Malware analysis RecipeLister.exe Malicious activity | ANY.RUN

Add for printing

File name:	RecipeLister.exe
Full analysis:	https://app.any.run/tasks/d1a8ca1f-950e-4afc-8353-6f4ef3cad35e
Verdict:	Malicious activity
Analysis date:	June 05, 2025, 04:43:45
OS:	Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:	8C21CEFCD6B32FACE145ED801F256589
SHA1:	53076D20B5F36FD8B69A0507D5CB08C0965DB4A2
SHA256:	1619BCAD3785BE31AC2FDEE0AB91392D08D9392032246E42673C3CB8964D4CB7
SSDEEP:	786432:ga7wj/+HAgZZspLEW45ADXsRSoRtOZWZ6NBcO2CNk9YdT:pbgEW4mDXsRSkOZK6NBcO2CNkET

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Executing a file with an untrusted certificate
  - RecipeLister.exe (PID: 6108)
SUSPICIOUS
- Malware-specific behavior (creating "System.dll" in Temp)
  - RecipeLister.exe (PID: 6108)
- Process drops legitimate windows executable
  - RecipeLister.exe (PID: 6108)
- Drops 7-zip archiver for unpacking
  - RecipeLister.exe (PID: 6108)
- The process creates files with name similar to system file names
  - RecipeLister.exe (PID: 6108)
- Executable content was dropped or overwritten
  - RecipeLister.exe (PID: 6108)
- Reads security settings of Internet Explorer
  - RecipeLister.exe (PID: 6108)
- There is functionality for taking screenshot (YARA)
  - RecipeLister.exe (PID: 6108)
- Application launched itself
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
INFO
- Checks supported languages
  - RecipeLister.exe (PID: 6108)
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
  - Recipe Finder - Recipe Lister.exe (PID: 5984)
  - Recipe Finder - Recipe Lister.exe (PID: 4068)
  - Recipe Finder - Recipe Lister.exe (PID: 7700)
- The sample compiled with english language support
  - RecipeLister.exe (PID: 6108)
- Create files in a temporary directory
  - RecipeLister.exe (PID: 6108)
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
- Reads the computer name
  - RecipeLister.exe (PID: 6108)
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
  - Recipe Finder - Recipe Lister.exe (PID: 4068)
  - Recipe Finder - Recipe Lister.exe (PID: 5984)
- Reads Environment values
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
- Reads product name
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
- Checks proxy server information
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
- Creates files or folders in the user directory
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
  - Recipe Finder - Recipe Lister.exe (PID: 4068)
- Reads the machine GUID from the registry
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
- Process checks computer location settings
  - Recipe Finder - Recipe Lister.exe (PID: 5452)
  - Recipe Finder - Recipe Lister.exe (PID: 7700)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable (generic) (52.9)
.exe	\|	Generic Win/DOS Executable (23.5)
.exe	\|	DOS Executable Generic (23.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2018:12:15 22:26:14+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	26624
InitializedDataSize:	473088
UninitializedDataSize:	16384
EntryPoint:	0x338f
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	1.0.0.0
ProductVersionNumber:	1.0.0.0
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Windows, Latin1
FileDescription:	Recipe finder app powered by recipelister.com
FileVersion:	1.0.0
LegalCopyright:	Copyright © 2025 Recipe Finder - Recipe Lister
ProductName:	Recipe Finder - Recipe Lister
ProductVersion:	1.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

124

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

4068

"C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\recipe-finder" --mojo-platform-channel-handle=2092 --field-trial-handle=1780,i,11137300768821722348,10869500919907782083,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8

C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe

Recipe Finder - Recipe Lister.exe

User:

admin

Company:

GitHub, Inc.

Integrity Level:

MEDIUM

Description:

Recipe Finder - Recipe Lister

Version:

1.0.0

Modules

Images
c:\users\admin\appdata\local\temp\2w1rxpxznwduwutenvdd6fukei0\recipe finder - recipe lister.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\temp\2w1rxpxznwduwutenvdd6fukei0\ffmpeg.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\dbghelp.dll

5452

"C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe"

C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe

—

RecipeLister.exe

User:

admin

Company:

GitHub, Inc.

Integrity Level:

MEDIUM

Description:

Recipe Finder - Recipe Lister

Version:

1.0.0

Modules

Images
c:\users\admin\appdata\local\temp\2w1rxpxznwduwutenvdd6fukei0\recipe finder - recipe lister.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

5984

"C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\recipe-finder" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1780,i,11137300768821722348,10869500919907782083,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2

C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe

—

Recipe Finder - Recipe Lister.exe

User:

admin

Company:

GitHub, Inc.

Integrity Level:

LOW

Description:

Recipe Finder - Recipe Lister

Version:

1.0.0

Modules

Images
c:\users\admin\appdata\local\temp\2w1rxpxznwduwutenvdd6fukei0\recipe finder - recipe lister.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

6108

"C:\Users\admin\Desktop\RecipeLister.exe"

C:\Users\admin\Desktop\RecipeLister.exe

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Recipe finder app powered by recipelister.com

Version:

1.0.0

Modules

Images
c:\users\admin\desktop\recipelister.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll

7280

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

7700

"C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\recipe-finder" --app-path="C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2956 --field-trial-handle=1780,i,11137300768821722348,10869500919907782083,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1

C:\Users\admin\AppData\Local\Temp\2w1rXpxZnwDUwuTeNvdD6FUkeI0\Recipe Finder - Recipe Lister.exe

—

Recipe Finder - Recipe Lister.exe

User:

admin

Company:

GitHub, Inc.

Integrity Level:

MEDIUM

Description:

Recipe Finder - Recipe Lister

Version:

1.0.0

Modules

Images
c:\users\admin\appdata\local\temp\2w1rxpxznwduwutenvdd6fukei0\recipe finder - recipe lister.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

2 090

Read events

2 072

Write events

Delete events

Modification events


(PID) Process:	(5452) Recipe Finder - Recipe Lister.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:	delete value	Name:	en-US
Value:
(PID) Process:	(5452) Recipe Finder - Recipe Lister.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:	delete value	Name:	en
Value:
(PID) Process:	(5452) Recipe Finder - Recipe Lister.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:	delete value	Name:	_Global_
Value:

Add for printing

Executable files

Suspicious files

154

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\app-64.7z		—
		MD5:—	SHA256:—
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\7z-out\icudtl.dat		—
		MD5:—	SHA256:—
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\7z-out\LICENSES.chromium.html		—
		MD5:—	SHA256:—
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\System.dll		executable
		MD5:0D7AD4F45DC6F5AA87F606D0331C6901	SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\7z-out\chrome_200_percent.pak		binary
		MD5:47668AC5038E68A565E0A9243DF3C9E5	SHA256:FAC820A98B746A04CE14EC40C7268D6A58819133972B538F9720A5363C862E32
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\nsis7z.dll		executable
		MD5:80E44CE4895304C6A3A831310FBF8CD0	SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\7z-out\locales\en-US.pak		binary
		MD5:809B600D2EE9E32B0B9B586A74683E39	SHA256:0DB4F65E527553B9E7BEE395F774CC9447971BF0B86D1728856B6C15B88207BB
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\7z-out\locales\cs.pak		binary
		MD5:70F320D38D249B48091786BD81343AFC	SHA256:1C9448EA3AEFCE1A7E1491E73AF91AF772D8B22D538676A2BEAB690558E668FA
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\7z-out\locales\ca.pak		binary
		MD5:D193A3AC614F64F4754C9DF5CF00E880	SHA256:4ECFA3785AB52564E0BD7DDA04D59A30163561588A04F3BD1B1B71DE051D2C53
6108	RecipeLister.exe	C:\Users\admin\AppData\Local\Temp\nsy3BE9.tmp\7z-out\locales\el.pak		binary
		MD5:16BCD10BC81DD8A5B3AD76C90CFB9614	SHA256:6A06D1D6B566214F7C3B693052BEEC488F7AAE5CEECA26781A5D66FADE39388B

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5496	MoUsoCoreWorker.exe	GET	200	2.20.245.139:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	2.22.98.7:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
5496	MoUsoCoreWorker.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
672	SIHClient.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
672	SIHClient.exe	GET	200	2.23.181.156:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	192.168.100.255:137	—	—	—	whitelisted
—	—	51.104.136.2:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5496	MoUsoCoreWorker.exe	2.20.245.139:80	crl.microsoft.com	Akamai International B.V.	SE	whitelisted
5496	MoUsoCoreWorker.exe	2.23.181.156:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
—	—	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	40.126.32.133:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
—	—	2.22.98.7:80	ocsp.digicert.com	AKAMAI-AS	GB	whitelisted
3216	svchost.exe	172.211.123.250:443	client.wns.windows.com	MICROSOFT-CORP-MSN-AS-BLOCK	FR	whitelisted
4068	Recipe Finder - Recipe Lister.exe	216.58.212.131:443	fonts.gstatic.com	—	—	whitelisted

DNS requests

Domain	IP	Reputation
crl.microsoft.com	2.20.245.139 2.20.245.137	whitelisted
www.microsoft.com	2.23.181.156	whitelisted
google.com	142.250.185.142	whitelisted
settings-win.data.microsoft.com	20.73.194.208	whitelisted
login.live.com	40.126.32.133 20.190.160.128 40.126.32.134 40.126.32.76 40.126.32.138 20.190.160.130 20.190.160.14 20.190.160.2	whitelisted
ocsp.digicert.com	2.22.98.7	whitelisted
client.wns.windows.com	172.211.123.250	whitelisted
recipelister.com	172.67.150.5 104.21.11.185	unknown
slscr.update.microsoft.com	4.175.87.197 4.245.163.56	whitelisted
fonts.googleapis.com	142.250.186.170	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

RecipeLister.exe

8C21CEFCD6B32FACE145ED801F256589

53076D20B5F36FD8B69A0507D5CB08C0965DB4A2

1619BCAD3785BE31AC2FDEE0AB91392D08D9392032246E42673C3CB8964D4CB7

786432:ga7wj/+HAgZZspLEW45ADXsRSoRtOZWZ6NBcO2CNk9YdT:pbgEW4mDXsRSkOZK6NBcO2CNkET

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Executing a file with an untrusted certificate

SUSPICIOUS

Malware-specific behavior (creating "System.dll" in Temp)

Process drops legitimate windows executable

Drops 7-zip archiver for unpacking

The process creates files with name similar to system file names

Executable content was dropped or overwritten

Reads security settings of Internet Explorer

There is functionality for taking screenshot (YARA)

Application launched itself

INFO

Checks supported languages

The sample compiled with english language support

Create files in a temporary directory

Reads the computer name

Reads Environment values

Reads product name

Checks proxy server information

Creates files or folders in the user directory

Reads the machine GUID from the registry

Process checks computer location settings

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings