Windows Analysis Report
7z2408-x64.exe

Overview

General Information

Sample name: 7z2408-x64.exe
Analysis ID: 1541328
MD5: 0330d0bd7341a9afe5b6d161b1ff4aa1
SHA1: 86918e72f2e43c9c664c246e62b41452d662fbf3
SHA256: 67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
Infos:

Detection

Score: 19
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Infects executable files (exe, dll, sys, html)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: 7z2408-x64.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Spreading
barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7-zip.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7z.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7z.exe Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7-zip32.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\Uninstall.exe Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7zG.exe Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7zFM.exe Jump to behavior
Source: 7z2408-x64.exe, 00000000.00000003.1756539856.0000000002740000.00000004.00000020.00020000.00000000.sdmp, License.txt.0.dr String found in binary or memory: http://www.gnu.org/
Source: 7z2408-x64.exe, 00000000.00000003.1756539856.0000000002740000.00000004.00000020.00020000.00000000.sdmp, History.txt.0.dr String found in binary or memory: https://7-zip.org/history.txt
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe.0.dr String found in binary or memory: https://www.7-zip.org/
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_004017DE GetModuleFileNameW,GetDlgItemTextW,lstrlenW,ShowWindow,ShowWindow,ShowWindow,SendMessageW,PeekMessageW,PeekMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,SendMessageW,PeekMessageW,PeekMessageW,SetWindowTextW,lstrcpyW,lstrcpyW,lstrlenW,GetFileAttributesW,SetFileAttributesW,lstrcatW,lstrlenW,MessageBoxW,SetFileTime,SetFileAttributesW,MoveFileExW,GetLastError,SendMessageW,SetWindowTextW,MessageBoxW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_004017DE
Detected potential crypto function
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_00405F40 0_2_00405F40
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_00404061 0_2_00404061
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_00407430 0_2_00407430
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_00406A85 0_2_00406A85
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_00405692 0_2_00405692
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Program Files\7-Zip\7z.dll E79DDFB6319DBF9BAC6382035D23597DAD979DB5E71A605D81A61EE817C1E812
Source: Joe Sandbox View Dropped File: C:\Program Files\7-Zip\7z.exe 707F415D7D581EDD9BCE99A0429AD4629D3BE0316C329E8B9EBD576F7AB50B71
Sample file is different than original file name gathered from version info
Source: 7z2408-x64.exe, 00000000.00000002.2968372960.0000000000197000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: OriginalFilename7zipInstall.exe, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000002.2968559714.000000000040E000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilename7zipInstall.exe, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename7-zip.dll, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: FileVersionFileDescriptionOriginalFilename_winzip_.rsrcCOFF_SYMBOLSCERTIFICATE.pdata.reloc vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename7z.dll, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename7z.exe, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename7z.sfx.exe, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename7zFM.exe, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename7zg.exe, vs 7z2408-x64.exe
Source: 7z2408-x64.exe, 00000000.00000003.1759096947.00000000045AF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUninstall.exe, vs 7z2408-x64.exe
Source: 7z2408-x64.exe Binary or memory string: OriginalFilename7zipInstall.exe, vs 7z2408-x64.exe
Uses 32bit PE files
Source: 7z2408-x64.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: clean19.spre.winEXE@1/109@0/0
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_004017DE GetModuleFileNameW,GetDlgItemTextW,lstrlenW,ShowWindow,ShowWindow,ShowWindow,SendMessageW,PeekMessageW,PeekMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,SendMessageW,PeekMessageW,PeekMessageW,SetWindowTextW,lstrcpyW,lstrcpyW,lstrlenW,GetFileAttributesW,SetFileAttributesW,lstrcatW,lstrlenW,MessageBoxW,SetFileTime,SetFileAttributesW,MoveFileExW,GetLastError,SendMessageW,SetWindowTextW,MessageBoxW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_004017DE
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_004025C5 CoCreateInstance, 0_2_004025C5
Source: 7z2408-x64.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\7z2408-x64.exe File read: C:\Program Files\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe File read: C:\Users\user\Desktop\7z2408-x64.exe Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: thumbcache.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: drprov.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: ntlanman.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: davclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: dlnashext.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: playtodevice.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: devdispitemprovider.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wpdshext.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: portabledeviceapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: networkexplorer.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: audiodev.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmvcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: wmasf.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32 Jump to behavior
Source: 7-Zip File Manager.lnk.0.dr LNK file: ..\..\..\..\..\..\Program Files\7-Zip\7zFM.exe
Source: 7-Zip Help.lnk.0.dr LNK file: ..\..\..\..\..\..\Program Files\7-Zip\7-zip.chm
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: Install
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: C:\Users\user\Desktop\7z2408-x64.exe Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: 7z2408-x64.exe Static file information: File size 1624144 > 1048576
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_00401FB1 GetSystemDirectoryW,lstrlenW,lstrcpyW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,malloc,free, 0_2_00401FB1
PE file contains sections with non-standard names
Source: 7-zip32.dll.0.dr Static PE information: section name: .sxdata
Source: 7z.sfx.0.dr Static PE information: section name: .sxdata
Source: 7zCon.sfx.0.dr Static PE information: section name: .sxdata
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_004071E0 push eax; ret 0_2_0040720E

Persistence and Installation Behavior
barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7-zip.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7z.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7z.exe Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7-zip32.dll Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\Uninstall.exe Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7zG.exe Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe System file written: C:\Program Files\7-Zip\7zFM.exe Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7-zip.dll Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7z.sfx Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7z.dll Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7z.exe Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7-zip32.dll Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\Uninstall.exe Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7zCon.sfx Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7zG.exe Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7zFM.exe Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7z.sfx Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File created: C:\Program Files\7-Zip\7zCon.sfx Jump to dropped file
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7-zip.dll Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7z.sfx Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7z.dll Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7z.exe Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exe Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7-zip32.dll Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7zCon.sfx Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exe Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe Dropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exe Jump to dropped file
Source: C:\Users\user\Desktop\7z2408-x64.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: 7z2408-x64.exe, 00000000.00000003.2644291325.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Qdc
Source: 7z2408-x64.exe, 00000000.00000003.2087105031.0000000000668000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\PROGRA~1_VMware_SATA_CD0^']
Source: 7z2408-x64.exe, 00000000.00000003.2062199390.00000000006A5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: gSTORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ef&&
Source: 7z2408-x64.exe, 00000000.00000002.2970058084.000000000A330000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:T
Source: 7z2408-x64.exe, 00000000.00000003.1979640351.000000000069D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: dSTORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.1978887267.000000000069D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: gSTORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2333268101.000000000065B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: _VMware_SATA_CD0^'\
Source: 7z2408-x64.exe, 00000000.00000003.2393903090.000000000A34B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Tjh
Source: 7z2408-x64.exe, 00000000.00000003.2561954201.000000000A34A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}^ff
Source: 7z2408-x64.exe, 00000000.00000003.2311360135.000000000A2AB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA{']
Source: 7z2408-x64.exe, 00000000.00000002.2970058084.000000000A330000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:h
Source: 7z2408-x64.exe, 00000000.00000003.2724562565.000000000A346000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: E#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2644936228.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: -61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2561954201.000000000A34A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}~QG
Source: 7z2408-x64.exe, 00000000.00000003.2394625067.000000000A34B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Tjh
Source: 7z2408-x64.exe, 00000000.00000003.2394625067.000000000A34B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Qdc
Source: 7z2408-x64.exe, 00000000.00000003.2644936228.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2-00a0c91efb8b}\\?\STORAG6~
Source: 7z2408-x64.exe, 00000000.00000003.2171636830.000000000A2A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 4f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA{']
Source: 7z2408-x64.exe, 00000000.00000003.2725173354.000000000A33D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b})
Source: 7z2408-x64.exe, 00000000.00000003.2888976790.000000000A2A6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: }\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2480395971.000000000A34A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}^ff
Source: 7z2408-x64.exe, 00000000.00000003.2749161396.000000000A34D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:e\CLX]
Source: 7z2408-x64.exe, 00000000.00000002.2969841456.000000000A2A7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: _VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!
Source: 7z2408-x64.exe, 00000000.00000003.2724791506.000000000A330000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 7z2408-x64.exe, 00000000.00000002.2969841456.000000000A2A7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2644936228.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: lume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2888709824.000000000A351000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94@]
Source: 7z2408-x64.exe, 00000000.00000003.2889013936.000000000A348000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Qjc
Source: 7z2408-x64.exe, 00000000.00000003.2644936228.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2644291325.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}11ee-8c18-806e6f6e6963}#00
Source: 7z2408-x64.exe, 00000000.00000003.2725173354.000000000A33D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}C
Source: 7z2408-x64.exe, 00000000.00000003.2311246255.000000000065B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}uu
Source: 7z2408-x64.exe, 00000000.00000003.2229433583.00000000006A5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: gSTORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}&&
Source: 7z2408-x64.exe, 00000000.00000003.2061434167.0000000000668000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}--
Source: 7z2408-x64.exe, 00000000.00000003.2644291325.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a33c735c-61ca-11ee-8c18-80
Source: 7z2408-x64.exe, 00000000.00000003.2725173354.000000000A33D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}6f6e6963}#0000000006500000^
Source: 7z2408-x64.exe, 00000000.00000003.2644936228.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2644936228.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000002.2969841456.000000000A2A7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000002.2968725040.000000000060A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0uWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 7z2408-x64.exe, 00000000.00000003.2061506490.00000000006A4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: wgSTORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ef&&
Source: 7z2408-x64.exe, 00000000.00000003.2644291325.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}7f
Source: 7z2408-x64.exe, 00000000.00000003.2725173354.000000000A33D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2644291325.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2644824463.000000000065B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000007
Source: 7z2408-x64.exe, 00000000.00000003.1978887267.000000000069D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}$$
Source: 7z2408-x64.exe, 00000000.00000003.2724562565.000000000A346000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}}\\?\STORAGE#Volume#{a33crcG
Source: 7z2408-x64.exe, 00000000.00000003.2562065555.000000000A34E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.1900346230.000000000069D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: j8ycSTORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2394494523.000000000A2A8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA{']
Source: 7z2408-x64.exe, 00000000.00000003.2480395971.000000000A34A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}OhU
Source: 7z2408-x64.exe, 00000000.00000003.2644291325.000000000A342000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 0C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2408-x64.exe, 00000000.00000003.2561954201.000000000A34A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}OhU
Source: 7z2408-x64.exe, 00000000.00000003.2561954201.000000000A34A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: a-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Tjh
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_00401FB1 GetSystemDirectoryW,lstrlenW,lstrcpyW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,malloc,free, 0_2_00401FB1
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\7z2408-x64.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\7z2408-x64.exe Code function: 0_2_004059FD GetVersion,GetModuleHandleW,GetProcAddress,GetSystemDirectoryW,LoadLibraryExW, 0_2_004059FD
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1541328 Sample: 7z2408-x64.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 19 4 7z2408-x64.exe 3 14 2->4         started        file3 8 C:\Program Files\7-Zip\Uninstall.exe, PE32 4->8 dropped 10 C:\Program Files\7-Zip\7zG.exe, PE32+ 4->10 dropped 12 C:\Program Files\7-Zip\7zFM.exe, PE32+ 4->12 dropped 14 6 other files (4 malicious) 4->14 dropped 16 Infects executable files (exe, dll, sys, html) 4->16 signatures4
No contacted IP infos