Malware analysis latest.zip Malicious activity | ANY.RUN

Add for printing

File name:	latest.zip
Full analysis:	https://app.any.run/tasks/a2fc2fb6-a2ec-485b-9a0e-d5a064787977
Verdict:	Malicious activity
Analysis date:	May 15, 2026, 10:15:51
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	arch-exec confuser
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:	8A31F4E138CD96E76D0C0D74D3658E38
SHA1:	46468B9E73759A61F714D2D94572ADEC3E459E30
SHA256:	19B973DC9840EB085B625412174BBC674669F46E436E6B658E9E46E4EAAF0C89
SSDEEP:	98304:+g++7FkXjLxstnE1PB4wipK4egpWGxaC+Iz04IWUFv5ExXiXsrsUzoaqylsm8pFJ:mZuEr0fclss6x+sp5nm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java(TM) SE Development Kit 25.0.2 (64-bit) (25.0.2.0)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Executing a file with an untrusted certificate
  - Content Manager.exe (PID: 2164)
SUSPICIOUS
- Executable content was dropped or overwritten
  - Content Manager.exe (PID: 2164)
- Drops 7-zip archiver for unpacking
  - Content Manager.exe (PID: 2164)
- Potential Corporate Privacy Violation
  - Content Manager.exe (PID: 2164)
INFO
- Generic archive extractor
  - WinRAR.exe (PID: 7780)
- Checks supported languages
  - Content Manager.exe (PID: 2164)
- Manual execution by a user
  - Content Manager.exe (PID: 2164)
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 7780)
- Create files in a temporary directory
  - Content Manager.exe (PID: 2164)
- Creates files or folders in the user directory
  - Content Manager.exe (PID: 2164)
- Reads security settings of Internet Explorer
  - Content Manager.exe (PID: 2164)
- Reads the computer name
  - Content Manager.exe (PID: 2164)
- Reads the machine GUID from the registry
  - Content Manager.exe (PID: 2164)
- The sample compiled with english language support
  - Content Manager.exe (PID: 2164)
- Confuser has been detected (YARA)
  - Content Manager.exe (PID: 2164)
- There is functionality for taking screenshot (YARA)
  - Content Manager.exe (PID: 2164)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	0x0002
ZipCompression:	Deflated
ZipModifyDate:	2023:10:17 20:23:20
ZipCRC:	0x13976305
ZipCompressedSize:	8178376
ZipUncompressedSize:	11303904
ZipFileName:	Content Manager.exe

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

135

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

2164

"C:\Users\admin\Desktop\Content Manager.exe"

C:\Users\admin\Desktop\Content Manager.exe

explorer.exe

User:

admin

Company:

AcClub

Integrity Level:

MEDIUM

Description:

Content Manager

Exit code:

Version:

0.8.2594.39678

Modules

Images
c:\users\admin\desktop\content manager.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll

7780

"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\latest.zip

C:\Program Files\WinRAR\WinRAR.exe

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

Add for printing

Total events

3 167

Read events

3 138

Write events

Delete events

Modification events


(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\AppData\Local\Temp\latest.zip
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\MainWin
Operation:	write	Name:	Placement
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3D0000002D000000FD03000016020000
(PID) Process:	(7780) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:	write	Name:	name
Value: 256

Add for printing

Executable files

Suspicious files

Text files

932

Unknown types

Dropped files

PID	Process	Filename		Type
7780	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7780.30140\Content Manager.exe		executable
		MD5:60ED4BFBD48A0D1C161D123749BA6586	SHA256:2367612DB7C754BF4F07A0F71188C0CC7ED0E39BEF12B7DC3F4AF3D0B3EC5BD4
2164	Content Manager.exe	C:\Users\admin\AppData\Local\AcTools Content Manager\Data\Brand Badges\AMC.png		image
		MD5:33426B3D6263E8EBF99054FD2B7A8EDA	SHA256:A21D8808981EE4C47A2BAA02BF878B2D2DF182DA28A12A3C8629F1C4D722DF26
7780	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DRa7780.30140\Manifest.json		text
		MD5:1F972D82C979C873F15A756305C525AC	SHA256:895E9A6E99D13AA0AC020431BF86D40872229BB5B635BBCD860E04513BADE235
2164	Content Manager.exe	C:\Users\admin\AppData\Local\Temp\Costura\80020E73785608EBC4CC66D86D9D69C2\32\interop.d3dimageex.dll		executable
		MD5:D924C109DA0F7A9E1DEBC63CB6D9B30B	SHA256:D9EAB44547374B7A7AC21FE4A36BF79049B3373865FA319C371578368E716AB5
2164	Content Manager.exe	C:\Users\admin\AppData\Local\Temp\Costura\80020E73785608EBC4CC66D86D9D69C2\32\slimdx.dll		executable
		MD5:BA01667F0579AEC6E0F9C702431A23B5	SHA256:C54DBA6B35525BE2D1A7DFF11954423DACA65EBB3F7022A9F58389F899956205
2164	Content Manager.exe	C:\Users\admin\AppData\Local\Temp\Costura\80020E73785608EBC4CC66D86D9D69C2\32\nvidia.texturetools.compress.dll		executable
		MD5:74654ED00F7E89F80DD1BBBF4D02C402	SHA256:D8ED3A09E150D8608940497267AB6BCBD3CDC9D59FE4B50B849E1FF8344141BA
2164	Content Manager.exe	C:\Users\admin\AppData\Local\AcTools Content Manager\Data\Brand Badges\Abarth.png		image
		MD5:FD92850F88086A14F1F4C2CEDF277E83	SHA256:11A7CBADCC240BEB2C51F70E3BB4A4B0363CBB689B03B7FED6AA115383918BDE
2164	Content Manager.exe	C:\Users\admin\AppData\Local\AcTools Content Manager\Data\Brand Badges\Alpine.png		image
		MD5:440C4884F84FB2629EADD2B3F08E50F0	SHA256:C5B253711C918D0640ECDC162E9246EACB6B1D39DBD6819F898038735CCA048B
2164	Content Manager.exe	C:\Users\admin\AppData\Local\AcTools Content Manager\Temporary\Patch\Manifest.json		text
		MD5:8CE411A4D77F96E81DED8C19A77FA41E	SHA256:97CD52B8113F89F8BF34E4953D68D09F0B6C9DB45883D8053B7D564AC1A69DD3
2164	Content Manager.exe	C:\Users\admin\AppData\Local\AcTools Content Manager\Data\Brand Badges\Apollo.png		image
		MD5:F41EE65A6094B818E47ED6058C2D7C80	SHA256:27119CC398B08ABCA30E40AF0662470322CB54F2289765A90ACB3E22F434CBBF

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5276	MoUsoCoreWorker.exe	GET	304	48.209.138.189:443	https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30	US	—	—	whitelisted
4872	svchost.exe	GET	200	48.209.133.15:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=1&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2	US	text	5.84 Kb	whitelisted
3552	SIHClient.exe	GET	304	20.165.94.63:443	https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL	US	—	—	whitelisted
3552	SIHClient.exe	GET	200	74.178.76.54:443	https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping	US	—	—	whitelisted
3552	SIHClient.exe	GET	200	20.165.94.63:443	https://slscr.update.microsoft.com/sls/ping	US	—	—	whitelisted
2164	Content Manager.exe	GET	—	172.67.71.70:443	https://acstuff.ru/app/cm/plugins/get/CefSharp-91.1.211-x86	US	—	—	unknown
3552	SIHClient.exe	GET	—	20.165.94.63:443	https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL	US	—	—	whitelisted
4872	svchost.exe	GET	200	23.216.77.42:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	NL	binary	825 b	whitelisted
2164	Content Manager.exe	GET	301	172.67.71.70:80	http://acstuff.ru/f/api/posts/content-extra?filter[discussion]=24&filter[type]=comment&sort=-time&page[size]=99999	US	html	167 b	unknown
2164	Content Manager.exe	GET	301	172.67.71.70:443	https://acstuff.ru/f/api/posts/content-extra?filter[discussion]=24&filter[type]=comment&sort=-time&page[size]=99999	US	html	167 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	Not routed	—	whitelisted
5276	MoUsoCoreWorker.exe	48.209.133.15:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	128.24.231.65:443	activation-v2.sls.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4872	svchost.exe	48.209.133.15:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4	System	192.168.100.255:138	—	Not routed	—	whitelisted
4872	svchost.exe	23.216.77.42:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
4872	svchost.exe	23.52.181.212:80	www.microsoft.com	AKAMAI-AS	US	whitelisted
2164	Content Manager.exe	172.67.71.70:80	acstuff.ru	CLOUDFLARENET	US	whitelisted
2164	Content Manager.exe	172.67.71.70:443	acstuff.ru	CLOUDFLARENET	US	whitelisted
2164	Content Manager.exe	104.26.6.187:443	acstuff.club	CLOUDFLARENET	US	whitelisted

DNS requests

Domain	IP	Reputation
activation-v2.sls.microsoft.com	128.24.231.65	whitelisted
google.com	142.251.110.100 142.251.110.138 142.251.110.102 142.251.110.113 142.251.110.101 142.251.110.139	whitelisted
settings-win.data.microsoft.com	48.209.133.15 48.209.138.189 48.209.138.168	whitelisted
crl.microsoft.com	23.216.77.42 23.216.77.22 23.216.77.30	whitelisted
www.microsoft.com	23.52.181.212 88.221.169.152	whitelisted
acstuff.ru	172.67.71.70 104.26.8.2 104.26.9.2	unknown
acstuff.club	104.26.6.187 104.26.7.187 172.67.70.229	unknown
client.wns.windows.com	172.211.123.248	whitelisted
slscr.update.microsoft.com	20.165.94.63	whitelisted
fe3cr.delivery.mp.microsoft.com	74.178.76.54	whitelisted

Threats

PID	Process	Class	Message
2164	Content Manager.exe	Potentially Bad Traffic	SUSPICIOUS [ANY.RUN] ZIP Archive Download Containing EXE File
2164	Content Manager.exe	Potential Corporate Privacy Violation	ET INFO User-Agent (Launcher)
5276	MoUsoCoreWorker.exe	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)

Add for printing

No debug info

General Info

latest.zip

8A31F4E138CD96E76D0C0D74D3658E38

46468B9E73759A61F714D2D94572ADEC3E459E30

19B973DC9840EB085B625412174BBC674669F46E436E6B658E9E46E4EAAF0C89

98304:+g++7FkXjLxstnE1PB4wipK4egpWGxaC+Iz04IWUFv5ExXiXsrsUzoaqylsm8pFJ:mZuEr0fclss6x+sp5nm

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Executing a file with an untrusted certificate

SUSPICIOUS

Executable content was dropped or overwritten

Drops 7-zip archiver for unpacking

Potential Corporate Privacy Violation

INFO

Generic archive extractor

Checks supported languages

Manual execution by a user

Executable content was dropped or overwritten

Create files in a temporary directory

Creates files or folders in the user directory

Reads security settings of Internet Explorer

Reads the computer name

Reads the machine GUID from the registry

The sample compiled with english language support

Confuser has been detected (YARA)

There is functionality for taking screenshot (YARA)

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings