Malware analysis 1kdw96cZxc4eZnX0acMA04.zip Malicious activity

Add for printing

File name:	1kdw96cZxc4eZnX0acMA04.zip
Full analysis:	https://app.any.run/tasks/ff7f41e7-122f-4846-a49f-9a087561b679
Verdict:	Malicious activity
Analysis date:	November 10, 2023, 15:11:10
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract
MD5:	63A19C8EF5107DC0B34EEBC8FA7912B8
SHA1:	067035F4B2E449FC44D96D1864A9EC02E77F361C
SHA256:	BB09F073FBAFA23224DB87C8087CB2DFC7E4569217E13198CF679880CF483CBE
SSDEEP:	49152:wCNVd9XpGvVxqkYs3yQTQ30OHWd3itWFSAORC0L7QJVrpOEHBk2vSAFQDnWTXLo+:wCnd3G9IkYxQUXHWd3QO9p3a2vSAyDnO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.100 (8.100)
Skype version 8.100 (8.100)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - utweb_installer.exe (PID: 3904)
  - utweb_installer.exe (PID: 3380)
  - utweb_installer.exe (PID: 3676)
  - utweb_installer.tmp (PID: 3916)
  - utweb.exe (PID: 1924)
SUSPICIOUS
- Reads settings of System Certificates
  - utweb_installer.tmp (PID: 3916)
  - utweb.exe (PID: 1924)
  - helper.exe (PID: 2468)
- Reads the Windows owner or organization settings
  - utweb_installer.tmp (PID: 3916)
- Reads the Internet Settings
  - utweb_installer.tmp (PID: 3916)
  - saBSI.exe (PID: 1816)
  - utweb_installer.exe (PID: 3676)
  - utweb.exe (PID: 1924)
- Malware-specific behavior (creating "System.dll" in Temp)
  - utweb_installer.exe (PID: 3676)
- Checks Windows Trust Settings
  - saBSI.exe (PID: 1816)
  - utweb.exe (PID: 1924)
- Reads security settings of Internet Explorer
  - saBSI.exe (PID: 1816)
  - utweb.exe (PID: 1924)
- Process drops legitimate windows executable
  - utweb_installer.exe (PID: 3676)
- The process creates files with name similar to system file names
  - utweb_installer.exe (PID: 3676)
INFO
- Manual execution by a user
  - utweb_installer.exe (PID: 3380)
  - wmpnscfg.exe (PID: 4016)
- Reads the computer name
  - utweb_installer.tmp (PID: 3632)
  - utweb_installer.tmp (PID: 3916)
  - wmpnscfg.exe (PID: 4016)
  - utweb_installer.exe (PID: 3676)
  - saBSI.exe (PID: 1816)
  - utweb.exe (PID: 1924)
  - helper.exe (PID: 2468)
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 3448)
- Checks supported languages
  - utweb_installer.exe (PID: 3904)
  - utweb_installer.tmp (PID: 3916)
  - wmpnscfg.exe (PID: 4016)
  - utweb_installer.exe (PID: 3380)
  - utweb_installer.tmp (PID: 3632)
  - utweb_installer.exe (PID: 3676)
  - utweb.exe (PID: 1924)
  - saBSI.exe (PID: 1816)
  - helper.exe (PID: 2468)
- Create files in a temporary directory
  - utweb_installer.exe (PID: 3904)
  - utweb_installer.tmp (PID: 3916)
  - utweb_installer.exe (PID: 3380)
  - utweb_installer.exe (PID: 3676)
- Reads the machine GUID from the registry
  - wmpnscfg.exe (PID: 4016)
  - utweb_installer.tmp (PID: 3916)
  - saBSI.exe (PID: 1816)
  - utweb_installer.exe (PID: 3676)
  - utweb.exe (PID: 1924)
- Creates files or folders in the user directory
  - utweb.exe (PID: 1924)
  - utweb_installer.exe (PID: 3676)
  - helper.exe (PID: 2468)
- Creates files in the program directory
  - saBSI.exe (PID: 1816)
- Checks proxy server information
  - utweb_installer.exe (PID: 3676)
- Application launched itself
  - msedge.exe (PID: 2332)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	0x0009
ZipCompression:	Deflated
ZipModifyDate:	2023:11:06 09:30:50
ZipCRC:	0xb82185c0
ZipCompressedSize:	659
ZipUncompressedSize:	2606
ZipFileName:	manifest.json

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

292

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1088

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1388 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:3

C:\Program Files\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1616

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1816

"C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=DE

C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe

utweb_installer.tmp

User:

admin

Company:

McAfee, LLC

Integrity Level:

HIGH

Description:

McAfee WebAdvisor(bootstrap installer)

Exit code:

4294967295

Version:

4,1,1,818

Modules

Images
c:\users\admin\appdata\local\temp\is-5bn9e.tmp\component0_extract\sabsi.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll

1848

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1216 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:2

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1924

"C:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe" /RUNONSTARTUP

C:\Users\admin\AppData\Roaming\uTorrent Web\utweb.exe

utweb_installer.tmp

User:

admin

Company:

Rainberry Inc.

Integrity Level:

MEDIUM

Description:

µTorrent Web

Exit code:

Version:

1.4.0.5714

Modules

Images
c:\users\admin\appdata\roaming\utorrent web\utweb.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\version.dll

2332

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://utweb.rainberrytv.com/gui/index.html?v=1.4.0.5714&firstrun=1&localauth=localapi5ba29085830250f2:

C:\Program Files\Microsoft\Edge\Application\msedge.exe

utweb.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

2436

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4032 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:1

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

2452

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1332,i,15065077765946580247,790556663258160269,131072 /prefetch:8

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

2468

helper/helper.exe 49238 -- ut_web/1.4.0.5714 hval/a69629c6db7fee11a82612a9866c77de

C:\Users\admin\AppData\Roaming\uTorrent Web\helper\helper.exe

utweb.exe

User:

admin

Company:

BitTorrent Inc.

Integrity Level:

MEDIUM

Description:

µTorrent Helper

Exit code:

Version:

2.1.6.2679

Modules

Images
c:\users\admin\appdata\roaming\utorrent web\helper\helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll

Add for printing

Total events

18 111

Read events

17 995

Write events

105

Delete events

Modification events


(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:	write	Name:	NodeSlots
Value: 02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:	(3448) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:	write	Name:	MRUListEx
Value: 01000000020000000700000000000000060000000C0000000B0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF

Add for printing

Executable files

Suspicious files

297

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
3448	WinRAR.exe	C:\Users\admin\Desktop\check\manifest.json		binary
		MD5:ED188E2DC424A00333ED7F5E5E78ABED	SHA256:AB6026278C2674DFC94F91B6F7159CAF9BC018FC505398C8BC6F344C42DEB890
3448	WinRAR.exe	C:\Users\admin\Desktop\check\metadata.json		binary
		MD5:D2ACE203F0E7C39779C0962C4BDF8BC8	SHA256:CB7A12FEEA1687A74F18C3D2F09C7E64824E63584FD87647561E7A77CC846890
3916	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0		compressed
		MD5:CD9C77BC5840AF008799985F397FE1C3	SHA256:26D7704B540DF18E2BCCD224DF677061FFB9F03CAB5B3C191055A84BF43A9085
3916	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\utweb_installer.exe		executable
		MD5:A9AD36BC9E96FBF8FF02C42B5D088647	SHA256:4F7A0E7D9CC1AC5EAE7FDB9563D9495F77E108DBE9BE1EDA23C1A1ECACE78C3E
3676	utweb_installer.exe	C:\Users\admin\AppData\Local\Temp\nslC1F4.tmp\FindProcDLL.dll		executable
		MD5:B4FAF654DE4284A89EAF7D073E4E1E63	SHA256:C0948B2EC36A69F82C08935FAC4B212238B6792694F009B93B4BDB478C4F26E3
3448	WinRAR.exe	C:\Users\admin\Desktop\check\file-acquisition-raw-issues.11naxWvW8f609CLvvITnz1.xml		xml
		MD5:DF7972AC26DF2CAA28114773E2966304	SHA256:BD4E548388E1D08E6F27B1B8AE90E5C1DED51655DB21E987A6141720CDDCC41C
3904	utweb_installer.exe	C:\Users\admin\AppData\Local\Temp\is-GGV4Q.tmp\utweb_installer.tmp		executable
		MD5:EBFFAE50091E056D1A42A81360B41686	SHA256:B87034BC14479A7A77A1E970215942F41FDF265E6BE6235F7A8DE637B0B6AFA1
3448	WinRAR.exe	C:\Users\admin\Desktop\check\script.xml		xml
		MD5:7B14B831A2F439594EE1B6080D2D8C8A	SHA256:3C742A2AEAE376F0C936618F69EE742C3DE3851D5E7F04BEBA048017FBB87EE7
3448	WinRAR.exe	C:\Users\admin\Desktop\check\files-raw.amKgegAXa58bgp5VmMqOxX.xml		xml
		MD5:23B2B89D207BB927685B81300607B603	SHA256:D34F1D85DDC2BA2141F5452A466886DD258922987AEFD65ACAA37B43FAE53BC5
3916	utweb_installer.tmp	C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\is-13JHE.tmp		executable
		MD5:A9AD36BC9E96FBF8FF02C42B5D088647	SHA256:4F7A0E7D9CC1AC5EAE7FDB9563D9495F77E108DBE9BE1EDA23C1A1ECACE78C3E

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

311

DNS requests

155

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
1924	utweb.exe	GET	—	178.79.242.16:80	http://btinstall-artifacts.bittorrent.com/helper_ui/helper_web_ui.btinstall	unknown	—	—	unknown
1924	utweb.exe	POST	200	52.22.217.101:80	http://i-4101.b-10541.utweb.bench.utorrent.com/e?i=4101&e=eyJldmVudE5hbWUiOiJ1dHdlYiIsImFjdGlvbiI6ImdhQmxvY2suYWJzZW50LnBhZ2Vsb2FkIiwiQlVJTERfTlVNQkVSIjoiMTA1NDEiLCJhcHBOYW1lIjoidXR3ZWIiLCJhcHBWZXJzaW9uIjoiMS40LjAuNTcxNC4xMDU0MSIsImlzVXR3ZWIiOnRydWUsInR1dG9yaWFsVmlkZW9IYXNoTGlzdCI6WyI4MGIzOWEyZTM3YWEzNTJjZDJmY2JmYmVmN2M0YTZlOWU4Y2ZlNDM4IiwiOWEyM2JlNmM1NWQ1ZjhkMWUyODI2MGU0MDNiYWU1NDEyNDQzNTc5ZSIsIjM4ZTk3MjM0ZmQ2MGM0ZjMwMzQ0ZDlmYWU4MDg5OWE3NWZjZmJmZmUiLCI2MWIzYjg4NTZjNDgzOWVkZjUxZjVjMjM0NjU5OWI2YmVjNTI0MTQ1IiwiNTYyZTI5Yzc4MzZkYWRiY2Y1NWIzZGViZjgzMDYzMjcxNzY5Yzk0ZiJdLCJ1dWlkIjoiYTY5NjI5YzZkYjdmZWUxMWE4MjYxMmE5ODY2Yzc3ZGUiLCJnYUJsb2NrZXJEZXRlY3RlZCI6bnVsbCwiYmVuY2hHZW8iOiIiLCJ1dHdlYlNhbXBsZVJhdGUiOjF9	unknown	binary	21 b	unknown
3676	utweb_installer.exe	POST	200	52.45.10.136:80	http://i-4101.b-5714.utweb.bench.utorrent.com/e?i=4101	unknown	binary	21 b	unknown
1924	utweb.exe	POST	200	52.22.217.101:80	http://i-4101.b-10541.utweb.bench.utorrent.com/e?i=4101&e=eyJldmVudE5hbWUiOiJ1dHdlYiIsImFjdGlvbiI6ImFkQmxvY2suYWJzZW50LnBhZ2Vsb2FkIiwiQlVJTERfTlVNQkVSIjoiMTA1NDEiLCJhcHBOYW1lIjoidXR3ZWIiLCJhcHBWZXJzaW9uIjoiMS40LjAuNTcxNC4xMDU0MSIsImlzVXR3ZWIiOnRydWUsInR1dG9yaWFsVmlkZW9IYXNoTGlzdCI6WyI4MGIzOWEyZTM3YWEzNTJjZDJmY2JmYmVmN2M0YTZlOWU4Y2ZlNDM4IiwiOWEyM2JlNmM1NWQ1ZjhkMWUyODI2MGU0MDNiYWU1NDEyNDQzNTc5ZSIsIjM4ZTk3MjM0ZmQ2MGM0ZjMwMzQ0ZDlmYWU4MDg5OWE3NWZjZmJmZmUiLCI2MWIzYjg4NTZjNDgzOWVkZjUxZjVjMjM0NjU5OWI2YmVjNTI0MTQ1IiwiNTYyZTI5Yzc4MzZkYWRiY2Y1NWIzZGViZjgzMDYzMjcxNzY5Yzk0ZiJdLCJ1dWlkIjoiYTY5NjI5YzZkYjdmZWUxMWE4MjYxMmE5ODY2Yzc3ZGUiLCJnYUJsb2NrZXJEZXRlY3RlZCI6ZmFsc2UsImJlbmNoR2VvIjoiIiwidXR3ZWJTYW1wbGVSYXRlIjoxfQ==	unknown	binary	21 b	unknown
2468	helper.exe	POST	200	52.22.217.101:80	http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600	unknown	binary	21 b	unknown
2468	helper.exe	POST	200	52.22.217.101:80	http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600	unknown	binary	21 b	unknown
2468	helper.exe	POST	200	52.22.217.101:80	http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600	unknown	binary	21 b	unknown
2468	helper.exe	POST	200	52.22.217.101:80	http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600	unknown	binary	21 b	unknown
2468	helper.exe	POST	200	52.22.217.101:80	http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600	unknown	binary	21 b	unknown
2468	helper.exe	POST	200	52.22.217.101:80	http://i-5600.b-2679.helper.bench.utorrent.com/e.php?i=5600	unknown	binary	21 b	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
2588	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
868	svchost.exe	95.101.148.135:80	—	Akamai International B.V.	NL	unknown
868	svchost.exe	23.218.208.137:80	armmf.adobe.com	AKAMAI-AS	DE	unknown
3916	utweb_installer.tmp	65.9.94.46:443	d3du9emkqnnqkp.cloudfront.net	AMAZON-02	US	unknown
3916	utweb_installer.tmp	65.9.94.17:443	dcnlefgcjiudc.cloudfront.net	AMAZON-02	US	unknown
3916	utweb_installer.tmp	65.9.94.167:443	d27wm444oowmat.cloudfront.net	AMAZON-02	US	unknown
3916	utweb_installer.tmp	67.215.238.66:443	download-lb.utorrent.com	ASN-QUADRANET-GLOBAL	US	unknown

DNS requests

Domain	IP	Reputation
armmf.adobe.com	23.218.208.137	whitelisted
d3du9emkqnnqkp.cloudfront.net	65.9.94.46 65.9.94.106 65.9.94.81 65.9.94.168	unknown
dcnlefgcjiudc.cloudfront.net	65.9.94.17 65.9.94.165 65.9.94.96 65.9.94.99	unknown
d27wm444oowmat.cloudfront.net	65.9.94.167 65.9.94.196 65.9.94.101 65.9.94.62	unknown
download-lb.utorrent.com	67.215.238.66	whitelisted
i-4101.b-5714.utweb.bench.utorrent.com	52.45.10.136 52.0.45.244 52.0.175.9 52.44.225.32 44.219.44.167 44.208.169.130 52.22.132.19 52.54.111.145	unknown
analytics.apis.mcafee.com	54.214.185.147 54.187.213.13 34.213.112.26 52.35.195.242 34.216.131.95 100.20.106.59 52.36.137.129 34.215.71.183	unknown
sadownload.mcafee.com	23.48.23.53 23.48.23.51 23.48.23.34 23.48.23.40 23.48.23.5 23.48.23.26	whitelisted
dht.libtorrent.org	185.157.221.247	unknown
router.bittorrent.com	67.215.246.10	shared

Threats

PID	Process	Class	Message
3676	utweb_installer.exe	Potentially Bad Traffic	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
3676	utweb_installer.exe	Potentially Bad Traffic	ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
1924	utweb.exe	Potential Corporate Privacy Violation	ET P2P BitTorrent DHT ping request
1924	utweb.exe	Potentially Bad Traffic	ET POLICY Executable served from Amazon S3
1924	utweb.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
1088	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Global content delivery network (unpkg .com)

Add for printing

Process	Message
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in current directory
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe	NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe	NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory
saBSI.exe	NotComDllGetInterface: C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\saBSI.exe loading C:\Users\admin\AppData\Local\Temp\is-5BN9E.tmp\component0_extract\mfeaaca.dll, WinVerifyTrust failed with 80092003
saBSI.exe	NCPrivateLoadAndValidateMPTDll: Looking in EXE directory

General Info

1kdw96cZxc4eZnX0acMA04.zip

63A19C8EF5107DC0B34EEBC8FA7912B8

067035F4B2E449FC44D96D1864A9EC02E77F361C

BB09F073FBAFA23224DB87C8087CB2DFC7E4569217E13198CF679880CF483CBE

49152:wCNVd9XpGvVxqkYs3yQTQ30OHWd3itWFSAORC0L7QJVrpOEHBk2vSAFQDnWTXLo+:wCnd3G9IkYxQUXHWd3QO9p3a2vSAyDnO

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Reads settings of System Certificates

Reads the Windows owner or organization settings

Reads the Internet Settings

Malware-specific behavior (creating "System.dll" in Temp)

Checks Windows Trust Settings

Reads security settings of Internet Explorer

Process drops legitimate windows executable

The process creates files with name similar to system file names

INFO

Manual execution by a user

Reads the computer name

Drops the executable file immediately after the start

Checks supported languages

Create files in a temporary directory

Reads the machine GUID from the registry

Creates files or folders in the user directory

Creates files in the program directory

Checks proxy server information

Application launched itself

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings