Malware analysis Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe Malicious activity

Add for printing

File name:	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe
Full analysis:	https://app.any.run/tasks/f54bd2ab-7946-4730-9ce0-8587fcf01fe3
Verdict:	Malicious activity
Analysis date:	February 11, 2024, 03:19:34
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	python
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	8152976D8A04E01F905FB7172EA2B64A
SHA1:	B7F9EEDB1ABFAD58315EF16EA487D9D846867B79
SHA256:	3772AE89A73BC72322D5A544CAD0B63AEA6F647F69B2CD2B07B0B440221F75D8
SSDEEP:	12288:XLVP603RQX2pyf+cnci2N9pKKfyeo+pW1KKRyzE1:bVP60BM2pMUN9keo+c+zE1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - target.exe (PID: 2688)
  - target.exe (PID: 3364)
  - setup.exe (PID: 2896)
  - nvda_slave.exe (PID: 3224)
  - maintenanceservice_installer.exe (PID: 1484)
  - maintenanceservice_tmp.exe (PID: 696)
  - target.exe (PID: 3988)
  - target.exe (PID: 584)
  - target.exe (PID: 2900)
  - target.exe (PID: 2380)
  - target.exe (PID: 3440)
  - assistant_package_sfx.exe (PID: 2824)
  - installer.exe (PID: 3752)
  - installer.exe (PID: 3632)
  - assistant_installer.exe (PID: 884)
- Registers / Runs the DLL via REGSVR32.EXE
  - nvda_slave.exe (PID: 3224)
- Actions looks like stealing of personal data
  - target.exe (PID: 3988)
  - target.exe (PID: 584)
  - target.exe (PID: 2380)
  - target.exe (PID: 3440)
  - assistant_installer.exe (PID: 3388)
  - installer.exe (PID: 3632)
  - assistant_installer.exe (PID: 3048)
  - installer.exe (PID: 3752)
  - assistant_installer.exe (PID: 884)
  - assistant_installer.exe (PID: 3408)
  - assistant_installer.exe (PID: 2208)
  - browser_assistant.exe (PID: 1592)
  - browser_assistant.exe (PID: 3044)
  - assistant_installer.exe (PID: 2124)
- Changes the autorun value in the registry
  - assistant_installer.exe (PID: 884)
SUSPICIOUS
- Reads the Internet Settings
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - Ninite.exe (PID: 2964)
  - nvda_noUIAccess.exe (PID: 1808)
  - nvda_slave.exe (PID: 3224)
  - nvda.exe (PID: 3100)
  - nvda_slave.exe (PID: 3644)
  - nvda.exe (PID: 3728)
  - setup.exe (PID: 2896)
  - target.exe (PID: 3988)
  - browser_assistant.exe (PID: 1592)
- Checks Windows Trust Settings
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - setup.exe (PID: 2896)
  - target.exe (PID: 3988)
  - installer.exe (PID: 3632)
  - browser_assistant.exe (PID: 1592)
- Reads settings of System Certificates
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - nvda.exe (PID: 3728)
  - setup.exe (PID: 2896)
  - target.exe (PID: 3988)
  - installer.exe (PID: 3632)
  - browser_assistant.exe (PID: 1592)
- Reads security settings of Internet Explorer
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 2964)
  - Ninite.exe (PID: 3956)
  - nvda_noUIAccess.exe (PID: 1808)
  - nvda_slave.exe (PID: 3644)
  - setup.exe (PID: 2896)
  - target.exe (PID: 3988)
  - installer.exe (PID: 3632)
  - browser_assistant.exe (PID: 1592)
- Executable content was dropped or overwritten
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - target.exe (PID: 2688)
  - nvda_slave.exe (PID: 3224)
  - target.exe (PID: 3364)
  - setup.exe (PID: 2896)
  - maintenanceservice_tmp.exe (PID: 696)
  - maintenanceservice_installer.exe (PID: 1484)
  - target.exe (PID: 3988)
  - target.exe (PID: 584)
  - target.exe (PID: 2900)
  - target.exe (PID: 2380)
  - target.exe (PID: 3440)
  - assistant_package_sfx.exe (PID: 2824)
  - installer.exe (PID: 3632)
  - installer.exe (PID: 3752)
  - assistant_installer.exe (PID: 884)
- Searches for installed software
  - Ninite.exe (PID: 3956)
  - nvda.exe (PID: 3100)
  - nvda.exe (PID: 3728)
  - setup.exe (PID: 2896)
  - installer.exe (PID: 3632)
- Adds/modifies Windows certificates
  - Ninite.exe (PID: 3956)
- The process verifies whether the antivirus software is installed
  - Ninite.exe (PID: 3956)
- Application launched itself
  - Ninite.exe (PID: 2964)
  - target.exe (PID: 3988)
  - target.exe (PID: 2380)
  - assistant_installer.exe (PID: 3048)
  - installer.exe (PID: 3632)
  - assistant_installer.exe (PID: 884)
  - assistant_installer.exe (PID: 2208)
  - browser_assistant.exe (PID: 1592)
- Reads Mozilla Firefox installation path
  - Ninite.exe (PID: 3956)
- Malware-specific behavior (creating "System.dll" in Temp)
  - target.exe (PID: 2688)
  - setup.exe (PID: 2896)
  - maintenanceservice_installer.exe (PID: 1484)
- The process creates files with name similar to system file names
  - target.exe (PID: 2688)
  - setup.exe (PID: 2896)
  - maintenanceservice_installer.exe (PID: 1484)
- The process drops C-runtime libraries
  - target.exe (PID: 2688)
  - nvda_slave.exe (PID: 3224)
  - setup.exe (PID: 2896)
  - target.exe (PID: 3364)
- Process drops legitimate windows executable
  - target.exe (PID: 2688)
  - nvda_slave.exe (PID: 3224)
  - target.exe (PID: 3364)
  - setup.exe (PID: 2896)
- Loads Python modules
  - nvda_noUIAccess.exe (PID: 1808)
  - nvda_slave.exe (PID: 3224)
  - nvda.exe (PID: 3100)
  - nvda.exe (PID: 3728)
  - nvda_slave.exe (PID: 3644)
- Creates a software uninstall entry
  - nvda_slave.exe (PID: 3224)
  - maintenanceservice_tmp.exe (PID: 696)
  - maintenanceservice_installer.exe (PID: 1484)
  - installer.exe (PID: 3632)
  - setup.exe (PID: 2896)
- Creates/Modifies COM task schedule object
  - regsvr32.exe (PID: 2376)
  - regsvr32.exe (PID: 2396)
  - setup.exe (PID: 2896)
- Uses REG/REGEDIT.EXE to modify registry
  - nvda_slave.exe (PID: 3224)
- The process drops Mozilla's DLL files
  - setup.exe (PID: 2896)
  - target.exe (PID: 3364)
- Loads DLL from Mozilla Firefox
  - setup.exe (PID: 2896)
  - default-browser-agent.exe (PID: 2376)
- Starts application with an unusual extension
  - setup.exe (PID: 2896)
- Starts itself from another location
  - target.exe (PID: 3988)
- Reads the date of Windows installation
  - installer.exe (PID: 3632)
- Changes Internet Explorer settings (feature browser emulation)
  - assistant_installer.exe (PID: 884)
- Drops 7-zip archiver for unpacking
  - Ninite.exe (PID: 3956)
INFO
- Checks supported languages
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 2964)
  - Ninite.exe (PID: 3956)
  - target.exe (PID: 2688)
  - nvda_noUIAccess.exe (PID: 1808)
  - nvda_slave.exe (PID: 3224)
  - nvda.exe (PID: 3100)
  - shellexecute.exe (PID: 908)
  - nvda_slave.exe (PID: 3644)
  - nvda.exe (PID: 3728)
  - target.exe (PID: 3364)
  - setup.exe (PID: 2896)
  - ns7034.tmp (PID: 2432)
  - maintenanceservice_installer.exe (PID: 1484)
  - default-browser-agent.exe (PID: 2376)
  - maintenanceservice_tmp.exe (PID: 696)
  - target.exe (PID: 3988)
  - target.exe (PID: 584)
  - target.exe (PID: 2900)
  - target.exe (PID: 2380)
  - target.exe (PID: 3440)
  - assistant_package_sfx.exe (PID: 2824)
  - assistant_installer.exe (PID: 3048)
  - assistant_installer.exe (PID: 3388)
  - installer.exe (PID: 3632)
  - installer.exe (PID: 3752)
  - assistant_installer.exe (PID: 2208)
  - assistant_installer.exe (PID: 2124)
  - assistant_installer.exe (PID: 884)
  - launcher.exe (PID: 3124)
  - browser_assistant.exe (PID: 3044)
  - launcher.exe (PID: 1864)
  - launcher.exe (PID: 1548)
  - launcher.exe (PID: 4032)
  - browser_assistant.exe (PID: 1592)
  - launcher.exe (PID: 3452)
  - assistant_installer.exe (PID: 3408)
- Reads the computer name
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 2964)
  - Ninite.exe (PID: 3956)
  - target.exe (PID: 2688)
  - nvda_noUIAccess.exe (PID: 1808)
  - nvda_slave.exe (PID: 3224)
  - nvda.exe (PID: 3100)
  - shellexecute.exe (PID: 908)
  - nvda_slave.exe (PID: 3644)
  - nvda.exe (PID: 3728)
  - setup.exe (PID: 2896)
  - default-browser-agent.exe (PID: 2376)
  - maintenanceservice_installer.exe (PID: 1484)
  - maintenanceservice_tmp.exe (PID: 696)
  - target.exe (PID: 3988)
  - target.exe (PID: 2380)
  - assistant_installer.exe (PID: 3048)
  - installer.exe (PID: 3632)
  - assistant_installer.exe (PID: 2208)
  - assistant_installer.exe (PID: 884)
  - browser_assistant.exe (PID: 1592)
- Checks proxy server information
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - nvda_noUIAccess.exe (PID: 1808)
  - nvda.exe (PID: 3100)
  - nvda.exe (PID: 3728)
  - setup.exe (PID: 2896)
  - target.exe (PID: 3988)
  - browser_assistant.exe (PID: 1592)
- Reads the machine GUID from the registry
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - nvda_noUIAccess.exe (PID: 1808)
  - nvda_slave.exe (PID: 3224)
  - nvda.exe (PID: 3100)
  - shellexecute.exe (PID: 908)
  - nvda.exe (PID: 3728)
  - nvda_slave.exe (PID: 3644)
  - setup.exe (PID: 2896)
  - maintenanceservice_installer.exe (PID: 1484)
  - target.exe (PID: 3988)
  - installer.exe (PID: 3632)
  - assistant_installer.exe (PID: 884)
  - browser_assistant.exe (PID: 1592)
- Create files in a temporary directory
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - nvda_noUIAccess.exe (PID: 1808)
  - target.exe (PID: 2688)
  - nvda_slave.exe (PID: 3224)
  - nvda.exe (PID: 3100)
  - nvda_slave.exe (PID: 3644)
  - nvda.exe (PID: 3728)
  - target.exe (PID: 3364)
  - setup.exe (PID: 2896)
  - maintenanceservice_installer.exe (PID: 1484)
  - target.exe (PID: 3988)
  - target.exe (PID: 584)
  - target.exe (PID: 2900)
  - target.exe (PID: 2380)
  - target.exe (PID: 3440)
  - assistant_package_sfx.exe (PID: 2824)
  - installer.exe (PID: 3632)
  - installer.exe (PID: 3752)
- Reads the software policy settings
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - setup.exe (PID: 2896)
  - target.exe (PID: 3988)
  - installer.exe (PID: 3632)
  - browser_assistant.exe (PID: 1592)
- Creates files or folders in the user directory
  - Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe (PID: 3672)
  - Ninite.exe (PID: 3956)
  - nvda.exe (PID: 3100)
  - nvda.exe (PID: 3728)
  - setup.exe (PID: 2896)
  - target.exe (PID: 584)
  - target.exe (PID: 3988)
  - installer.exe (PID: 3632)
  - browser_assistant.exe (PID: 1592)
- Creates files in the program directory
  - nvda_slave.exe (PID: 3224)
  - maintenanceservice_installer.exe (PID: 1484)
  - target.exe (PID: 2380)
  - installer.exe (PID: 3632)
  - setup.exe (PID: 2896)
  - assistant_installer.exe (PID: 884)
- Application launched itself
  - msedge.exe (PID: 956)
- Manual execution by a user
  - nvda_slave.exe (PID: 3644)
  - assistant_installer.exe (PID: 2208)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (76.4)
.exe	\|	Win32 Executable (generic) (12.4)
.exe	\|	Generic Win/DOS Executable (5.5)
.exe	\|	DOS Executable Generic (5.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2017:04:12 00:19:47+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14
CodeSize:	233472
InitializedDataSize:	182272
UninitializedDataSize:	-
EntryPoint:	0x1a53a
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	0.1.1.1183
ProductVersionNumber:	0.1.1.1183
FileFlagsMask:	0x0017
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Secure By Design Inc.
FileDescription:	Ninite
FileVersion:	0,1,1,1183
InternalName:	Ninite
LegalCopyright:	Copyright (C) 2009 Secure By Design Inc
OriginalFileName:	-
ProductName:	Ninite
ProductVersion:	0,1,1,1183

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

114

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

584

C:\Users\admin\AppData\Local\Temp\8BCE6A~1\target.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.80 --initial-client-data=0x16c,0x170,0x174,0x140,0x178,0x6762e428,0x6762e438,0x6762e444

C:\Users\admin\AppData\Local\Temp\8bce6a80-c88c-11ee-ae0a-12a9866c77de\target.exe

target.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Installer

Exit code:

Version:

95.0.4635.80

Modules

Images
c:\users\admin\appdata\local\temp\8bce6a80-c88c-11ee-ae0a-12a9866c77de\target.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll

664

"C:\Program Files\NVDA\nvda.exe"

C:\Program Files\NVDA\nvda.exe

—

nvda_noUIAccess.exe

User:

admin

Company:

NV Access

Integrity Level:

HIGH

Description:

NVDA application

Exit code:

3221226540

Version:

2023.3.3.30854

Modules

Images
c:\program files\nvda\nvda.exe
c:\windows\system32\ntdll.dll

696

"C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install

C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe

maintenanceservice_installer.exe

User:

admin

Company:

Mozilla Foundation

Integrity Level:

HIGH

Exit code:

Version:

115.7.0

Modules

Images
c:\program files\mozilla maintenance service\maintenanceservice_tmp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll

844

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1452 --field-trial-handle=1356,i,8620629446920188625,7919874171337580485,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

884

"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402110322401\assistant\assistant_installer.exe" --installfolder="C:\Program Files\Opera\assistant" --copyonly=0 --allusers=1

C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402110322401\assistant\assistant_installer.exe

installer.exe

User:

admin

Company:

Opera Software

Integrity Level:

HIGH

Description:

Opera Browser Assistant Installer

Exit code:

Version:

95.0.4635.80

Modules

Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\opera_package_202402110322401\assistant\assistant_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll

908

"C:\Users\admin\AppData\Local\Temp\666609~1\shellexecute.exe" "C:\Program Files\nvda\nvda_slave.exe" launchNVDA -r -m

C:\Users\admin\AppData\Local\Temp\66660927-c88c-11ee-ae0a-12a9866c77de\shellexecute.exe

—

Ninite.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\appdata\local\temp\66660927-c88c-11ee-ae0a-12a9866c77de\shellexecute.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

956

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.nvaccess.org/donate/

C:\Program Files\Microsoft\Edge\Application\msedge.exe

nvda.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1484

"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe

ns7034.tmp

User:

admin

Company:

Mozilla Corporation

Integrity Level:

HIGH

Description:

Mozilla Maintenance Service Installer

Exit code:

Version:

115.7.0

Modules

Images
c:\program files\mozilla firefox\maintenanceservice_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1548

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1276 --field-trial-handle=1356,i,8620629446920188625,7919874171337580485,131072 /prefetch:2

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1548

"C:\Program Files\Opera\launcher.exe" --stream

C:\Program Files\Opera\launcher.exe

—

browser_assistant.exe

User:

admin

Company:

Opera Software

Integrity Level:

MEDIUM

Description:

Opera Internet Browser

Exit code:

Version:

95.0.4635.80

Modules

Images
c:\program files\opera\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll

Add for printing

Total events

100 617

Read events

100 113

Write events

429

Delete events

Modification events


(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	write	Name:	ProxyEnable
Value: 0
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	ProxyServer
Value:
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	ProxyOverride
Value:
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	AutoConfigURL
Value:
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:	delete value	Name:	AutoDetect
Value:
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:	write	Name:	SavedLegacySettings
Value: 460000005C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(3672) Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

394

Suspicious files

470

Text files

2 242

Unknown types

200

Dropped files

PID	Process	Filename		Type
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894		binary
		MD5:3E6E937EAD1A14AD5E533E2715D57354	SHA256:F03CB7E9D575AD250653B221C698157BC1A22D08584BA719B1D78B85D7819D36
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62		binary
		MD5:AD126A3DD441675E471D202C4863DE3B	SHA256:5F0BB8E53AE22CC9C59B0C35DDEA03D71E1672C5E39DEDB79B7C3F8A7A52D583
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157		binary
		MD5:273D19B19195FAEBA5CEEFA313C50431	SHA256:8CE3AEFFDB25DF656D31A631B566F8489E098BF9616D050DDCBEF157DCC7512D
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62		binary
		MD5:575ECE8AAA691DEC4BA4AC1D5ECD27D2	SHA256:AA1FF018D93646AE58DE1EAE67559AB5FA75F4030EBBA5608843027590F01B68
3956	Ninite.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751		binary
		MD5:3F9AC0F571E55C2E609D6788D5DA28C4	SHA256:1687B07C06B653EE20B08240B78B1606A59A69E5401FDD826CC777234340E93B
3956	Ninite.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506		binary
		MD5:2A971FE998E1928BCBF6FF121FC4E8CD	SHA256:AAA3A1CE19A9526425AB73EDBF733E9C21AB46838B2B38216C86D4A68469748C
3956	Ninite.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6CAE3312932084B92643C2FA413F2C2E		binary
		MD5:E60824951FC0B444675AB242F1892CA4	SHA256:D3CECD1B24C786865190A04FFBCDF158A1817B5A84AD7D3F6BC085C4B49DDCCE
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517		binary
		MD5:70FBD7716EA7AEAB04BB5BE99F4C446A	SHA256:FF6A5AC1C57CF4A88D5E2D03669563A7CDD1C2F688E0FA428C7F6F332A279CBB
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517		der
		MD5:F69913175057C9F301B6CC7BE12D1B40	SHA256:695D754E6B58A83F822331931E5064765A0228C72EC089516C7B8F88B435AFA2
3956	Ninite.exe	C:\Users\admin\AppData\Local\Temp\TarFDC9.tmp		binary
		MD5:9C0C641C06238516F27941AA1166D427	SHA256:4276AF3669A141A59388BC56A87F6614D9A9BDDDF560636C264219A7EB11256F

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

106

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3956	Ninite.exe	GET	200	184.24.77.48:80	http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOo60UnhrLmKl17N%2BmRGnZtSA%3D%3D	unknown	binary	503 b	unknown
3956	Ninite.exe	GET	200	18.245.39.64:80	http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D	unknown	binary	1.37 Kb	unknown
1080	svchost.exe	GET	304	23.32.238.226:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e2ddf83a2417bb20	unknown	—	—	unknown
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	GET	304	93.184.221.240:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f34bf006e77033a5	unknown	—	—	unknown
2896	setup.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D	unknown	binary	471 b	unknown
3956	Ninite.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D	unknown	binary	471 b	unknown
3956	Ninite.exe	GET	200	184.24.77.48:80	http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgR99C5lm1w8E61L9rtcsCCdvA%3D%3D	unknown	binary	503 b	unknown
3956	Ninite.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAzQqL7GMs%2FmReygqbCE%2Bxw%3D	unknown	binary	313 b	unknown
2056	msedge.exe	GET	301	45.33.23.174:80	http://www.nvaccess.org/donate/	unknown	html	162 b	unknown
3988	target.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAonX%2BcE1u7LI9XNW0saTgQ%3D	unknown	binary	471 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	13.32.27.117:443	ninite.com	AMAZON-02	US	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	108.138.2.173:80	o.ss2.us	AMAZON-02	US	unknown
3672	Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe	18.245.39.64:80	ocsp.rootg2.amazontrust.com	—	US	unknown
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3956	Ninite.exe	13.32.27.117:443	ninite.com	AMAZON-02	US	unknown
3956	Ninite.exe	45.33.23.174:443	www.nvaccess.org	Linode, LLC	US	unknown
3956	Ninite.exe	93.184.221.240:80	ctldl.windowsupdate.com	EDGECAST	GB	whitelisted

DNS requests

Domain	IP	Reputation
ninite.com	13.32.27.117 13.32.27.85 13.32.27.127 13.32.27.121	whitelisted
ctldl.windowsupdate.com	93.184.221.240 23.32.238.226 23.32.238.208 23.32.238.201	whitelisted
o.ss2.us	108.138.2.173 108.138.2.195 108.138.2.107 108.138.2.10	whitelisted
ocsp.rootg2.amazontrust.com	18.245.39.64	whitelisted
ocsp.rootca1.amazontrust.com	18.245.39.64	shared
www.nvaccess.org	45.33.23.174	unknown
x1.c.lencr.org	69.192.161.44	whitelisted
r3.o.lencr.org	184.24.77.48 184.24.77.54	shared
ninite-tools.s3.amazonaws.com	52.216.89.75 3.5.1.120 3.5.8.170 54.231.134.145 3.5.8.190 52.217.174.129 52.216.184.235 54.231.235.161	shared
ocsp.r2m01.amazontrust.com	18.245.65.219	whitelisted

Threats

No threats detected

Add for printing

Process	Message
nvda_noUIAccess.exe	..\..\src\msw\taskbar.cpp(190): 'Shell_NotifyIcon(NIM_ADD)' failed with error 0x00000000 (The operation completed successfully.).
nvda_noUIAccess.exe	Thread 1368, build\x86\remote\ia2Support.cpp, IA2Support_inProcess_terminate, 215: WaitForMultipleObjects returned -1
Ninite.exe	Thread 3892, build\x86\remote\ia2Support.cpp, isSuspendableProcess, 141: getCurrentApplicationUserModelID function not available
Ninite.exe	Thread 3892, build\x86\remote\ia2Support.cpp, isAppContainerProcess, 164: GetTokenInformation for Token_isAppContainer failed
msedge.exe	Thread 3848, build\x86\remote\ia2Support.cpp, isSuspendableProcess, 141: getCurrentApplicationUserModelID function not available
msedge.exe	Thread 3848, build\x86\remote\ia2Support.cpp, isAppContainerProcess, 164: GetTokenInformation for Token_isAppContainer failed
Ninite.exe	Thread 2860, build\x86\remote\sysListView32.cpp, nvdaInProcUtils_sysListView32_getGroupInfo, 43: LVM_GETGROUPINFOBYINDEX failed
assistant_installer.exe	[0211/032251.283:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402110322401\assistant\assistant_installer.exe" --version
assistant_installer.exe	[0211/032303.255:INFO:assistant_installer_main.cc(167)] Running assistant installer with command line "C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402110322401\assistant\assistant_installer.exe" --installfolder="C:\Program Files\Opera\assistant" --copyonly=0 --allusers=1
assistant_installer.exe	[0211/032303.322:INFO:assistant_installer.cc(283)] Setting up the registry

General Info

Ninite 7Zip AIMP AVG Audacity Avast Avira Blender Installer.exe

8152976D8A04E01F905FB7172EA2B64A

B7F9EEDB1ABFAD58315EF16EA487D9D846867B79

3772AE89A73BC72322D5A544CAD0B63AEA6F647F69B2CD2B07B0B440221F75D8

12288:XLVP603RQX2pyf+cnci2N9pKKfyeo+pW1KKRyzE1:bVP60BM2pMUN9keo+c+zE1

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Registers / Runs the DLL via REGSVR32.EXE

Actions looks like stealing of personal data

Changes the autorun value in the registry

SUSPICIOUS

Reads the Internet Settings

Checks Windows Trust Settings

Reads settings of System Certificates

Reads security settings of Internet Explorer

Executable content was dropped or overwritten

Searches for installed software

Adds/modifies Windows certificates

The process verifies whether the antivirus software is installed

Application launched itself

Reads Mozilla Firefox installation path

Malware-specific behavior (creating "System.dll" in Temp)

The process creates files with name similar to system file names

The process drops C-runtime libraries

Process drops legitimate windows executable

Loads Python modules

Creates a software uninstall entry

Creates/Modifies COM task schedule object

Uses REG/REGEDIT.EXE to modify registry

The process drops Mozilla's DLL files

Loads DLL from Mozilla Firefox

Starts application with an unusual extension

Starts itself from another location

Reads the date of Windows installation

Changes Internet Explorer settings (feature browser emulation)

Drops 7-zip archiver for unpacking

INFO

Checks supported languages

Reads the computer name

Checks proxy server information

Reads the machine GUID from the registry

Create files in a temporary directory

Reads the software policy settings

Creates files or folders in the user directory

Creates files in the program directory

Application launched itself

Manual execution by a user

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules