File name:

IVONA Text To Speech 1.6.63 With Crack (All Voices) Keygen(1).7z

Full analysis: https://app.any.run/tasks/693b2d07-ec68-4305-81c6-339c88e72aca
Verdict: Malicious activity
Analysis date: December 01, 2024, 10:10:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
autoit
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

4B05ED940DB80C1610BA8DB2304E4A6D

SHA1:

9E38E0D4D947A6A40A0446E5F7E7A854F97A5984

SHA256:

4810B879EBC844D2F0974DD9865D8CAF4F00554AE2EFBA83FAF0E2F4D936493A

SSDEEP:

49152:kD8U6tf+PxukjxrZR4OprTKaTkkGVMWnkn12xjTynOs5UHKYoPk+hoDFYLwC6c7k:0P6d+PxpRHBlTk3VMWnw2xjqxUHKJLwN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4764)

    • Executable content was dropped or overwritten

      • cmd.exe (PID: 4764)

    • Executing commands from ".cmd" file

      • ivona text to speech 1.6.63 with crack (all voices) keygen.exe (PID: 4628)

    • The executable file from the user directory is run by the CMD process

      • Arrangements.com (PID: 6528)

    • Starts the AutoIt3 executable file

      • cmd.exe (PID: 4764)

    • Get information on the list of running processes

      • cmd.exe (PID: 4764)

    • Starts application with an unusual extension

      • cmd.exe (PID: 4764)

    • Starts CMD.EXE for commands execution

      • ivona text to speech 1.6.63 with crack (all voices) keygen.exe (PID: 4628)
      • cmd.exe (PID: 4764)

    • Application launched itself

      • cmd.exe (PID: 4764)

  • INFO

    • Manual execution by a user

      • ivona text to speech 1.6.63 with crack (all voices) keygen.exe (PID: 4628)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6240)

    • Creates a new folder

      • cmd.exe (PID: 4164)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
13
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe ivona text to speech 1.6.63 with crack (all voices) keygen.exe no specs cmd.exe conhost.exe no specs tasklist.exe no specs findstr.exe no specs tasklist.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs arrangements.com no specs choice.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3876findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4164cmd /c md 247269C:\Windows\SysWOW64\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4628"C:\Users\admin\Desktop\ivona text to speech 1.6.63 with crack (all voices) keygen.exe" C:\Users\admin\Desktop\ivona text to speech 1.6.63 with crack (all voices) keygen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\ivona text to speech 1.6.63 with crack (all voices) keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4764"C:\Windows\System32\cmd.exe" /c copy Jokes Jokes.cmd && Jokes.cmdC:\Windows\SysWOW64\cmd.exe
ivona text to speech 1.6.63 with crack (all voices) keygen.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4816findstr /I "wrsa opssvc" C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4876\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5032tasklist C:\Windows\SysWOW64\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5036findstr /V "displayedstartkaraokeequivalent" Titten C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5592tasklist C:\Windows\SysWOW64\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6240"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\IVONA Text To Speech 1.6.63 With Crack (All Voices) Keygen(1).7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
2 184
Read events
2 175
Write events
9
Delete events
0

Modification events

(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
1
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\IVONA Text To Speech 1.6.63 With Crack (All Voices) Keygen(1).7z
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6240) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
2
Suspicious files
8
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
4628ivona text to speech 1.6.63 with crack (all voices) keygen.exeC:\Users\admin\AppData\Local\Temp\Bufingbinary
MD5:B66AE963702D9DFF703C5BBE19941F67
SHA256:F14C5664EC7C07B87176753612A57B919F8FC43450CEC0D33337563F5D19CCAC
4628ivona text to speech 1.6.63 with crack (all voices) keygen.exeC:\Users\admin\AppData\Local\Temp\Namedbinary
MD5:8818AC4338EDA73576023030C9091F3C
SHA256:09F45844F1906F0FAF28F3BD1FED12AF4889FA1C0C0257DECB9F55D7A1EACE7D
4628ivona text to speech 1.6.63 with crack (all voices) keygen.exeC:\Users\admin\AppData\Local\Temp\Seemsbinary
MD5:5A8351E7575B8AE43083EB4F5614259B
SHA256:C6EA97F6A9D7AAE0235EC5617ABD10CE1A65F6EE9C89022648DFEA366B4DF16F
4628ivona text to speech 1.6.63 with crack (all voices) keygen.exeC:\Users\admin\AppData\Local\Temp\Highestbinary
MD5:0EE0CC79A2A9F327AC5EB66212AE191D
SHA256:920A8A43E144F8533F27348994695BA2D6F8AA263E74949DB92142D5B5A41450
4628ivona text to speech 1.6.63 with crack (all voices) keygen.exeC:\Users\admin\AppData\Local\Temp\Smellbinary
MD5:2116597C6F944641CAEFF8572D8FE202
SHA256:EF72BF0B2EFCCF0E1508EBB152E486628594693E94D314D1EAF573A27826695E
4628ivona text to speech 1.6.63 with crack (all voices) keygen.exeC:\Users\admin\AppData\Local\Temp\Tittenbinary
MD5:339695CC66C72D4435BDF023C010DBF9
SHA256:B33A84A36B25D9148FB3A86E94187BDE13A8384204B9AB8344B1C1EFD4676458
4764cmd.exeC:\Users\admin\AppData\Local\Temp\247269\Arrangements.comexecutable
MD5:6EE7DDEBFF0A2B78C7AC30F6E00D1D11
SHA256:865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4
6240WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb6240.21961\ivona text to speech 1.6.63 with crack (all voices) keygen.exeexecutable
MD5:5DDFB60708737DB0DA465AB152640435
SHA256:9FEF4B96642DECF12AF8EF943344CF25753136931D2178AC3A287608A1960DB9
4628ivona text to speech 1.6.63 with crack (all voices) keygen.exeC:\Users\admin\AppData\Local\Temp\Jokestext
MD5:977321FAC0DB15C755D7B88BDC018967
SHA256:56C4483C5CD720F4FB34A45A0F10E707BC41C94187F3C595E7E4015A5BB9CF0C
4764cmd.exeC:\Users\admin\AppData\Local\Temp\Jokes.cmdtext
MD5:977321FAC0DB15C755D7B88BDC018967
SHA256:56C4483C5CD720F4FB34A45A0F10E707BC41C94187F3C595E7E4015A5BB9CF0C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
32
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
440
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
440
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6756
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5432
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5432
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
440
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3296
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
104.126.37.160:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
440
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
440
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.160.20:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 216.58.212.174
whitelisted
www.bing.com
  • 104.126.37.160
  • 104.126.37.123
  • 104.126.37.153
  • 104.126.37.139
  • 104.126.37.136
  • 104.126.37.137
  • 104.126.37.179
  • 104.126.37.178
  • 104.126.37.130
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.166
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
login.live.com
  • 20.190.160.20
  • 20.190.160.22
  • 40.126.32.68
  • 40.126.32.138
  • 40.126.32.72
  • 40.126.32.133
  • 20.190.160.14
  • 40.126.32.140
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IVONA Text To Speech 1.6.63 With Crack (All Voices) Keygen(1).7z