20882 Rar | FAST |

: Look for variations of Rar$Scan[Number].bat .

: WinRAR.exe spawning cmd.exe to run .bat scripts from temporary folders. 20882 rar

: C:\Users\admin\AppData\Local\Temp\20882\ (or similar Temp subdirectories). : Look for variations of Rar$Scan[Number]

Malware analysis ibso9p0sjp44crzm.7z Malicious activity | ANY.RUN 20882 rar

: The analysis shows a file named Rar$Scan19941.bat being launched from the 20882 directory via cmd.exe .