Malware analysis easeus-data-recovery-wizard-crack No threats detected

Add for printing

download:	easeus-data-recovery-wizard-crack
Full analysis:	https://app.any.run/tasks/6d57d299-cfff-44fd-af56-8b83496321c0
Verdict:	No threats detected
Analysis date:	October 04, 2019, 03:02:28
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	opendir
Indicators:
MIME:	text/html
File info:	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
MD5:	5027A7239C09860C2A8263F2B882985E
SHA1:	7B2BC6C2D66C05003B4B81BF3C2E9D0F88037095
SHA256:	D4FE06AF2EC25CF1A1A119B2B4F2B373A299318354F37BD0596B13D4A2286B88
SSDEEP:	1536:ilN3O8QsHDadZ3yTdSjaOtf1LHjmyLmVHdYdRhiQaHI+qIerkeyteJLezM7FGEb3:ilg/Z3yTVse9UqzM75MQzRXBwbl2i/O1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 240 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 180 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 8.0.7601.17514 undefined
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Troubleshooters Package
InternetExplorer Optional Package
KB2534111
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
- Adds / modifies Windows certificates
  - iexplore.exe (PID: 952)
- Application launched itself
  - iexplore.exe (PID: 2680)
- Changes internet zones settings
  - iexplore.exe (PID: 2680)
- Creates files in the user directory
  - iexplore.exe (PID: 952)
- Reads internet explorer settings
  - iexplore.exe (PID: 952)
- Changes settings of System certificates
  - iexplore.exe (PID: 952)
- Reads Internet Cache Settings
  - iexplore.exe (PID: 952)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.htm/html	\|	HyperText Markup Language with DOCTYPE (80.6)
.html	\|	HyperText Markup Language (19.3)

EXIF

HTML

Generator:	WordPress 5.2.3
shareaholicImage:	https://i0.wp.com/activationkeys.co/wp-content/uploads/2018/12/EaseUS-Data-Recovery-Keygen-1.jpg?fit=602%2C414
shareaholicWp_version:	8.13.10
shareaholicSite_id:	a5c37fe9e24f020ed6f97986ea73e032
shareaholicArticle_author_name:	farooq khokhar
shareaholicShareable_page:
shareaholicArticle_modified_time:	2019-09-22T17:15:41+00:00
shareaholicArticle_published_time:	2019-09-18T02:16:10+00:00
shareaholicKeywords:	easeus data recovery activation code, easeus data recovery activation key, easeus data recovery activation key 2019, easeus data recovery crack, easeus data recovery crack file, easeus data recovery crack version free download, easeus data recovery key, easeus data recovery wizard 12.9.0 crack, easeus data recovery wizard 2019, easeus data recovery wizard 2019 crack, easeus data recovery wizard activation code 2019, easeus data recovery wizard activation key, easeus data recovery wizard code, easeus data recovery wizard crack, easeus data recovery wizard crack 2019, easeus data recovery wizard crack file download, easeus data recovery wizard crack mac, easeus data recovery wizard free 12.9 key, easeus data recovery wizard free edition serial key, easeus data recovery wizard free license code, easeus data recovery wizard full crack, easeus data recovery wizard key, easeus data recovery wizard key code, easeus data recovery wizard key crack, easeus data recovery wizard license code, easeus data recovery wizard professional crack, easeus data recovery wizard serial key crack, easeus data recovery wizard 12.9.1 crack, data recovery, post
shareaholicUrl:	http://activationkeys.co/easeus-data-recovery-wizard-crack/
shareaholicLanguage:	en-US
shareaholicSite_name:	Activation Keys
twitterImage:	https://i0.wp.com/activationkeys.co/wp-content/uploads/2018/12/EaseUS-Data-Recovery-Keygen-1.jpg?fit=602%2C414
twitterTitle:	EaseUS Data Recovery Wizard 12.9.1 Crack + License Code {2019}
twitterDescription:	EaseUS Data Recovery Wizard Crack + License Code {2019} EaseUS Data Recovery Wizard 12.9.1 Crack with Key makes data retrieval easy for any user if you.
twitterCard:	summary_large_image
Description:	EaseUS Data Recovery Wizard Crack + License Code {2019} EaseUS Data Recovery Wizard 12.9.1 Crack with Key makes data retrieval easy for any user if you.
Title:	EaseUS Data Recovery Wizard 12.9.1 Crack + License Code {2019}
propeller:	66c5bbf57f6f0caff72e81e1a67bdf26
viewport:	width=device-width, initial-scale=1
googleSiteVerification:	bjyXmv_fnM4RuJcJnjW-C7aZjZ_biqQaoeTBxcLEQgM

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Parent process
2680	"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\easeus-data-recovery-wizard-crack.htm	C:\Program Files\Internet Explorer\iexplore.exe	explorer.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255)
952	"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2680 CREDAT:79873	C:\Program Files\Internet Explorer\iexplore.exe	iexplore.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255)

Add for printing

Total events

435

Read events

349

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2680	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico		—
		MD5:—	SHA256:—
2680	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico		—
		MD5:—	SHA256:—
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\table-of-content-frontend[1].css		text
		MD5:920244982FAD1A1B1CDB9B388509775A	SHA256:EA8082A6ABF62FBBF414A90DEE70CF79916101737CA24079413708515A1E1A99
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\page[1].js		text
		MD5:BB22B7EEA7D2C5B476F7D1CA36462857	SHA256:75EAE1FD5BFC97EFA6107725CFCCA15FC8EA4B35B1116D2FF1CDD1307AD35480
952	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@addtoany[1].txt		text
		MD5:CA67A5C727A6576AB726AD077F094EBB	SHA256:BDE4B6C6ED270D24DB70FCA6422F39CF07488C91FEA9AAFD0FE25A83EEF67BA6
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\lockers.020307.min[1].css		text
		MD5:7559A3B77CC357E435391210958B003A	SHA256:62B7D5F0B04544990FF04F0DBFBFE3698412E510325BACF727377CFBAA85890C
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\style[1].css		text
		MD5:C59EACE0468B1DC2B4238DEB348ED65E	SHA256:AD4633FB55ED506D030B7F435500C25146E1826831337B8D18DE74A32BCB4517
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\EaseUS-Data-Recovery-Keygen-1[1].jpg		image
		MD5:465B6E04E2F5D72DD5AFE0C4DEB47EFC	SHA256:E592F5D26AF8779015D5DE6B0DD2BDE32B0BDB400AB193415DBDB417C3255383
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\style[1].css		text
		MD5:4F4941CB34F82AA07273D167E1B3317F	SHA256:5EEB9E07993AE746E4DD133A6FEC03102B9AB6D5774ADE7BD93962E5056C2E9A
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\jquery[1].js		text
		MD5:49EDCCEA2E7BA985CADC9BA0531CBED1	SHA256:1DB21D816296E6939BA1F42962496E4134AE2B0081E26970864C40C6D02BB1DF

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/plugins/social-locker/bizpanda/assets/css/lockers.020307.min.css?ver=5.2.3	US	text	12.4 Kb	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/themes/jorvik/style.css?ver=5.2.3	US	text	11.1 Kb	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/plugins/cm-table-of-content/assets/css/table-of-content-frontend.css?ver=5.2.3	US	text	288 b	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/uploads/2018/12/EaseUS-Data-Recovery-Keygen-1.jpg	US	image	48.0 Kb	malicious
952	iexplore.exe	GET	304	104.18.45.23:80	http://activationkeys.co/wp-content/plugins/social-locker/bizpanda/assets/css/lockers.020307.min.css?ver=5.2.3	US	compressed	12.4 Kb	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/plugins/all-in-one-schemaorg-rich-snippets/css/style.css?ver=5.2.3	US	text	748 b	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/themes/jorvik/js/jorvik-custom.js?ver=1.0	US	text	1.34 Kb	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/themes/jorvik/js/modernizr.js?ver=2.6.3	US	html	15.2 Kb	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/themes/jorvik/images/select-arrow.png	US	image	312 b	malicious
952	iexplore.exe	GET	200	104.18.45.23:80	http://activationkeys.co/wp-content/plugins/social-locker/bizpanda/assets/js/lockers.020307.min.js?ver=5.2.3	US	text	39.5 Kb	malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2680	iexplore.exe	204.79.197.200:80	www.bing.com	Microsoft Corporation	US	whitelisted
4	System	151.139.128.10:445	cdn.shareaholic.net	Highwinds Network Group, Inc.	US	malicious
4	System	151.139.128.10:139	cdn.shareaholic.net	Highwinds Network Group, Inc.	US	malicious
952	iexplore.exe	104.20.111.39:443	static.addtoany.com	Cloudflare Inc	US	shared
4	System	172.217.22.74:139	fonts.googleapis.com	Google Inc.	US	whitelisted
4	System	88.85.66.222:445	pushosub.com	Webzilla B.V.	NL	suspicious
4	System	172.217.22.74:445	fonts.googleapis.com	Google Inc.	US	whitelisted
952	iexplore.exe	192.0.78.17:443	wordpress.com	Automattic, Inc	US	unknown
—	—	88.85.66.222:137	pushosub.com	Webzilla B.V.	NL	suspicious
952	iexplore.exe	104.18.45.23:80	activationkeys.co	Cloudflare Inc	US	shared

DNS requests

Domain	IP	Reputation
cdn.shareaholic.net	151.139.128.10	whitelisted
www.bing.com	204.79.197.200 13.107.21.200	whitelisted
dns.msftncsi.com	131.107.255.255	shared
fonts.googleapis.com	172.217.22.74	whitelisted
c0.wp.com	192.0.77.37	whitelisted
activationkeys.co	104.18.45.23 104.18.44.23	malicious
wordpress.com	192.0.78.17 192.0.78.9	whitelisted
static.addtoany.com	104.20.111.39 104.20.110.39	whitelisted
pushosub.com	88.85.66.229 88.85.66.222	suspicious
feboni.info	5.79.96.116	suspicious

Threats

No threats detected

Add for printing

No debug info

General Info

easeus-data-recovery-wizard-crack

5027A7239C09860C2A8263F2B882985E

7B2BC6C2D66C05003B4B81BF3C2E9D0F88037095

D4FE06AF2EC25CF1A1A119B2B4F2B373A299318354F37BD0596B13D4A2286B88

1536:ilN3O8QsHDadZ3yTdSjaOtf1LHjmyLmVHdYdRhiQaHI+qIerkeyteJLezM7FGEb3:ilg/Z3yTVse9UqzM75MQzRXBwbl2i/O1

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Adds / modifies Windows certificates

Application launched itself

Changes internet zones settings

Creates files in the user directory

Reads internet explorer settings

Changes settings of System certificates

Reads Internet Cache Settings

Malware configuration

Static information

TRiD

EXIF

HTML

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings