Malware analysis Stardock Fences v3.0.9.11 Final Eng_Rus.7z Malicious activity

Add for printing

File name:	Stardock Fences v3.0.9.11 Final Eng_Rus.7z
Full analysis:	https://app.any.run/tasks/a9419678-a525-410b-b78a-708a5c7b0a21
Verdict:	Malicious activity
Analysis date:	October 23, 2023, 19:08:29
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-7z-compressed
File info:	7-zip archive data, version 0.4
MD5:	A52336A26571CAF37463DFFF7CDB444A
SHA1:	9E498033464E15BAC95218682292CB4857A3D6B7
SHA256:	51E0AC976928850001034CA2C0E47B938D5D31D42CBA285268DC8333708DEB0A
SSDEEP:	98304:Y91d4610ItV4nYfawe0Hx5bX9DCMV/5oKxN7ZB/xk+JynG83Avpw3nIlJxDlA1Je:sc59TGw1NYnT+O8gCm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - Fences3-sd-setup.exe (PID: 844)
  - irsetup.exe (PID: 2312)
- Application was dropped or rewritten from another process
  - Fences3-sd-setup.exe (PID: 3532)
  - Fences3-sd-setup.exe (PID: 844)
  - irsetup.exe (PID: 2312)
  - GetMachineSID.exe (PID: 3404)
- Loads dropped or rewritten executable
  - irsetup.exe (PID: 2312)
SUSPICIOUS
- Start notepad (likely ransomware note)
  - WinRAR.exe (PID: 3628)
- Reads the Internet Settings
  - Fences3-sd-setup.exe (PID: 844)
  - irsetup.exe (PID: 2312)
- Reads the Windows owner or organization settings
  - irsetup.exe (PID: 2312)
- The process exported the data from the registry
  - irsetup.exe (PID: 2312)
INFO
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 3628)
- Checks supported languages
  - Fences3-sd-setup.exe (PID: 844)
  - irsetup.exe (PID: 2312)
  - GetMachineSID.exe (PID: 3404)
- Create files in a temporary directory
  - Fences3-sd-setup.exe (PID: 844)
  - irsetup.exe (PID: 2312)
  - GetMachineSID.exe (PID: 3404)
  - reg.exe (PID: 2280)
- Reads the computer name
  - Fences3-sd-setup.exe (PID: 844)
  - irsetup.exe (PID: 2312)
  - GetMachineSID.exe (PID: 3404)
- Checks proxy server information
  - irsetup.exe (PID: 2312)
- Reads the machine GUID from the registry
  - irsetup.exe (PID: 2312)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.7z	\|	7-Zip compressed archive (v0.4) (57.1)
.7z	\|	7-Zip compressed archive (gen) (42.8)

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

124

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3628.10809\About the program.txt

C:\Windows\System32\notepad.exe

—

WinRAR.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Notepad

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\notepad.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

844

"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Fences3-sd-setup.exe"

C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Fences3-sd-setup.exe

WinRAR.exe

User:

admin

Integrity Level:

HIGH

Description:

Setup Application

Exit code:

Version:

9.5.1.0

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa3628.11428\stardock fences v3.0.9.11 final eng_rus\fences3-sd-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll

2280

"C:\Windows\system32\reg.exe" export HKLM\Software\Stardock C:\Users\admin\AppData\Local\Temp\registry_export.txt /y

C:\Windows\System32\reg.exe

—

irsetup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Registry Console Tool

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

2312

"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1954746 "__IRAFN:C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Fences3-sd-setup.exe" "__IRCT:3" "__IRTSS:12702823" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"

C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Fences3-sd-setup.exe

User:

admin

Company:

Indigo Rose Corporation

Integrity Level:

HIGH

Description:

Setup Application

Exit code:

Version:

9.5.1.0

Modules

Images
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll

3404

"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe" C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.tmp

C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe

—

irsetup.exe

User:

admin

Company:

Stardock Software, Inc

Integrity Level:

HIGH

Description:

Installer Helper

Exit code:

Version:

1.0.0.1

Modules

Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\getmachinesid.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll

3532

"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Fences3-sd-setup.exe"

C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Fences3-sd-setup.exe

—

WinRAR.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Setup Application

Exit code:

3221226540

Version:

9.5.1.0

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa3628.11428\stardock fences v3.0.9.11 final eng_rus\fences3-sd-setup.exe
c:\windows\system32\ntdll.dll

3628

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Stardock Fences v3.0.9.11 Final Eng_Rus.7z"

C:\Program Files\WinRAR\WinRAR.exe

—

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll

Add for printing

Total events

2 984

Read events

2 937

Write events

Delete events

Modification events


(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(3628) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2312	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.JPG		image
		MD5:AC40DED6736E08664F2D86A65C47EF60	SHA256:F35985FE1E46A767BE7DCEA35F8614E1EDD60C523442E6C2C2397D1E23DBD3EA
3628	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Fences3-sd-setup.exe.md5		text
		MD5:9E28EAF239EAAE9055A2DB2206039CFD	SHA256:014ED731FB39E2F33F6DAD5693EB9800F77387EC19660B8A771C29EB53E2434B
844	Fences3-sd-setup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll		executable
		MD5:05CEB6D2E88A896D6ADA0AB3F0DC40AA	SHA256:B574D89422AFCAAE5446D8FD88D3B7CB48D608CF5411DB761916B35C9999B41A
3628	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Читать.txt		text
		MD5:F15D0656E5C671A36E4459930EE46B67	SHA256:C4B83BA1BF61B1F7BEDB542C8A6493E39185C6F33589F4A5EEF24C17C3E4EBAA
3628	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.11428\Stardock Fences v3.0.9.11 Final Eng_Rus\Fences3-sd-setup.exe		executable
		MD5:178BA67902FC6A05A040ED3D2F537A95	SHA256:92235DA746A26B69A05ED67D9CCF2113996F9EA38DB6B39D41665FB52847394B
2312	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\Unicode.lmd		executable
		MD5:513C279740C287DEC3508AE26D7916C0	SHA256:A285299F207A0093158C05D46996B880032A9B11FB456CE78BBA18988BE9B14A
2312	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat		binary
		MD5:BDE6F93A56946AF3C4F0A08C2CCC2C1A	SHA256:656CFE99F9A0AD977458534D338276E7CB656F1D29E771E03BB80666B528FE26
3628	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$DIa3628.10809\About the program.txt		text
		MD5:E45B9A8AB8D926D3D0962DA43D8F2364	SHA256:980BCA7FC719EA3CB280963A4AA769F8D6C14BA813BFD090A95FA767F560C5FE
2312	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\GetMachineSID.exe		executable
		MD5:55BBF335F75F2A2FE0A5DAF603964D41	SHA256:723ADAE0E69127A6BFBC65C5EF552A351264205EA5E2BC3B80E505FEAA5D0E43
2312	irsetup.exe	C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\eula.txt		text
		MD5:B255E01ECEDAD3F7A600109B01943074	SHA256:5B756A48762AD896DE58B973E4B87D4E76FF25023A727F0A08AAD9EA66E7B843

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
2312	irsetup.exe	POST	200	66.79.209.82:80	http://install.api.stardock.net/installer/Initialize/?format=xml	unknown	text	453 b	unknown
2312	irsetup.exe	POST	200	66.79.209.82:80	http://install.api.stardock.net/installer/SaveInstallStats/?format=xml	unknown	text	219 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2656	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
2312	irsetup.exe	66.79.209.82:80	install.api.stardock.net	TELNET	US	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
1088	svchost.exe	224.0.0.252:5355	—	—	—	unknown

DNS requests

Domain	IP	Reputation
install.api.stardock.net	66.79.209.82	whitelisted

Threats

Found threats are available for the paid subscriptions

2 ETPRO signatures available at the full report

Add for printing

No debug info

General Info

Stardock Fences v3.0.9.11 Final Eng_Rus.7z

A52336A26571CAF37463DFFF7CDB444A

9E498033464E15BAC95218682292CB4857A3D6B7

51E0AC976928850001034CA2C0E47B938D5D31D42CBA285268DC8333708DEB0A

98304:Y91d4610ItV4nYfawe0Hx5bX9DCMV/5oKxN7ZB/xk+JynG83Avpw3nIlJxDlA1Je:sc59TGw1NYnT+O8gCm

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Application was dropped or rewritten from another process

Loads dropped or rewritten executable

SUSPICIOUS

Start notepad (likely ransomware note)

Reads the Internet Settings

Reads the Windows owner or organization settings

The process exported the data from the registry

INFO

Drops the executable file immediately after the start

Checks supported languages

Create files in a temporary directory

Reads the computer name

Checks proxy server information

Reads the machine GUID from the registry

Malware configuration

Static information

TRiD

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings