File name: | CDMA+Workshop+2.7.rar |
Full analysis: | https://app.any.run/tasks/43cadd60-1724-45ee-9052-3dff2793368a |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 20:44:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 2A80D1C71281FAC67C6896C62555A0DF |
SHA1: | 7AD2503E38AF70124D733AA99E30BEEECE8E39A3 |
SHA256: | 713C304397FCFE49886AEFF0319C74C5DDEF7CDA6B84FB256207B84876D446BA |
SSDEEP: | 98304:zH9jFw2FiNVCqYDZOlIlmL6uhlgm0PqfSASO3/NUqU6vUgRHtdDyMwSq++Ew:zHjzoNVTYBReFJKAF/WqUHgpWxT+xw |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | CDMA Workshop 2.7\cdma workshop - ?????.lnk |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2016:10:05 08:07:15 |
OperatingSystem: | Win32 |
UncompressedSize: | 812 |
CompressedSize: | 537 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1020 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CDMA+Workshop+2.7.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3964 | "C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" | C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 2 | ||||
2576 | "C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" | C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 2 | ||||
2336 | "C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma workshop.exe" | C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma workshop.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2648 | "cdma_workshop_FULL_Cracked.exe" | C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe | cdma workshop.exe | |
User: admin Integrity Level: MEDIUM | ||||
2976 | "C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" | C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 2 | ||||
2060 | "C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" | C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 2 |
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E |
Operation: | write | Name: | @C:\Windows\system32\NetworkExplorer.dll,-1 |
Value: Network | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\CDMA+Workshop+2.7.rar | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (1020) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (3964) cdma_workshop_FULL_Cracked.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WinLicense |
Operation: | write | Name: | CheckIN |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1020 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1020.36234\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe | — | |
MD5:— | SHA256:— | |||
1020 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1020.36234\CDMA Workshop 2.7\cdma workshop - Ярлык.lnk | lnk | |
MD5:EC987939727F3DBD28A9F1F15432D260 | SHA256:3831A16AE7D0779FA6E06AF273BC5B82887320439AB90C3627A54DAFA4FE3AA0 | |||
1020 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1020.36234\CDMA Workshop 2.7\cdma workshop.exe | executable | |
MD5:6E4AA3D87CB3B35DBDEF34B5F268A374 | SHA256:74B91FB5BB5C61ED31D7E0DDF5EA7CD1C5DDEA3648860DD99633E73850E83F37 | |||
2336 | cdma workshop.exe | C:\Users\admin\Desktop\CDMA Workshop 2.7\key_workshop.dat | binary | |
MD5:0DE37F6B2C1E34ED985FA40EDC5B9911 | SHA256:4C1DFDDFACEDA12BB8E92ADE509330EFBF10A8372D0A4BA901267CB467FE190D |
Process | Message |
---|---|
cdma_workshop_FULL_Cracked.exe |
%s------------------------------------------------
--- WinLicense Professional ---
--- (c)2007 Oreans Technologies ---
------------------------------------------------
|
cdma_workshop_FULL_Cracked.exe |
%s------------------------------------------------
--- WinLicense Professional ---
--- (c)2007 Oreans Technologies ---
------------------------------------------------
|
cdma_workshop_FULL_Cracked.exe |
%s------------------------------------------------
--- WinLicense Professional ---
--- (c)2007 Oreans Technologies ---
------------------------------------------------
|
cdma_workshop_FULL_Cracked.exe |
%s------------------------------------------------
--- WinLicense Professional ---
--- (c)2007 Oreans Technologies ---
------------------------------------------------
|