File name:

Corel.Products.MultiKeygen-XFORCE.rar

Full analysis: https://app.any.run/tasks/53a8534b-d191-4aeb-b8c3-591d6cb4251f
Verdict: Malicious activity
Analysis date: July 27, 2023, 15:34:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

D57E208F108C934094D36AE1F8D42B35

SHA1:

499473F5F2B9DBFE722959D09D7A8A2958025F1E

SHA256:

53021FD2B4F3EDE87138F9D8A0BD43A6FF8AE01AC751BB499815DBF3B9C9822A

SSDEEP:

6144:ClM03TT3FM7IQogDtqUT+biocQFPcaV6ydO6fre/mlQ911FAqHAU8:iM0nFJPU8eaV64rW1D14

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • xfvsu2022.exe (PID: 3412)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2664)

    • Manual execution by a user

      • xfvsu2022.exe (PID: 3412)

    • Checks supported languages

      • xfvsu2022.exe (PID: 3412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe xfvsu2022.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2664"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Corel.Products.MultiKeygen-XFORCE.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
3412"C:\Users\admin\Desktop\xfvsu2022.exe" C:\Users\admin\Desktop\xfvsu2022.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\xfvsu2022.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
Total events
1 025
Read events
1 015
Write events
10
Delete events
0

Modification events

(PID) Process:(2664) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2664) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2664) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2664) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2664) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2664) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2664) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2664) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3412) xfvsu2022.exeKey:HKEY_CURRENT_USER\Software\Corel\PhotoMirage\1\CorelReg
Operation:writeName:ConfirmationCode
Value:
D2C678A61538370ED4B79BA67A930932
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2664WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2664.8026\Crack\xfvsu2022.exeexecutable
MD5:40E84D7AE6CBC9822FB953046EEA785F
SHA256:605CDE394984269B7E837603280F8E2904904D273954B393E8DE3E775A42CCA8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Corel.Products.MultiKeygen-XFORCE.rar