Does anyone know if these two files are considered malware? I see a lot of things in the behavior tab that seem suspicious (but then again, I have no idea, and am relatively new/dumb).

Here are the images of the virustotal results I am referring to:

Also, I did see there was an noticeable slowness to my pc after I extracted the rar files (I was in a VM).

Thank you.

you are viewing a single comment's thread
view the rest of the comments

[–] treasure@feddit.org 22 points 2 days ago

TLDR: I can't say for 100% sure, but there are multiple reasons to believe that this is malware.

Long version: I'm seeing multiple suspicious things here.

The IPs being connected to are part of some hoster and have some abuse reports: https://www.abuseipdb.com/check-block/217.20.58.98/29
The domain being resolved is qcloud[.]com, which belongs to Tencent Cloud and definitely not Microsoft.
Other domains in memory like counter-strike[.]com[.]ua are very new and definitely sound fishy.
A standalone version of 7zip is being run and extracts the created rar file with the password "infected". Real alarm bells here.
A lot of the registry actions look like anti-debugging, which does not sound like something an Illustrator Plugin would do.