File name:

Uplay Checker.rar

Full analysis: https://app.any.run/tasks/484ec023-60be-4908-b0b9-683c0516e1ad
Verdict: No threats detected
Analysis date: August 23, 2019, 13:30:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

01AE497515EB096BA75F9C7CEA5D54EB

SHA1:

5268C52F05222312116DEA8AC3F7AD4EAABD9C1A

SHA256:

FAE086C6D90C4EBB7F8AEC918367727F8DFE35279996EB3131C36FD660F1B616

SSDEEP:

98304:lQU/HVZaDi6wnNYY3hVlGfbBB2uPaYmYMv3eNqEskjtQ2n95xISVSDWHKnxUKsmz:X1ZYuffMBLaYm9veo6XfVSyHYFsG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Uplay Checker.exe (PID: 3412)

    • Loads dropped or rewritten executable

      • Uplay Checker.exe (PID: 3412)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3688)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe uplay checker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3412"C:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Buplay Checker\Uplay Checker.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Buplay Checker\Uplay Checker.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
BruteCore
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3688.6411\uplay checker\buplay checker\uplay checker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3688"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Uplay Checker.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
436
Read events
424
Write events
12
Delete events
0

Modification events

(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3688) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Uplay Checker.rar
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3688) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
15
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Buplay Checker\Extreme.Net.dllexecutable
MD5:313CD8DF3CA832760DC1CDC09AF44EE5
SHA256:C548B92070E6553377098A4D86C67CD89EBE58AD040174E7A949FF12894ABD33
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Uplay Burte & Checker By RCSFT\Uplay.exeexecutable
MD5:
SHA256:
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Uplay Burte & Checker By Minaev\uplay.exeexecutable
MD5:
SHA256:
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Buplay Checker\Bunifu_UI_v1.52.dllexecutable
MD5:3C1804A0781C9D7A82D0FB43D3A181F3
SHA256:D5BE2CB21EB8190B40E7453E9AE2418679A8C050C470FF36B044273A41A88A0C
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Uplay Burte & Checker By RCSFT\msvcr71.dllexecutable
MD5:86F1895AE8C5E8B17D99ECE768A70732
SHA256:8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Uplay Burte & Checker By RCSFT\ssleay32.dllexecutable
MD5:5023F4C4AAAA1B6E9D992D6BBDCD340B
SHA256:59B1BE1072DD4ACA5DDCF9B66D5DF8BEC327B4891925BA2339FE6AC6A1BF6D19
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Uplay BruteChecker by Undeniable\libeay32.dllexecutable
MD5:177BDA0C92482DFA2C162A3750932B9C
SHA256:17A4B75EF43A4FDEEDAEF86C39BEAD6719144E3E368B55898B79ECB371012854
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Uplay Burte & Checker By RCSFT\libeay32.dllexecutable
MD5:177BDA0C92482DFA2C162A3750932B9C
SHA256:17A4B75EF43A4FDEEDAEF86C39BEAD6719144E3E368B55898B79ECB371012854
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Buplay Checker\Uplay Checker.exeexecutable
MD5:F8CD3EB229E04D2CF6609B0C8AA27214
SHA256:B3223DF91B0CBD008A299FE3019BBCF02061526A91D8AD5B497E16449B3E2EA0
3688WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3688.6411\Uplay Checker\Uplay Burte & Checker By Minaev\ssleay32.dllexecutable
MD5:E0CD0800A00D51025968D778D0E6B2B3
SHA256:B4434B408409D36D8E0D0BCF41AD804D02FDEE96BC7F8255105380BFCEC0D1F5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Uplay Checker.rar