1\AppData\Local\Temp\2\_MEI10322\rar.exe5.91.0Command line RARWinRARAlexander Roshal-C:\Users\ADMINI~1\AppData\Local\Temp\2\_MEI10322\rar.exe a -r -hp"blank123" "C:\Users\ADMINI~1\AppData\Local\Temp\2\z1lby.zip" *C:\Users\ADMINI~1\AppData\Local\Temp\2\          \EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=9C223575AE5B9544BC3D69AC6364F75E,SHA256=90341AC8DCC9EC5F9EFE89945A381EB701FE15C3196F594D9D9F0F67B4FC2213,IMPHASH=9A33888E10929C185D02249D2B55C15A{cf0731c2-c039-699e-7bd5-000000005702}4236C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\ADMINI~1\AppData\Local\Temp\2\_MEI10322\rar.exe a -r -hp"blank123" "C:\Users\ADMINI~1\AppData\Local\Temp\2\z1lby.zip" *"EC2AMAZ-8HFGKTD\Administrator 154100x800000000000000073909Microsoft-Windows-Sysmon/OperationalEC2AMAZ-8HFGKTD-2026-02-25 09:26:17.292{cf0731c2-c039-699e-7bd5-000000005702}4236C:\Windows\System32\cmd.exe10.0.20348.4647 (WinBuild.160101.0800)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c "C:\Users\ADMINI~1\AppData\Local\Temp\2\_MEI10322\rar.exe a -r -hp"blank123" "C:\Users\ADMINI~1\AppData\Local\Temp\2\z1lby.zip" *"C:\Users\ADMINI~1\AppData\Local\Temp\2\          \EC2AMAZ-8HFGKTD\Administrator{cf0731c2-34e1-6997-0e14-0a0000000000}0xa140e2HighMD5=F63068E624FE6B82058AAAA671D4BC96,SHA256=90D120880614E1E2A94067BAAD1454B09E2BE7A9DA51B71E33C247077D9F9538,IMPHASH=D60B77062898DC6BFAE7FE11A0F8806C{cf0731c2-c030-699e-64d5-000000005702}6592C:\Users\Public\blank-grabber.exe"C:\Users\Public\blank-grabber.exe" EC2AMAZ-8HFGKTD\Administrator