Windows Analysis Report
RecMin_Free_Install_v_2023_r1.zip

Overview

General Information

Sample name:	RecMin_Free_Install_v_2023_r1.zip
Analysis ID:	1546135
MD5:	ad47ddb1e8b4d4b30ce4a2dae1bd377a
SHA1:	905f92636bfc645f9745ebc1f431cbd1efd3c93e
SHA256:	46d6594dc87a5a143c86d699f38122ce96a0b8591b6b923ea5c05d01963de63e
Infos:

Detection

Score:	25
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Drops executables to the windows directory (C:\Windows) and starts them

Creates files inside the system directory

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

Queries the volume information (name, serial number etc) of a device

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Classification

Signatures

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData

Creates files inside the system directory

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\ST6UNST.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\SETUP.LST
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\RMedit.CAB
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\Setup1.exe
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\ST6UNST.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\SETUP.LST
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\RMedit.CAB
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\Setup1.exe

Deletes files inside the Windows folder

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File deleted: C:\Windows\SETUP.LST

Source: classification engine

Classification label: sus25.evad.winZIP@13/10@0/0

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ST6UNST Uninstaller.LNK

Source: C:\Windows\Setup1.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File created: C:\Users\user\AppData\Local\Temp\msftqws.pdw

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File read: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 5952
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 5952
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 3044
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 3044

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: acgenral.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: samcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msacm32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: aclayers.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: vb6stkit.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: comcat.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: olepro32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: apphelp.dll
Source: C:\Windows\Setup1.exe	Section loaded: acgenral.dll
Source: C:\Windows\Setup1.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmm.dll
Source: C:\Windows\Setup1.exe	Section loaded: samcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: msacm32.dll
Source: C:\Windows\Setup1.exe	Section loaded: version.dll
Source: C:\Windows\Setup1.exe	Section loaded: userenv.dll
Source: C:\Windows\Setup1.exe	Section loaded: dwmapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: urlmon.dll
Source: C:\Windows\Setup1.exe	Section loaded: mpr.dll
Source: C:\Windows\Setup1.exe	Section loaded: sspicli.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: iertutil.dll
Source: C:\Windows\Setup1.exe	Section loaded: srvcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: netutils.dll
Source: C:\Windows\Setup1.exe	Section loaded: aclayers.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Setup1.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Setup1.exe	Section loaded: wldp.dll
Source: C:\Windows\Setup1.exe	Section loaded: profapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6zz.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6es.dll
Source: C:\Windows\Setup1.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Setup1.exe	Section loaded: sxs.dll
Source: C:\Windows\Setup1.exe	Section loaded: propsys.dll
Source: C:\Windows\Setup1.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Setup1.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Setup1.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Setup1.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: textshaping.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6stkit.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: apphelp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: acgenral.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: uxtheme.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmm.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: samcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: msacm32.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: version.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: userenv.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: dwmapi.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: urlmon.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: mpr.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sspicli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: iertutil.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: srvcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: netutils.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: aclayers.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc_os.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: kernel.appcore.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textinputframework.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coreuicomponents.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coremessaging.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coremessaging.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textshaping.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: windows.storage.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wldp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: propsys.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: acgenral.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: samcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msacm32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: aclayers.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: vb6stkit.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: comcat.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: olepro32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: apphelp.dll
Source: C:\Windows\Setup1.exe	Section loaded: acgenral.dll
Source: C:\Windows\Setup1.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmm.dll
Source: C:\Windows\Setup1.exe	Section loaded: samcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: msacm32.dll
Source: C:\Windows\Setup1.exe	Section loaded: version.dll
Source: C:\Windows\Setup1.exe	Section loaded: userenv.dll
Source: C:\Windows\Setup1.exe	Section loaded: dwmapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: urlmon.dll
Source: C:\Windows\Setup1.exe	Section loaded: mpr.dll
Source: C:\Windows\Setup1.exe	Section loaded: sspicli.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: iertutil.dll
Source: C:\Windows\Setup1.exe	Section loaded: srvcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: netutils.dll
Source: C:\Windows\Setup1.exe	Section loaded: aclayers.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Setup1.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Setup1.exe	Section loaded: wldp.dll
Source: C:\Windows\Setup1.exe	Section loaded: profapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6zz.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6es.dll
Source: C:\Windows\Setup1.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Setup1.exe	Section loaded: sxs.dll
Source: C:\Windows\Setup1.exe	Section loaded: propsys.dll
Source: C:\Windows\Setup1.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Setup1.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Setup1.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Setup1.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: textshaping.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6stkit.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: apphelp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: acgenral.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: uxtheme.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmm.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: samcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: msacm32.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: version.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: userenv.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: dwmapi.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: urlmon.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: mpr.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sspicli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: iertutil.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: srvcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: netutils.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: aclayers.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc_os.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: kernel.appcore.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textinputframework.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coreuicomponents.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coremessaging.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textshaping.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: windows.storage.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wldp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: propsys.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: RecMin_Free_Install_v_2023_r1.zip

Static file information: File size 15274040 > 1048576

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Windows\Setup1.exe	Executable created and started: C:\WINDOWS\ST6UNST.EXE
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Executable created and started: C:\WINDOWS\Setup1.exe

Drops PE files

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6STKIT.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\Setup1.exe	Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\temp.000	Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6ES.DLL	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\Setup1.exe			Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\temp.000			Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File created: C:\Windows\temp.000

Jump to dropped file

Modifies existing windows services

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VBRuntime

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ST6UNST Uninstaller.LNK
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ST6UNST Uninstaller.LNK

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Window / User API: threadDelayed 9592
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Window / User API: threadDelayed 9838

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 932	Thread sleep count: 63 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 932	Thread sleep count: 324 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 932	Thread sleep count: 9592 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 2204	Thread sleep count: 64 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 2204	Thread sleep count: 9838 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 2204	Thread sleep count: 86 > 30

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Setup1.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Setup1.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Setup1.exe	Queries volume information: C:\ VolumeInformation

Screenshots

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6ES.DLL	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	5920F5A17A7BB807EF3F1F7CB5558728	F1F19864BFCF4FBF317B1F8A234864F8CD0B3800	B9C2FA6DECF3C7027C6AC7D363A1714B732E0B75AD17327F3E31C6B88FA9E92A
C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6STKIT.DLL	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	87AA9155ACC202711F5720718E1DFFCB	F39DAFDA494CA142539E477B41EBB829C30B77B7	564747CFF8ABB9367F4D435BFADDB578AAB7E4CB4BF174F361D33846207540FE
C:\Users\user\AppData\Local\Temp\~DF0A381E4EDE7F967C.TMP	Composite Document File V2 Document, Cannot read section info	BF83DF439316E1AF22667C6331CDE6BC	D24798AB2BD13B9FFC2AB28B1E1D8CC722A2E63F	A7F7E2C4CE9A8DF248976D43B687E8FF0DE9D6BBF594619F214000AA5AF3C774
C:\Users\user\AppData\Local\Temp\~DF1028A87FB36BFAC7.TMP	Composite Document File V2 Document, Cannot read section info	1ADCCD9924CA2BAF4FBEF12435303922	4E0413AC975B610ED70C95F12CD21B0DE2F1A8D1	ABA9121C2E0A4714DB144620840BDB0D715D40372C889B3993938B446BE8D33E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ST6UNST Uninstaller.LNK	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Thu Oct 31 12:50:41 2024, mtime=Thu Oct 31 12:50:42 2024, atime=Thu Oct 31 12:50:42 2024, length=74240, window=hide	7EC4E5C24F749E318C1F7B07F4E01856	3C0138D006C78D270A055A9D58F0DF023ED47E2A	D62C66D281FE8B72667EFDABB64B21252148D1FFA7D5DC461192375513265987
C:\WINDOWS\ST6UNST.EXE (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	2867D8CFF604A9FE2128D9D04B68C281	0DCAF9552202697BADC6324B67F3DB73A16FA408	547D02BBED9F98A7E7EF23F07D48B6907AED594A31DF8E004E021BE813B0BA4F
C:\Windows\RMedit.CAB	Microsoft Cabinet archive data, many, 15372801 bytes, 68 files, at 0x1830 +A "RMedit.exe" +A "msvbvm60.dll", flags 0x4, ID 64812, number 1, extra bytes 6144 in head, 1473 datablocks, 0x1 compression	2A6E2815E00A25B0B519C4EA4D717050	AA27219B38121F3F5C34DE3F38739914039145BE	DF14881E7FB013B739C10A61B1AC2E6F56CE044E771CCAF51184EB83E526D7B3
C:\Windows\SETUP.LST	Generic INItialization configuration [Bootstrap Files]	D951BC0B388358D6B43936318EBF9805	51FC70D54C130FE74FC689A36211A63C58852988	6000E6C389A3F35A22174A3E2D3D44CEC9FBC6EC97643C8F64E8DA9C4411DC3D
C:\Windows\ST6UNST.000	ISO-8859 text, with CRLF line terminators	DC8A8BE35F083DF8E75184CE8AA901CA	4236F9BEEB94CA3374D97EC3A92157F59987CCD0	0B0CC4EBDF0110E9C91AC16C0C65060FF0614151080E17738B0115D5AFF77B62
C:\Windows\Setup1.exe	PE32 executable (GUI) Intel 80386, for MS Windows	DBFDB6BD6492C5FE165943091223228E	746ADE31DDA2C7470D0198F568A1972D591E4B1B	126927B16FF92B8A3285EC43ECAC6EF85184137AE7F7EF74455F4E39F064591A
C:\Windows\temp.000	PE32 executable (GUI) Intel 80386, for MS Windows	2867D8CFF604A9FE2128D9D04B68C281	0DCAF9552202697BADC6324B67F3DB73A16FA408	547D02BBED9F98A7E7EF23F07D48B6907AED594A31DF8E004E021BE813B0BA4F

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData

Creates files inside the system directory

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\ST6UNST.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\SETUP.LST
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\RMedit.CAB
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\Setup1.exe
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\ST6UNST.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\SETUP.LST
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\RMedit.CAB
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\temp.000
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\WINDOWS\Setup1.exe

Deletes files inside the Windows folder

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File deleted: C:\Windows\SETUP.LST

Source: classification engine

Classification label: sus25.evad.winZIP@13/10@0/0

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ST6UNST Uninstaller.LNK

Source: C:\Windows\Setup1.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File created: C:\Users\user\AppData\Local\Temp\msftqws.pdw

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File read: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 5952
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 5952
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: unknown	Process created: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe"
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process created: C:\Windows\Setup1.exe C:\WINDOWS\Setup1.exe "C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\" "C:\WINDOWS\ST6UNST.000" "C:\WINDOWS\st6unst.exe"
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 3044
Source: C:\Windows\Setup1.exe	Process created: C:\Windows\ST6UNST.EXE C:\WINDOWS\st6unst.exe -n "C:\Windows\ST6UNST.000" -e 3 -f -w 3044

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: acgenral.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: samcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msacm32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: aclayers.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: vb6stkit.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: comcat.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: olepro32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: apphelp.dll
Source: C:\Windows\Setup1.exe	Section loaded: acgenral.dll
Source: C:\Windows\Setup1.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmm.dll
Source: C:\Windows\Setup1.exe	Section loaded: samcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: msacm32.dll
Source: C:\Windows\Setup1.exe	Section loaded: version.dll
Source: C:\Windows\Setup1.exe	Section loaded: userenv.dll
Source: C:\Windows\Setup1.exe	Section loaded: dwmapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: urlmon.dll
Source: C:\Windows\Setup1.exe	Section loaded: mpr.dll
Source: C:\Windows\Setup1.exe	Section loaded: sspicli.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: iertutil.dll
Source: C:\Windows\Setup1.exe	Section loaded: srvcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: netutils.dll
Source: C:\Windows\Setup1.exe	Section loaded: aclayers.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Setup1.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Setup1.exe	Section loaded: wldp.dll
Source: C:\Windows\Setup1.exe	Section loaded: profapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6zz.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6es.dll
Source: C:\Windows\Setup1.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Setup1.exe	Section loaded: sxs.dll
Source: C:\Windows\Setup1.exe	Section loaded: propsys.dll
Source: C:\Windows\Setup1.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Setup1.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Setup1.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Setup1.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: textshaping.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6stkit.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: apphelp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: acgenral.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: uxtheme.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmm.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: samcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: msacm32.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: version.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: userenv.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: dwmapi.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: urlmon.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: mpr.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sspicli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: iertutil.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: srvcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: netutils.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: aclayers.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc_os.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: kernel.appcore.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textinputframework.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coreuicomponents.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coremessaging.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coremessaging.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textshaping.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: windows.storage.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wldp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: propsys.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: acgenral.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: samcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msacm32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: aclayers.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: vb6stkit.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: comcat.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: olepro32.dll
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: apphelp.dll
Source: C:\Windows\Setup1.exe	Section loaded: acgenral.dll
Source: C:\Windows\Setup1.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmm.dll
Source: C:\Windows\Setup1.exe	Section loaded: samcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: msacm32.dll
Source: C:\Windows\Setup1.exe	Section loaded: version.dll
Source: C:\Windows\Setup1.exe	Section loaded: userenv.dll
Source: C:\Windows\Setup1.exe	Section loaded: dwmapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: urlmon.dll
Source: C:\Windows\Setup1.exe	Section loaded: mpr.dll
Source: C:\Windows\Setup1.exe	Section loaded: sspicli.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Setup1.exe	Section loaded: iertutil.dll
Source: C:\Windows\Setup1.exe	Section loaded: srvcli.dll
Source: C:\Windows\Setup1.exe	Section loaded: netutils.dll
Source: C:\Windows\Setup1.exe	Section loaded: aclayers.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc.dll
Source: C:\Windows\Setup1.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Setup1.exe	Section loaded: msvbvm60.dll
Source: C:\Windows\Setup1.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Setup1.exe	Section loaded: wldp.dll
Source: C:\Windows\Setup1.exe	Section loaded: profapi.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6zz.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6es.dll
Source: C:\Windows\Setup1.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Setup1.exe	Section loaded: sxs.dll
Source: C:\Windows\Setup1.exe	Section loaded: propsys.dll
Source: C:\Windows\Setup1.exe	Section loaded: textinputframework.dll
Source: C:\Windows\Setup1.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\Setup1.exe	Section loaded: coremessaging.dll
Source: C:\Windows\Setup1.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: wintypes.dll
Source: C:\Windows\Setup1.exe	Section loaded: textshaping.dll
Source: C:\Windows\Setup1.exe	Section loaded: vb6stkit.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: apphelp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: acgenral.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: uxtheme.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmm.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: samcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: msacm32.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: version.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: userenv.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: dwmapi.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: urlmon.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: mpr.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sspicli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: winmmbase.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: iertutil.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: srvcli.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: netutils.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: aclayers.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: sfc_os.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: kernel.appcore.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textinputframework.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coreuicomponents.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: coremessaging.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wintypes.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: textshaping.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: windows.storage.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: wldp.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: propsys.dll
Source: C:\Windows\ST6UNST.EXE	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Source: RecMin_Free_Install_v_2023_r1.zip

Static file information: File size 15274040 > 1048576

Persistence and Installation Behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Windows\Setup1.exe	Executable created and started: C:\WINDOWS\ST6UNST.EXE
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Executable created and started: C:\WINDOWS\Setup1.exe

Drops PE files

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6STKIT.DLL	Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\Setup1.exe	Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\temp.000	Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Local\Temp\msftqws.pdw\VB6ES.DLL	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\Setup1.exe			Jump to dropped file
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Windows\temp.000			Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

File created: C:\Windows\temp.000

Jump to dropped file

Modifies existing windows services

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VBRuntime

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ST6UNST Uninstaller.LNK
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ST6UNST Uninstaller.LNK

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Setup1.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\ST6UNST.EXE	Process information set: NOOPENFILEERRORBOX

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Window / User API: threadDelayed 9592
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Window / User API: threadDelayed 9838

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 932	Thread sleep count: 63 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 932	Thread sleep count: 324 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 932	Thread sleep count: 9592 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 2204	Thread sleep count: 64 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 2204	Thread sleep count: 9838 > 30
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe TID: 2204	Thread sleep count: 86 > 30

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	File opened: C:\Users\user\AppData

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\RecMin_Free_Install_v_2023_r1\setup.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Setup1.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Setup1.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Setup1.exe	Queries volume information: C:\ VolumeInformation

ID:	1546135
Product:	CloudBasic
Start time:	14:49:55
Start date:	31.10.2024
Sample:	RecMin_Free_Install_v_2023_r1.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	ad47ddb1e8b4d4b30ce4a2dae1bd377a
SHA1:	905f92636bfc645f9745ebc1f431cbd1efd3c93e
SHA256:	46d6594dc87a5a143c86d699f38122ce96a0b8591b6b923ea5c05d01963de63e
Filetype:	ZIP compressed archive (8000/1) 100.00%

Windows Analysis Report
RecMin_Free_Install_v_2023_r1.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Spreading

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Windows Analysis Report RecMin_Free_Install_v_2023_r1.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Spreading

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Windows Analysis Report
RecMin_Free_Install_v_2023_r1.zip