Windows Analysis Report
MDE_File_Sample_39fcbadcdb2708c0aef13776eca6ccd7370cf644.zip

ID:	1541184
Product:	CloudBasic
Start time:	15:00:07
Start date:	24.10.2024
Sample:	MDE_File_Sample_39fcbadcdb2708c0aef13776eca6ccd7370cf644.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b1114059d5b05be6d2d72e36c5faf24b
SHA1:	154bd0e4d01ba93d98d0dfc816c975155ba74461
SHA256:	a2b371673dc9bf2d5b28909c3f953a3a9a7ebc7f0a04bef99590dab294310dd8
Filetype:	ZIP compressed archive (8000/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Desktop\.reloc	data	5748EC0E501142A7F24462B04506F6BD	D267D3E0E1D15789DE323D45970E1FC0DED21E67	6F9D6346BB7B4A96EB95BFFFA04A84B5AB99F3397A2B9200C94654E5EBC6B996
C:\Users\user\Desktop\.rsrc\0\GROUP_ICON\103	data	C1F39C8ED15621D492A506E474E2E806	268DD4D4A232F5EBB2D4281D6A9513F3A6F540B5	ADE87C5B5213340E5C10A37158BB8760E40FDBFBC373BA9FC8A0B6A1BF2E03F2
C:\Users\user\Desktop\.rsrc\0\GROUP_ICON\32512	data	F429E92977EC034294BC46DD96ED1576	82E67757E87BC707410CBCE2216771010D443DF2	677428A38169BD19F643B8D69B4429743AB1C3C20B700EE4026E0CD27AC749D4
C:\Users\user\Desktop\.rsrc\0\ICON\1.ico	MS Windows icon resource - 1 icon, 16x16	FC1FA51476F72A8956C5103ADF4BEA8F	B7DD160BEDBCE2D9374663E2C6759A2EFC4A5290	277ECD38029A8C51DB3453A25A8335C2043B7832A6D8BE79A705F3FE4CF311C0
C:\Users\user\Desktop\.rsrc\0\ICON\2.ico	MS Windows icon resource - 1 icon, 32x32	D4398F932D2584291AE0C41EF3256462	FBE09C53CDDA5F57F4C7442A1ACAC3043DC9E7D0	67FC4DF5DFBA3D6CF7C1C581CD57D46CC5B8E33E84F197E98E2962199769111B
C:\Users\user\Desktop\.rsrc\0\ICON\3.ico	MS Windows icon resource - 1 icon, 48x48	8B5B044B4F0B91D9B9A8D8AE5B43CE7B	BC9E965BDD2998F33770495567FF22CA64D5154A	942E1EA52B6D63A97D490E8A2CB86D7FDEF6B1286DD4B9258A610A8B67FC7FF4
C:\Users\user\Desktop\.rsrc\0\ICON\4.ico	MS Windows icon resource - 1 icon, 64x64	4FDE2BF79F9134A4EDB0D62C404B5273	95749AF5B41F60392CA1DDBE9E9C03E0111C5916	BBE086D946925B8687B32EAF20A322EE964CAA3D29755218734AE25EF49261EC
C:\Users\user\Desktop\.rsrc\0\ICON\5.ico	MS Windows icon resource - 1 icon, -128x-128	62EC26FE76F3150A2A5568E838456F81	D246DE69FD182B8B882D5CC9BE837A6957C2FB2D	47DAC6F09B9CDAC355E3E770F696CD1D6B0D3C9A4B808A12C99980CAEF1C8FC0
C:\Users\user\Desktop\.rsrc\0\ICON\50.ico	MS Windows icon resource - 1 icon, 48x48	C93CA19D6E28734B44FE9EA024314491	95A207B0EC993CA838EB78D6541595D9FB0383F2	85ACA66BD14EFEE38F850BA372BCF59286ABC1698CD2DBCE24871860AD5BB09F
C:\Users\user\Desktop\.rsrc\0\ICON\51.ico	MS Windows icon resource - 1 icon, 32x32	7BAB7CAAFC713358205CAB475CFAA752	F32FAB3BADBB7D2212F136E4AD6F6F42138FF6B3	2F30A4EE4A94753409536E77C79FF037880513E2301BA17BA3B3A2393387DE4D
C:\Users\user\Desktop\.rsrc\0\ICON\52.ico	MS Windows icon resource - 1 icon, 16x16	3DCF5A91BAAE2FBC77D11157EAE407E6	F7FBA3C015D9440E71AE2AEB284574127D8B1B6B	63BD458FA8F437317FE233D4D3E3BAA48C711B97E6850C4E35733F464719D9D6
C:\Users\user\Desktop\.rsrc\0\ICON\6	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	A3F70E04D57EA8FA9643232F93486790	73C20014FB9E39692AB756C976A9F44C476D73B7	F060645052CF7248F0BDC8AF6AD002940514515A25B93F322911A3116089314C
C:\Users\user\Desktop\.rsrc\0\MANIFEST\1	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	B7DB84991F23A680DF8E95AF8946F9C9	CAC699787884FB993CED8D7DC47B7C522C7BC734	539DC26A14B6277E87348594AB7D6E932D16AABB18612D77F29FE421A9F1D46A
C:\Users\user\Desktop\.rsrc\1033\DIALOG\105	data	386770584473E271F23DCED36427F4FF	D14CE95F784B35E4E3EBEE535476EBCD3E380C19	425B8270F7CA42A927EAE6BEA468ACF414A3E4B58B5BA2C56AAAE4D1B2C11014
C:\Users\user\Desktop\.rsrc\1033\DIALOG\106	data	FA83652660409E90E0DB9731AD2ADB17	0A8F0AF67723C87FE26CCF676B8E19EC6357B4DC	4A55BD714F5D50CD8EABBA10E57F0618F1842717DCFA582D73A917B1933CD1D4
C:\Users\user\Desktop\.rsrc\1033\DIALOG\111	data	663040D6315B1D6CE8C0334D182ED8FC	EBCFFF801A12FB8AD1200A4526FCA8BD2C3E96CF	CB3C86CBCB579244A6F819F9C1807A7E89B6E600982EC6EA0841FCDCB16A9EFD
C:\Users\user\Desktop\.rsrc\1033\version.txt	data	5C8361197C6E08DE729DD6A134B0CF8F	3B5B76D28E56F82A81A3DEC61635E9D603EFFBA9	464C60D27B0D58E60D69A4FC542A9524793589EBA380696F1FC11B8176C70FFA
C:\Users\user\Desktop\.text	data	FB6314C1A359C408744C0030931847F2	1ED26E62D17A16617531BB5BED5146F75FAA6E6C	339E8174A0E9E749D949B61E37C8E52B6A85C806C5E131B4EF372D3CCED72768
C:\Users\user\Desktop\CERTIFICATE	data	65D7AF9522B7EA54347D2E058B3F2484	57E92E93693C921F1B27B8CAED95501A1DA8E2A7	808CA187D6B4C24ABDF29465736E883CBC4DF61ABFAE1D221C148CEF8A0851B8

System Summary

Source: classification engine

Classification label: clean1.winZIP@9/19@0/0

Source: C:\Program Files\7-Zip\7zG.exe

File created: C:\Users\user\Desktop\.text

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5564:120:WilError_03

Source: C:\Windows\System32\mspaint.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\39fcbadcdb2708c0aef13776eca6ccd7370cf644~\" -ad -an -ai#7zMap30539:132:7zEvent18843
Source: unknown	Process created: C:\Program Files\7-Zip\7zG.exe "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap14814:132:7zEvent15960
Source: unknown	Process created: C:\Windows\System32\mspaint.exe "C:\Windows\system32\mspaint.exe" "C:\Users\user\Desktop\.rsrc\0\ICON\50.ico"
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\.rsrc\1033\version.txt
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\.text
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\.text
Source: unknown	Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\.text

Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textshaping.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textshaping.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zG.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: acgenral.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: ninput.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: msftedit.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: uiribbon.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: sti.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: wiatrace.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: atlthunk.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: photometadatahandler.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\mspaint.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exe	Section loaded: msvcp110_win.dll

Source: C:\Program Files\7-Zip\7zG.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Source: C:\Windows\System32\mspaint.exe

File opened: C:\Windows\system32\MSFTEDIT.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\7-Zip\7zG.exe

Window detected: Number of UI elements: 15

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exe	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mspaint.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Windows\System32\OpenWith.exe TID: 1240

Thread sleep count: 32 > 30

Source: C:\Windows\System32\mspaint.exe

Process information queried: ProcessInformation

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\OpenWith.exe

Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\.text

Language, Device and Operating System Detection

Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\Desktop\.rsrc\1033\version.txt VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\Desktop\.text VolumeInformation
Source: C:\Windows\System32\notepad.exe	Queries volume information: C:\Users\user\Desktop\.text VolumeInformation