[Multipointer]

Virustotal will never tell you anything with 100% accuracy, and who is spencer lol..

 

[habibcan50]

so, is this file safe

 

[HelloWorld12]

Virustotal will never tell you anything with 100% accuracy, and who is spencer lol..

gang, thats the behaviour chart, it shows everything the file drops and downloads :/

 

[nuggie]

this is the one from RAZE's telegram, use QHIDE's from yougame. it's likely more safe than RAZE

 

[nuggie]

gang, thats the behaviour chart, it shows everything the file drops and downloads :/

yes, however this executes something way deeper than virustotal or any av can detect (puts itself in the bootloader)

usually this would be fixable with windows built in tools if it wasn't completely retarded (thanks bill gate)

 

[stefanel]

yall gotta wait till January for update of unk.is site and loader.

 

[lakzyhackss]

lol

 

[Adurit]

so, is this file safe

Yes

 

[stefanel]

Imagine if it really is an payload which is set to work on an date

 

[nuggie]

yall gotta wait till January for update of unk.is site and loader.

just use qhide's free lol (t.me/g00d_crack or yougame)
it's the guy who did shit with l3d (otc2legacy guy)

 

[Larry]

misconception, the free by qHide is safe, the one from Raze is a rat.

razes is qhides compare the md5 hashes before saying that.... p.s. qhide is on razes staff team

 

[HelloWorld12]

razes is qhides compare the md5 hashes before saying that.... p.s. qhide is on razes staff team

he WAS on their staff.

 

[NebeltheCet]

View attachment 8208I might be retarded, I don't know much about analysis, but in spencers overview, theres litteraly a file thats called rat.rar :/

those things you are looking at are compressed files that were previously scanned in virustotal.

example:
download this free,
make a different rar/zip file,
name the file some random bullshit you want(in this case rat),
scan on virustotal and after its done it'll show up where you saw that rat.rar.

 

[Fateh123]

it just crash

 

[uhdba7wdgbay]

this one is NOT from raze its from yugames from Qhide

qhide is a member of raze lmfao

 

[Looh]

qhide is a member of raze lmfao

not anymore why do you think he freeed a clean version

 

[randomguy]

not anymore why do you think he freeed a clean version

stop spreading false information

qhide
skeet.dll e9506cddcfcace80620ef7b5b0ebcc2b
steam.exe
afe9b68ed167f0ec45a28bd47d3054f7

raze
skeet.dll
e9506cddcfcace80620ef7b5b0ebcc2b
steam.exe
afe9b68ed167f0ec45a28bd47d3054f7

same hashes

 

[MonkeyBoy669]

gang, thats the behaviour chart, it shows everything the file drops and downloads :/

no its not its the execution parents section which is just files that have dropped that file before. it does not drop rat.rar, the bundled steam.exe file in rat.rar drops it. The only importance of execution parents is to show where a file has been bundled in other sandbox analysed files. All the zip and rar files basically mean nothing because that just means its a zipped file that has had the dll in it.

 

[preczzpadaka]

bro pls fix i getting crash but steam.exe saying RESZ not supported how to fix this?

pls someone help

 

[HelloWorld12]

no its not its the execution parents section which is just files that have dropped that file before. it does not drop rat.rar, the bundled steam.exe file in rat.rar drops it. The only importance of execution parents is to show where a file has been bundled in other sandbox analysed files. All the zip and rar files basically mean nothing because that just means its a zipped file that has had the dll in it.

the dll had RAT.dll in it, once running it, you can find these files left within your registry.