File name:

UFS Explorer Professional Recovery 8.2.0.5670.rar

Full analysis: https://app.any.run/tasks/bb87b6d3-e2ae-42bd-a11e-66b384bcdb98
Verdict: Malicious activity
Analysis date: May 15, 2021, 14:00:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

4BC35D4F9B8DD7C9E01328B5B0CBD991

SHA1:

7AD65CBF303C5544D3EB10B7A9FB38F0AC485A3E

SHA256:

90FA454B3C8718CA5EE9D44CC6ACE16D5DF233D81BA0F80AF11B5B36E106BEAC

SSDEEP:

196608:nywSkq7bkW9+eHhfkDI4pUMWvNYAe/hkQMakYN6DxJPYojELqNZ35nTSQOvEjPw+:rSz8teNFEdADrPXEi35nTSV0dX7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • patch.exe (PID: 1704)
      • patch.exe (PID: 2948)
      • ufsxpci.exe (PID: 3896)
      • ufsxpci.exe (PID: 3668)
      • ufs-explorer-pro.exe (PID: 2656)
      • softmanager.exe (PID: 3100)
      • patch.exe (PID: 3356)
      • ufsxpci.exe (PID: 2688)
      • patch.exe (PID: 2204)
      • patch.exe (PID: 2660)
      • patch.exe (PID: 2756)
      • ufs-explorer-pro.exe (PID: 2104)
      • patch.exe (PID: 3380)
      • patch.exe (PID: 2916)

  • SUSPICIOUS

    • Drops a file with too old compile date

      • WinRAR.exe (PID: 1504)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1504)
      • ufsxpci.exe (PID: 3668)
      • patch.exe (PID: 3380)
      • patch.exe (PID: 3356)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 1504)
      • ufsxpci.exe (PID: 3668)

    • Creates files in the program directory

      • ufsxpci.exe (PID: 3668)
      • patch.exe (PID: 3380)
      • patch.exe (PID: 3356)

    • Creates a directory in Program Files

      • ufsxpci.exe (PID: 3668)

    • Creates a software uninstall entry

      • ufsxpci.exe (PID: 3668)

    • Creates files in the user directory

      • ufs-explorer-pro.exe (PID: 2656)

    • Low-level read access rights to disk partition

      • ufs-explorer-pro.exe (PID: 2656)

  • INFO

    • Manual execution by user

      • WinRAR.exe (PID: 1504)
      • patch.exe (PID: 1704)
      • patch.exe (PID: 2948)
      • ufsxpci.exe (PID: 3896)
      • ufsxpci.exe (PID: 3668)
      • patch.exe (PID: 2204)
      • ufsxpci.exe (PID: 2688)
      • patch.exe (PID: 2660)
      • patch.exe (PID: 3380)
      • ufs-explorer-pro.exe (PID: 2104)
      • patch.exe (PID: 2756)
      • patch.exe (PID: 2916)
      • patch.exe (PID: 3356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
73
Monitored processes
16
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs winrar.exe patch.exe no specs patch.exe ufsxpci.exe no specs ufsxpci.exe ufs-explorer-pro.exe no specs softmanager.exe patch.exe no specs patch.exe ufsxpci.exe no specs ufs-explorer-pro.exe no specs patch.exe no specs patch.exe patch.exe no specs patch.exe

Process information

PID
CMD
Path
Indicators
Parent process
1504"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\UFS Explorer Professional Recovery 8.2.0.5670.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1704"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
2104"C:\Program Files\Data Recovery\ufs-explorer-pro.exe" C:\Program Files\Data Recovery\ufs-explorer-pro.exeexplorer.exe
User:
admin
Company:
LLC SysDev Laboratories
Integrity Level:
MEDIUM
Description:
UFS Explorer Professional Recovery
Exit code:
3221226540
Version:
8.2.0.5669
Modules
Images
c:\program files\data recovery\ufs-explorer-pro.exe
c:\systemroot\system32\ntdll.dll
2204"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
2396"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\UFS Explorer Professional Recovery 8.2.0.5670.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2656"C:\Program Files\Data Recovery\ufs-explorer-pro.exe" C:\Program Files\Data Recovery\ufs-explorer-pro.exeufsxpci.exe
User:
admin
Company:
LLC SysDev Laboratories
Integrity Level:
HIGH
Description:
UFS Explorer Professional Recovery
Exit code:
0
Version:
8.2.0.5669
Modules
Images
c:\program files\data recovery\ufs-explorer-pro.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2660"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
2688"C:\Users\admin\Desktop\ufsxpci.exe" C:\Users\admin\Desktop\ufsxpci.exeexplorer.exe
User:
admin
Company:
LLC SysDev Laboratories
Integrity Level:
MEDIUM
Description:
UFS Explorer Professional Recovery
Exit code:
3221226540
Version:
8.2.0.5670
Modules
Images
c:\users\admin\desktop\ufsxpci.exe
c:\systemroot\system32\ntdll.dll
2756"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
2916"C:\Users\admin\Desktop\Crack_Patch\patch.exe" C:\Users\admin\Desktop\Crack_Patch\patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\crack_patch\patch.exe
c:\systemroot\system32\ntdll.dll
Total events
3 478
Read events
2 858
Write events
613
Delete events
7

Modification events

(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2396) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1504) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\UFS Explorer Professional Recovery 8.2.0.5670.rar
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2396) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
8
Suspicious files
10
Text files
1
Unknown types
2

Dropped files

PID
Process
Filename
Type
3668ufsxpci.exeC:\Program Files\Data Recovery\ufs-explorer-pro.exe.tmp
MD5:
SHA256:
3668ufsxpci.exeC:\Program Files\Common Files\SysDev Laboratories\softmanager.exe.tmp
MD5:
SHA256:
1504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1504.12201\readme.txttext
MD5:35A6C1D7115B796FBA91050CA0057F75
SHA256:CE5C69D1567EDC2C82335031B4308CE18047A331ADC164D481DC49689D734F61
3668ufsxpci.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysDev Laboratories\Software Packages management.lnklnk
MD5:01D50B7FBBF1D7F8BA66A8FCC90BE305
SHA256:EC04818B9149DC45C084060D6375A8DC5927485F92E86F059842E47463D8F2C4
3668ufsxpci.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Recovery\UFS Explorer Professional Recovery.lnklnk
MD5:FF14D191339809C89B679CEA5AC02959
SHA256:9C54736020851BF8058E29170D9964C04FF47609090D7FDD81C01E0B9A381210
3668ufsxpci.exeC:\ProgramData\SysDev Laboratories\sdl\installbinary
MD5:4E878FD4F4B357E3C70AD970D5FB2BB7
SHA256:54DA8E56694D2795FDE79B95B7BF96F5DA8B808787E3434147BDF440FC64B37A
1504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1504.12201\Crack_Patch\patch.rarcompressed
MD5:A98C1A5565FB9396B981FFC1B204F527
SHA256:006B264FB69BD7DFC05B51C9974905DE64CA0D759CAA5CD0986913AFB03237AD
2656ufs-explorer-pro.exeC:\Users\admin\AppData\Roaming\SysDev Laboratories\sdl\updatesbinary
MD5:5520C3A3FE312F9FE9750CDFB30FD92A
SHA256:04B24A1B15438E99B2E096C800297F69F46E26C8EE76FA7FAA071124DC175F13
1504WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1504.12201\ufsxpci.exeexecutable
MD5:178F672C9AFF1427ECDF0ED8B69743C4
SHA256:13F1D5E210977BF15C92F755DD4CC0C145E88A545A29B9AF457AEC7EF149C18B
3668ufsxpci.exeC:\Program Files\Data Recovery\ufs-explorer-pro.exeexecutable
MD5:FB585C091A5BFE967584B3DBF2FA0E78
SHA256:D008C6D2BD54402C1B8E7B6EF6647ACE0B2A5E44EEA91D923EA7A41DE73A2947
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3100
softmanager.exe
31.28.161.98:80
www.sysdevlabs.com
7heaven LLC
UA
unknown

DNS requests

Domain
IP
Reputation
www.sysdevlabs.com
  • 31.28.161.98
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UFS Explorer Professional Recovery 8.2.0.5670.rar