Windows Analysis Report
7z2301-x64.exe

ID:	1428447
Product:	CloudBasic
Start time:	23:56:01
Start date:	18.04.2024
Sample:	7z2301-x64.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	e5788b13546156281bf0a4b38bdd0901
SHA1:	7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256:	26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Program Files\7-Zip\7-zip.chm	MS Windows HtmlHelp Data	DA6AEC447474DF298ECA9F18C2FDA0A9	C1E918FC600856A85A00A89AF6CE623A4349126B	20C7B0DC8B584975803F3D8DDE90BAD423CC16C0ADDE5B33899428FCF61E485E
C:\Program Files\7-Zip\7-zip.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	956D826F03D88C0B5482002BB7A83412	560658185C225D1BD274B6A18372FD7DE5F336AF	F9B4944D3A5536A6F8B4D5DB17D903988A3518B22FBEE6E3F6019AAF44189B3D
C:\Program Files\7-Zip\7-zip32.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	CE9564F1A1BB9D09693629DCFAB40356	F29A70FB365CC6789EC60F9FAE9478F36A809902	62EF98B00232F9D63A647E201ABFB354582D3FBC342EC63DF15B2A0CE514B5A6
C:\Program Files\7-Zip\7z.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	4E35A902CA8ED1C3D4551B1A470C4655	AD9A9B5DBE810A6D7EA2C8430C32417D87C5930C	77222E81CB7004E8C3E077AADA02B555A3D38FB05B50C64AFD36CA230A8FD5B9
C:\Program Files\7-Zip\7z.exe	PE32+ executable (console) x86-64, for MS Windows	9A1DD1D96481D61934DCC2D568971D06	F136EF9BF8BD2FC753292FB5B7CF173A22675FB3	8CEBB25E240DB3B6986FCAED6BC0B900FA09DAD763A56FB71273529266C5C525
C:\Program Files\7-Zip\7z.sfx	PE32 executable (GUI) Intel 80386, for MS Windows	FDE7CFC05A92C34840EB8519F58E6321	1891D21310097F8EC825F470053723CACC9575A1	8661E029CAC3FAE0819423AC442B0BAA109C863474B6BE15E4D83D3A7ECFCB13
C:\Program Files\7-Zip\7zCon.sfx	PE32 executable (console) Intel 80386, for MS Windows	F9BE893236C2184FEB95094815EEB22E	F9B530D6017050DC417BB3E1757ED0B5F9B68477	885D232EB013CF2527795712C5D563AD0BDF7DF46126124F5F81411638FA7760
C:\Program Files\7-Zip\7zFM.exe	PE32+ executable (GUI) x86-64, for MS Windows	30AC0B832D75598FB3EC37B6F2A8C86A	6F47DBFD6FF36DF7BA581A4CEF024DA527DC3046	1EA0839C8DC95AD2C060AF7D042C40C0DAED58CE8E4524C0FBA12FD73E4AFB74
C:\Program Files\7-Zip\7zG.exe	PE32+ executable (GUI) x86-64, for MS Windows	50F289DF0C19484E970849AAC4E6F977	3DC77C8830836AB844975EB002149B66DA2E10BE	B9B179B305C5268AD428B6AE59DE10B4FE99CF0199BBC89B7017181905E97305
C:\Program Files\7-Zip\History.txt	ASCII text, with CRLF line terminators	69A9ED93F118B332335D30F96C66F359	D125AD2574A90CFE50DE95D36F84014D1D0012EE	83495C16B428D317EC3D27912C852F1AF4B84526F6540E579ED34EBB66364D70
C:\Program Files\7-Zip\Lang\af.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7DB01445EF366652C133F316C6FDF764	BA1AF33E920FC820BF474A47768A17C6C93A2EF4	181E34045FB6338338C68D7CCAA325D47969AC43A20D20D898846F64FB68251A
C:\Program Files\7-Zip\Lang\an.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	1583A850CA7369FCECF12B4159B4328F	E651FF9613B31B8D9602FF6C4FA2CF27678F82F8	C082AED224D70A3F77E68C0DB90FDFBCEDB8E4C12BB1A4C6DC7561BD8B1FA071
C:\Program Files\7-Zip\Lang\ar.txt	Unicode text, UTF-8 text, with CRLF line terminators	1F1268BF2A1262BA99013F7B36A82655	6101602D68A3F6E229847629DC03B691647046CF	5A18170ADB8152458716A24BDAA12835FC26C68B31209A9E29E739FCA212A356
C:\Program Files\7-Zip\Lang\ast.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	23ECE3A43D2577A1F4BB5D420ABB563F	34D0804C00F45C5CDA77409CBD382DC11932EF4F	61D67F81971A8A2093041CE58B39C7229B413B991B2FC724E4898BC319539992
C:\Program Files\7-Zip\Lang\az.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E5A80461B90F025BE5EE9062673B53AC	CDF8042B7CD2BD7C9F09DFA271681CCC6E639864	F0D1EAD49E7D42F897B7EA715CCE41637C3EBD7EC556541AEDD7CA2156CBA065
C:\Program Files\7-Zip\Lang\ba.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C3EFC3A627FB8B406F8805A12F09739B	BACC7EEDE7610A824CA8EAC89ACA9F6001D25336	AA8A4BAEBE75F9C0D4319FB65DEB61786DD1BD7E692226FABF2679E2606FA0D5
C:\Program Files\7-Zip\Lang\be.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E48F4BF2D0103001EDE9551D62A8C4DD	282D9093F55E9C55D449E074F7CC42D995661EC3	B49445240BBD9910D1FD693654F8A51D4035FC2D2B572E7C195B917321C27F05
C:\Program Files\7-Zip\Lang\bg.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F245A8437A36ABE7BF356F77D7E9E104	5DED5211B33E2835BC864E63981DDBB74A58DD32	4E308D796DBDF26A690102195426A6702AB567363AB8ECD5F063080AB66DC819
C:\Program Files\7-Zip\Lang\bn.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C0CF8DA47FEF56028EDBB261E4F5A691	D5A8030E1EA15B8F85951149EAC41AAA9C3072CA	389EEABAE507E204BC53925CC1E2F1A4CC0CCE5D6E74BCA8F015213ED019D7F5
C:\Program Files\7-Zip\Lang\br.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	DB2784955E875A93EF7F2D1557F3F6F4	27CD891768902C51E1451F31894E3EFF30620361	88233348E8BF385ECCC6CB56C4A088900C92E1FA51329769EBC5C4A5E6C2CBE5
C:\Program Files\7-Zip\Lang\ca.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	812D4995102E9B475B874D0CFDD8F56A	7377BBAA47CA91755574F07FC17BE41C3FAD3237	3D0FF58CCE129A004CE1D7E0608808CE64E712A0E8AEBDDB908EDA3B191BD883
C:\Program Files\7-Zip\Lang\co.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F9A98B99A163C842A7ADAB1CD8ACCA76	EFEB42FD33ED61AE7430BECF95F8E45E630EF501	C9A10EE60F89A139D36325595C3DA0AFC0C07D2B6E1CC065BB45D734E1FD133C
C:\Program Files\7-Zip\Lang\cs.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	36A411CF8A6673FD95B4DD282732D5AF	C87638050B904A596F07A3602D6F6AD327762A18	83916D0FE4CC8A4C414F2E90EE3DD7371A38E2EA44414F948F6DA0F8DD23B600
C:\Program Files\7-Zip\Lang\cy.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0C15F3A55DE5D538F2748444623F2745	C15440A16A08339088C563E505012E67C383216A	2DC41991631AAB989FD2368E1EBAB6B56DFE926307FCB1B8E887205584E99B5F
C:\Program Files\7-Zip\Lang\da.txt	Unicode text, UTF-8 text, with CRLF line terminators	D8ABA2DA47C1031832957B75A6524737	B83069EF9F7A08F18804AE966B8D18657E2907CD	F65026AE33D4302A7EF06A856F6F062C9730100F5A87D5C00FB3FEAF5FCD5805
C:\Program Files\7-Zip\Lang\de.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	8C46FB4A3C5025C1089F5C634D5D951C	46272D7178330B9F1AB1AAF7F3DB068F4D8B72C0	E6A716C27F11BFADBA853228A5BEC9CDD6D043F22F5DB8F70094CD2E857C3A6A
C:\Program Files\7-Zip\Lang\el.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D74CE0F31E3C062B6631455EA2C3DCDB	B4267827E54A0E6D9AC32BE961640B4530B59CB2	7F11663757A2BDC193547E8C2A221F92D8F1825DB0E7C801D33BA1B42FBF08FA
C:\Program Files\7-Zip\Lang\en.ttt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	72EA78FC93365651AA4222B6EBF31BF9	9A2A5A2879E30DDE4571F75EB00F95F58226C768	4D6405DC6F93C00FA7EFF8BBCAC256D079FF56C5D0EDAAC41BB1A80C0AB2FECD
C:\Program Files\7-Zip\Lang\eo.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	418188A5E20929D6948DE22B970A3208	2068DFA837475C14E13919555816416D44FF4A3E	7AEFF9B0450B006C212104A541787B3A9E0912B85733F6ADDAB700B7BCC0F33D
C:\Program Files\7-Zip\Lang\es.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0E082B43A79586272B05C9CA8F7C16DF	9EEA192851D5FB9045E88B506ED4E1558667E683	88972F7E173CFED678FBA72F5EEFBC1C485D8CDAD14C49E57A9D3076CFF0C2FD
C:\Program Files\7-Zip\Lang\et.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	EE84B1C885670EADEC64639F14DA46E2	C4701563AFA270FD4C33802383347A3C19E2FD92	7B0E52653B536AD2595DE618073C37A8FC833E1B43B0772A6A1FD3C2167F59ED
C:\Program Files\7-Zip\Lang\eu.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	29EC04893F6B2C9058A8F1E0BEAF9081	8E7B5A0EC24153AA7BE02F0395C003DF02CF6A09	536D93CA6D7C96D203B51333C4E78DE2429F78D32CC321461589626759C84127
C:\Program Files\7-Zip\Lang\ext.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	316F7B64FC0B4ACC1643322AB14AFE46	3BFB64C9FDE5F0A1D6F7072B59F2FFF3F08C29E8	D8770102923AA03E0441094FA729F602A52D447E30954F03E2DC56D1124CDA69
C:\Program Files\7-Zip\Lang\fa.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	6948E051256DCB49DD6E977A30C53881	C9C65393DDAC81447743D1348A0F45DB88A8DED8	1A368671BCA4EBD97B9EDEB84976EC208CEFF1C251B93870EBCC9D35936FAA06
C:\Program Files\7-Zip\Lang\fi.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E18EE71739632B1C5B9225A508F98000	F8493DD7EFDCE82E6D8ECF869E13CAAC918B3134	05BB52FA61694A00B235D4614DF7B935CA0D9B3B2CCF43BFF503E8FA1E4FABF9
C:\Program Files\7-Zip\Lang\fr.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	B1B6E1C3CF5247EC1618A88F9853D54D	0671CB77AD76F9E27237AA538F8EFA6BCCC40DE3	CC283E9B0C1822F757372C21F179710C4592A2F7755E706C48065BCFE70BBA5B
C:\Program Files\7-Zip\Lang\fur.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D4361EF22B59D893C571A54A0EA9F206	5185AC8E059848F311A0A9A04A0D220D1882E011	8413FB6F6F8C9F31A10DA448895FD6C0D70834DD33A4FE6241DC41601F6E5AE9
C:\Program Files\7-Zip\Lang\fy.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	B0997F61EC5AEACD1709883BAA95F8E1	12F3C9F988A61C4F6857B891BAB92BE3070C9380	7389F61C25EC26171AE6AA93EBB2960D27EF0CAA396F0F88906D15CD0456F663
C:\Program Files\7-Zip\Lang\ga.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7C57F6A4A8C9D2E502331EA0E199DB03	A1516271F6111F84047235F9301DA3FA57729A4E	DB8A126354D9999DC53C672AFCAE700B977EC124BC8BB9F7FC8FA00B7461CC45
C:\Program Files\7-Zip\Lang\gl.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	B062CDBB0424364BF5057A168C8540AA	24A9BC9B24B7E4676A0CB2E22A5F27476A2674B8	4DB8E6DA476FADEF909AF6DA291A244296CED792133BBA9DD9AEE4CB3F5D584F
C:\Program Files\7-Zip\Lang\gu.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	5648518D6DC5EABF1A723774B0D3DD73	A4E37BDDF88C23607378213DB64D7A5AA77262DE	6950ADA2E0ECA1D2ECBD99824394924C266F464828EED8183849CD429E093E8C
C:\Program Files\7-Zip\Lang\he.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	A5BB2A30200268A5B04282EADC770C96	CB63E10ECE97E7D40D54B5BF3ED0E09807CB66BF	E4EDDD9D9F2F728374DD93598BDC1797A303A81B2C596C1FE0122A35BA763309
C:\Program Files\7-Zip\Lang\hi.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	EB231074C05F7E000CCAF46088E6BEFB	AA6A7E562C91D0DC2A61C017187D11D91050A3DB	3E1515B213561D7550D73A0048A1E1073D980DA7DC61B5074752A7B8787C96E7
C:\Program Files\7-Zip\Lang\hr.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	78410155D8B0C60EB6031F89F055444A	7BE443B61FABAD7C73A6F2CAD8B475C77E66B6E3	41AFD53F0CB057455A936D8F54BF4C7E980DEFE61C4A102CE64BA1FA707B25AB
C:\Program Files\7-Zip\Lang\hu.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	50BBF631148BAE77C10D4C8E54FAF396	DF537B6A8C22374AC371ED3E99658F676DCA265F	8954EA88DB4F0F00A2E6142A8EE112F160FDBF3496C29027F88ADF3A4C1960F5
C:\Program Files\7-Zip\Lang\hy.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	A3FBC89351BB849AB7A095ECA5CE55B9	E7EDE3DFF2B066CB74BEB3863C9637F7D0726A72	5794217068ECE1E278BE92FA4CC56304FC7AEDE204AA75B49B79599F90D3AB33
C:\Program Files\7-Zip\Lang\id.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C0774491B0289F06DF49F578AFB9D540	27A00AD568512AACAEB561B2D5CE73F9459C1621	6161D75C555CBB39CCB97E5BB9494070414ADD1FE48894EA53478358D763D655
C:\Program Files\7-Zip\Lang\io.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	A3A5678560AC09A798F8EDEEE63D7D87	0E05CE684180DA3C8193841EA58C8EE128F3FEDA	583483F9D42195D1A32225FC2D6F5907B556953B9521E1E61091C947C498F966
C:\Program Files\7-Zip\Lang\is.txt	Unicode text, UTF-8 text, with CRLF line terminators	F361950B7D1BB073EF48CA729B7ED5EA	8C5D3FB8E09C9682C6256F05F82CA67C58F0FF2B	F4F9D6DFD36512F027452499B083AD0656DF6503CE03E4E4CC45B925F1F1D678
C:\Program Files\7-Zip\Lang\it.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7A3AA3754FD3B5DCE8D37E9A0E7A4BEE	12F208B86D41C81DCCECB33807CEB3C584049F07	92B60EDFE7F4B65CC4DBC207DEF72155C04FD613F0053F50C0FDDAF7681299DB
C:\Program Files\7-Zip\Lang\ja.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	1E121AB29C3388A0629568D98C25E9E8	CB45CA908D31A2373D2A45ECAFA758BEFDBBC363	D86A3453713FBEA8F8D1077589404FF4792362FC1999A2D4B1BD3392180FB7D1
C:\Program Files\7-Zip\Lang\ka.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	903324372F5F5E6668EE316696DC6B57	8E2C62A2BF2572B996C9F84F703C6E11666785FC	C68E08995342D96D14BD77F4185B8BE2CCF5ED2B7B88B80977D2D93CC2691774
C:\Program Files\7-Zip\Lang\kaa.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	DFBA5C2185E113EEF167A5E21C32DF76	E36703D7D1954E3F1729A0497674EC15C41A2F76	4D631602CE3D0C4D9162AF6BF56A90C8EEF75A24D556B729191B62F79ABA0681
C:\Program Files\7-Zip\Lang\kab.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E7E1D9E034582D9285656B8C87B20502	C547644525ED918F3AEFCA7EF9F974D62FFE4F55	138748A833D4A8980C3B35FAE9DD72114F7146632CE5E50D9A7F805A39F10BE7
C:\Program Files\7-Zip\Lang\kk.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F4C46B450A580AD5ABF0B638DCDCC6FB	750DFDDDDADEE9CFE0E8F651F1C6CC38CF1FCD78	F2E6E55C102485E232DAAD00F68D8905F7A54F8AE2128DB6AFE25231C17ACD69
C:\Program Files\7-Zip\Lang\ko.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F1FB53A644720BB007B3422BBC6E25A8	290589775EB85AD1EF6321DFF2B1CA9C6884867C	3A42727F9189FD791A274CC5AD00DBFBB4B3D5BB6A83F52DE4788389FB00193B
C:\Program Files\7-Zip\Lang\ku-ckb.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F0349C150F5209E41E8626F4FA5AEF60	2305FE53945A522CDD7624368AD6289E2CE40850	EA4856E9C35B1DFD0A831746888EB5D298D0551021290C3F5FF8CFA5CA7306C3
C:\Program Files\7-Zip\Lang\ku.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	BE2ABB068C2223233202116DB9699EB7	AF9DD161B82C727C298328A118675D57BD478804	B79D7BC3C63B9C14C77DA43D2ECE9D8B1880AF9E5301C8BC98370857EE812640
C:\Program Files\7-Zip\Lang\ky.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	21249560FDE7FC9380E356A285F492F9	8B6B3EE173C7B31106870FF0F32EF9996D827C8E	1C9EB6476FE41D1226C44721F9947A5C4D921C9D99D5C2A8D10C21FE96AAE001
C:\Program Files\7-Zip\Lang\lij.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	172C567A95B28962C38D6656AC9BF861	FD52675FA2221D7A69209273C3468FC7A37D8153	9F6BA934DEEF9DA7081FC6E266CAA2DBCC5B69D38A089CAD7AC69517EB2D363E
C:\Program Files\7-Zip\Lang\lt.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	BFF630AB983353341E7F2E838577B4A8	2911E2F2AF88056761F1B215E8CAF718E4F39C23	0F88254AB0DEDDBB7125EBC013968E017E376A1ABFCE4812EAF900AC5E066D9C
C:\Program Files\7-Zip\Lang\lv.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E2B1ECFDD2DF783F50367C24D97A2631	34CD068547EBD50B9D3F4829D1931BB227814835	CC48E814E28FA6DD9206DF879CEC4C03B0FDE9BA8C6309B309EB52DDEC5D0C78
C:\Program Files\7-Zip\Lang\mk.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	368FCBB838BA3E961F4EF6EC99D05F10	EE50926E675344422FB54A718F40B09A8F70B6A7	BCC0DAECBAB5E972F9B8A3A4E73F6A186B785E432DBCE3B04CC0512DA6DC7840
C:\Program Files\7-Zip\Lang\mn.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	667EE24BC0CFD8AC281EC162FED5FE5B	A9492486D6139430E5A3553FD211B6104666366C	A52F8E6AD1731EA1ED1267AD966F2C90328103C278B61C86DD2074B62134D039
C:\Program Files\7-Zip\Lang\mng.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	B84D986F5E6B427789F70E7E049131DD	DE7E3511667E9F7AD5111B9F24C8F21EC0B390E1	6A470983969A59FE6185901984E8DE3A5D40DC9FFD703BF5B1317F4A8CD4106E
C:\Program Files\7-Zip\Lang\mng2.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	24C48AB0E38E5F128844DF0F3A188DA7	AD1EC708502A54964A7C10AC1BC1249E7BDBA8A7	24570CAF8879919211805A7347564A8C430DE65109D9D743A532EB56A6ED282C
C:\Program Files\7-Zip\Lang\mr.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	CE09B7B9A792BF468D23279661C0C0C1	6FEE14A3560BFC450BBC36BACF8FE97FFD812E7F	7A7F7E0D4C1CAEF0F049BC234886AE4A9E74135F21855DC05C8790F81EB9324B
C:\Program Files\7-Zip\Lang\ms.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	18C00C686514667DBEF6021C2EE45755	3F5748014CDB921E69C693641ED40C04BE8E7F77	98F13642FFB436C2CD46818C5AD1B6905C08EB4D101C3B1A86A1913D5C8AB9B2
C:\Program Files\7-Zip\Lang\nb.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	475E7E403F6A31C18672116475A48145	8759C36DFF1E70B3F17D51BB50C23A99AC5AC862	5A29EA8149BB0A86C1917ABB02C9A7FFBCD3564D77C7159853DBFBB2CB49411D
C:\Program Files\7-Zip\Lang\ne.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7CF981CFFBF6A9707376716A4D5020E5	445F60618C7FB9B052C4335932A324F15F262C5D	859372B67C54BE5D782C7B654BEC17DEF6F3FABED7938E0E0EDA9BC0501F8EC4
C:\Program Files\7-Zip\Lang\nl.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0AD65C845A9C056F283D36B5EB3E3924	F7101D5E3EC4E7DC03912EFA50E7D028979E76CE	2539785410A62CAD5DE140A4275FCF301C69E7ED354917761D14CBD5EE0F4FD6
C:\Program Files\7-Zip\Lang\nn.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	1E487C9E8EA1455D39F65AED36AE0C3F	AFA4D0C9A50AC24B6331B07B2F68C3944CE60579	4F042C3561D0027A99A079D06406ABF2260498EB363D16C364F8403CEA0A1593
C:\Program Files\7-Zip\Lang\pa-in.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	3C9ABF9D79E4CD21005A7FC8DDF4F426	FE69BF910FC35FB60E1ECE817AD07ADD3AAEF7EF	9745D4C933E675B6BB6FC617FF2D56F75BE814A8F771F7A6A99EFCBBC7406E04
C:\Program Files\7-Zip\Lang\pl.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	AD586C59B2CE74E7B81F9CA8AB16EB5F	1C2423EF40E05608C3EDACDFDB06C92576F26C25	09A58E5F05327A978EDFF6A25DF3EAE4D70E3E4CE10A757B9B554069A95A7E96
C:\Program Files\7-Zip\Lang\ps.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	5A95214895DBC922DB46242E4DED0CC9	B44E67282700745C036C8561B3E1F98D303AB209	146E35220BCD45FCB886D17A4E017145965CD2EA4DE93FCDB3D0D566A154EF08
C:\Program Files\7-Zip\Lang\pt-br.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F17AF860A989425B3EC74735C14564A4	228CCBAE3AB9223D0511B6D1B89EAD914FC6BBED	A39F90E121F939F6FCF35E7AA37F907FF7308E8294EFCA948401887FBA641245
C:\Program Files\7-Zip\Lang\pt.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	B8F868BF02773C933FD8DE61F8FAAD4F	425145C1E0B09599E5BD914976A8AF79B56E32E3	F2833A6AFBDB1DD3C4BE57904DF960308F293D82F8FD9291D31F0E1A7A4F8F54
C:\Program Files\7-Zip\Lang\ro.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	369C76A290F64E1789038D1A1BD00E84	1F654FFC11DB57CE7230CF56CA90CC15ED800049	62AADC77F5B11353C4BB3582F1F9CD08A41F029F3CD2EBAF0F239B9D4FE6A712
C:\Program Files\7-Zip\Lang\ru.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D79D3086FF78B45FFF7399AB0A8C47D5	9FA9D017D245233A84841A7D0A7C51167BDA810E	8D31CE9559092F4E4FF6D4A4D1F9751B277FEA67F4674E64C81C3D9367E608F3
C:\Program Files\7-Zip\Lang\sa.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D734464288D47B5238638791A5C4AE7F	696B8E4C542F4095864734C1BC204BE6F08A9A5D	697C00D2A37E5100F87A93CFCA6CD67D43A78B523DB18AC65B4260CF080E5AC3
C:\Program Files\7-Zip\Lang\si.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	3C24183C8DC95EDC2B56B42C3D0275ED	7A3843AE91BF3CC721FE52E6C9D58FC16B6253C1	3A47EF6F05B3FE22C1A94B61F4B686E4E3537C1B7E282A577174C3D86C0A2FC9
C:\Program Files\7-Zip\Lang\sk.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	CA2B22D21945A478757A099EEAFDF9A9	5EFBF215647E82DDEAA4C83D064EF83B51413DEA	E571C0D87B50F4659099B4CA618057533C22578066E411C5CEB3DF8BE1E77CFF
C:\Program Files\7-Zip\Lang\sl.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	15998E10BFD00DFA00242A7A29C87E1E	FA03DABCE5D334CF83E5391C29A93B5F15B56F5A	4C8D7A98434ED6D282FCC8691DCFD3BD9FD81A7302804522D7F5214FA9E34BD8
C:\Program Files\7-Zip\Lang\sq.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0D0BADB86FB9F8EEED49B17BAD81B291	4081C76E3BB6CA34CEADDB3ED4348095D46B664F	580905AD605AB3C38776091D1E0E59385501A34DD9DE0BA0F3469297C82A0F92
C:\Program Files\7-Zip\Lang\sr-spc.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	FFD26304B9B5FAE8547703515E84460D	CFF3F023BB47CA3C6C3DB202CD8C126B0BB2F59F	283DD99EC8D13784B3D79C36766CDB16DAC0EDE0C1C09E8B1EFA64F5DC2C1A55
C:\Program Files\7-Zip\Lang\sr-spl.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	FD327F424C7E4F23D2C018DED334A1B5	0FE9A48C528BE4022B19F7373CBA9190D3BDB473	D5A250B45BD51267E2B0D78CF60E7F14113419565F9B95C2B1113963396570A5
C:\Program Files\7-Zip\Lang\sv.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	6C9E8093D11110E7044E0967D1DCD714	B864405022B4E27A3DA7F3DBA73E0239B5291745	4EA68A967D6A20DB716D92D7F20E42B8E644F3ACF15C035C3E74AACCD04EA4F2
C:\Program Files\7-Zip\Lang\sw.txt	ASCII text, with CRLF line terminators	A67DEF153DE6E8A46AFD8EA2986148BC	6FE4C1F17E67DB265100B2C509FDAB8965EA9EFD	F07003E1C9935CD907CC0D24C8DE65A540B33AAC7B1E3F6CBE0C94955461263B
C:\Program Files\7-Zip\Lang\ta.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D393B72F709D1136BFBA0A445D763B40	ABF145A510DDDE5B5567BC99747A286AFD87EFAB	7EA5323772A7F252F8BCAEE30ED2404BE8707CFFAA013357984F6EDF1C2B1C7C
C:\Program Files\7-Zip\Lang\tg.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	4A5529986613CDF743B3F7755F8F5CAE	970DFAD147AB3D32E93EEF6BF464BCAC23368E4F	1CEDD8F699940FECACACBC5DF093BA70FB2099FAF9864376A3D990DA78B8E075
C:\Program Files\7-Zip\Lang\th.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	05B217E13AE943B7852AE6FF6479ACF8	567F90FC82ECAC638432C830D35EB6F44B105584	B491B33BF96E385BD503F3981FBC89A3BB16442992E48D283DFD40B411666E6D
C:\Program Files\7-Zip\Lang\tk.txt	Unicode text, UTF-8 text, with CRLF line terminators	585AFB2701F61F1B3845E693E66EC728	B1E853CBCAFA831C5EA782F40EE6942A72A8DB5F	EB3A0766FA6A5DD793DA3058DDAFC9A89B4DB5F1B29842C6D81F38E9D4B71C29
C:\Program Files\7-Zip\Lang\tr.txt	Unicode text, UTF-8 text, with CRLF line terminators	D6BF427B8F3660F0D390BB90FBD3318E	F28288E45310E22A9957612A765BC3EFABCF7E47	859A359601FFB9DA85871F12D27C75F6DE6D239E766AE8127E95CA1B574B1C62
C:\Program Files\7-Zip\Lang\tt.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	5BFFF09148D010F1FCED306743EF0AC3	C8434A77A92FF28E2F4AC0BC0E83C9AD6FFEAD01	3D113BEF1511A63EDDCB6132EC626F8A93D972BD33219D8FF55520E53B5EFD21
C:\Program Files\7-Zip\Lang\ug.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	EF3E8D61D03E42A3B40D6F0B12535ADB	569360BCFEB39C102A3DD78ED96204B5D733FFBE	9D0268D1EEB8DFDEBBB8EA1033C2B99CD667A244C9859085BE5D54C9E5CED369
C:\Program Files\7-Zip\Lang\uk.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	669B4C6C93939C63C345E7391E8CECE0	5468E0CE9569B9736FB6DAD8E61A74DA7EB39C5C	A495AF551D6FCC463A61AE4AA57FDFA8619CBB10DFB9BCE92A11D2BBF6410DFF
C:\Program Files\7-Zip\Lang\uz-cyrl.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7AFEDBD6E9EF3A4A2A99BC1BCB133605	317D758DD9F65A6E320A4D45776A21ECB2AD60CC	2DD421A44AD779D961C951F01E7ABF4AC358C61CE26EA8311A0C902B4FC77CA3
C:\Program Files\7-Zip\Lang\uz.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	3035144EEA3A382E39541B218A5D813A	EB7A2F6306F7D2DED4CC88FB4CAB0F65558DB8B0	A310044DBC86E2441F0D50BB7D7DADB9879359B0C6CEB1FAF413A0459E07045B
C:\Program Files\7-Zip\Lang\va.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	75378BFAC013C4C49CCBD69C51CA8D27	73C8AA6F373FF63FDAE1AA489B16CEFEE2AB05A8	C141908B9218D754DD1E6ED2FA9A2EAFA981ADC9F8D5DB438A59139605914C11
C:\Program Files\7-Zip\Lang\vi.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	044531D134ACA40D5E57CC0AB96B4940	988AA2BB6922360C1977B97725175613266242D2	3A6DCA3E1B5C8190C81FC859B5BE83EAF54EFDCAA148F4374D1225381083406F
C:\Program Files\7-Zip\Lang\yo.txt	Unicode text, UTF-8 text, with CRLF line terminators	DD7102D6CC59E50E8F2382F715E632D1	579246EE8F47334A28EADC949A1D05E553D78C09	16094E51DB670E034245E5CF5405E969386F2D9AF7682882400C1F594639CC79
C:\Program Files\7-Zip\Lang\zh-cn.txt	Unicode text, UTF-8 text, with CRLF line terminators	49DE441A26F05EB42B53DF11EA6251F8	C091048B4481E602C364625E2C810AAF4DC63631	BB87EFBCE06D75ABE71032857CDEEA8B16306A07E77A7E4EF1ECE6686F5BF4F6
C:\Program Files\7-Zip\Lang\zh-tw.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	096221E1DB0742D91DC7087E4E3EC576	2ACDBE88BF9C18A8B7002F1B44745C25231D35FB	64106AC25BF568125F14D30750D1608149E18407ECA006093CEE14B5176A3D12
C:\Program Files\7-Zip\License.txt	ASCII text, with CRLF line terminators	F4995E1BC415B0D91044673CD10A0379	F2EEC05948E9CF7D1B00515A69C6F63BF69E9CCA	F037E7689F86A12A3F5F836DC73004547C089E4A2017687E5E0B803A19E3888B
C:\Program Files\7-Zip\Uninstall.exe	PE32 executable (GUI) Intel 80386, for MS Windows	AD782FFAC62E14E2269BF1379BCCBAAE	9539773B550E902A35764574A2BE2D05BC0D8AFC	1C8A77DB924EBEB952052334DC95ADD388700C02B073B07973CD8FE0A0A360B8
C:\Program Files\7-Zip\descript.ion	ASCII text, with CRLF line terminators	EB7E322BDC62614E49DED60E0FB23845	1BB477811ECDB01457790C46217B61CB53153B75	1DA513F5A4E8018B9AE143884EB3EAF72454B606FD51F2401B7CFD9BE4DBBF4F
C:\Program Files\7-Zip\readme.txt	ASCII text, with CRLF line terminators	21728B81FC32F0C39902446F02146804	11F0D5FC428C2D07D196ABC535B4AAC51B35AC9B	BC97174A61AD73701242EE3F860E9B181006CBA083D118F4AFD41F454DA0C09A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Oct 3 09:51:28 2023, mtime=Thu Apr 18 20:56:53 2024, atime=Tue Jun 20 07:00:00 2023, length=952832, window=hide	4FA5B659F2D4B90999B65CF5928BAFD6	7EEE34174771A57B97D666ADE8EBA9CADED8F769	DEF61CBEDB4F644488F73D378A8BF20D9B9004CADC893F567792B604502E3191
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Oct 3 09:51:28 2023, mtime=Thu Apr 18 20:56:53 2024, atime=Tue Jun 20 06:00:00 2023, length=115300, window=hide	8EEB3279068E9A5D344AEBCFD4F5AB85	2F31E397E5E92F507E935BD0B5C41DF18E734860	B28D26A75689C09A44473B0ACAC7683A7A95E38E5BEF58731C3E98744B35C49D

Compliance

Source: 7z2301-x64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Spreading

Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7-zip.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7z.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7z.exe			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7-zip32.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\Uninstall.exe			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7zG.exe			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7zFM.exe			Jump to behavior

Networking

Source: 7z2301-x64.exe, 00000000.00000003.1688177644.0000000002734000.00000004.00000020.00020000.00000000.sdmp, License.txt.0.dr	String found in binary or memory: http://www.gnu.org/
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp, 7zFM.exe.0.dr	String found in binary or memory: https://www.7-zip.org/

System Summary

Source: C:\Users\user\Desktop\7z2301-x64.exe

Code function: 0_2_004017DE GetModuleFileNameW,GetDlgItemTextW,lstrlenW,ShowWindow,ShowWindow,ShowWindow,SendMessageW,PeekMessageW,PeekMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,SendMessageW,PeekMessageW,PeekMessageW,SetWindowTextW,lstrcpyW,lstrcpyW,lstrlenW,GetFileAttributesW,SetFileAttributesW,lstrcatW,lstrlenW,MessageBoxW,SetFileTime,SetFileAttributesW,MoveFileExW,GetLastError,SendMessageW,SetWindowTextW,MessageBoxW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

0_2_004017DE

Source: C:\Users\user\Desktop\7z2301-x64.exe	Code function: 0_2_00404067		0_2_00404067
Source: C:\Users\user\Desktop\7z2301-x64.exe	Code function: 0_2_0040580A		0_2_0040580A
Source: C:\Users\user\Desktop\7z2301-x64.exe	Code function: 0_2_00404CC3		0_2_00404CC3
Source: C:\Users\user\Desktop\7z2301-x64.exe	Code function: 0_2_00406BFD		0_2_00406BFD
Source: C:\Users\user\Desktop\7z2301-x64.exe	Code function: 0_2_004060B8		0_2_004060B8

Source: Joe Sandbox View	Dropped File: C:\Program Files\7-Zip\7-zip.dll F9B4944D3A5536A6F8B4D5DB17D903988A3518B22FBEE6E3F6019AAF44189B3D
Source: Joe Sandbox View	Dropped File: C:\Program Files\7-Zip\7-zip32.dll 62EF98B00232F9D63A647E201ABFB354582D3FBC342EC63DF15B2A0CE514B5A6
Source: Joe Sandbox View	Dropped File: C:\Program Files\7-Zip\7z.dll 77222E81CB7004E8C3E077AADA02B555A3D38FB05B50C64AFD36CA230A8FD5B9

Source: 7z2301-x64.exe, 00000000.00000000.1634981117.000000000040D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename7zipInstall.exe, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7-zip.dll, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FileVersionFileDescriptionOriginalFilename_winzip_.rsrcCOFF_SYMBOLSCERTIFICATE vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7z.dll, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7z.exe, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7z.sfx.exe, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zFM.exe, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zg.exe, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000003.1691781092.0000000004577000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUninstall.exe, vs 7z2301-x64.exe
Source: 7z2301-x64.exe, 00000000.00000002.2876503375.0000000000197000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zipInstall.exe, vs 7z2301-x64.exe
Source: 7z2301-x64.exe	Binary or memory string: OriginalFilename7zipInstall.exe, vs 7z2301-x64.exe

Source: 7z2301-x64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: clean19.spre.winEXE@1/109@0/0

Source: C:\Users\user\Desktop\7z2301-x64.exe

Code function: 0_2_004017DE GetModuleFileNameW,GetDlgItemTextW,lstrlenW,ShowWindow,ShowWindow,ShowWindow,SendMessageW,PeekMessageW,PeekMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,SendMessageW,PeekMessageW,PeekMessageW,SetWindowTextW,lstrcpyW,lstrcpyW,lstrlenW,GetFileAttributesW,SetFileAttributesW,lstrcatW,lstrlenW,MessageBoxW,SetFileTime,SetFileAttributesW,MoveFileExW,GetLastError,SendMessageW,SetWindowTextW,MessageBoxW,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

0_2_004017DE

Source: C:\Users\user\Desktop\7z2301-x64.exe

Code function: 0_2_004025C5 CoCreateInstance,

0_2_004025C5

Source: 7z2301-x64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\7z2301-x64.exe

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\7z2301-x64.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\7z2301-x64.exe

File read: C:\Users\user\Desktop\7z2301-x64.exe

Jump to behavior

Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: linkinfo.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: ntshrui.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: cscapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: explorerframe.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: windowscodecs.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: thumbcache.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: policymanager.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: msvcp110_win.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: dataexchange.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: d3d11.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: dcomp.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: dxgi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: twinapi.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: samlib.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: drprov.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: winsta.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: ntlanman.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: davclnt.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: davhlpr.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: dlnashext.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: playtodevice.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: devdispitemprovider.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mmdevapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: devobj.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wpdshext.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: portabledeviceapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: networkexplorer.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: audiodev.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmvcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: wmasf.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Section loaded: mfperfhelper.dll			Jump to behavior

Source: C:\Users\user\Desktop\7z2301-x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32

Jump to behavior

Source: 7-Zip File Manager.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\7-Zip\7zFM.exe
Source: 7-Zip Help.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\7-Zip\7-zip.chm

Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: Install
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK
Source: C:\Users\user\Desktop\7z2301-x64.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 7z2301-x64.exe

Static file information: File size 1589510 > 1048576

Data Obfuscation

Source: C:\Users\user\Desktop\7z2301-x64.exe

Code function: 0_2_00401FB1 GetSystemDirectoryW,lstrlenW,lstrcpyW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,malloc,free,

0_2_00401FB1

Source: 7-zip32.dll.0.dr	Static PE information: section name: .sxdata
Source: 7z.sfx.0.dr	Static PE information: section name: .sxdata
Source: 7zCon.sfx.0.dr	Static PE information: section name: .sxdata

Source: C:\Users\user\Desktop\7z2301-x64.exe

Code function: 0_2_004072E0 push eax; ret

0_2_0040730E

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7-zip.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7z.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7z.exe			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7-zip32.dll			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\Uninstall.exe			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7zG.exe			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	System file written: C:\Program Files\7-Zip\7zFM.exe			Jump to behavior

Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7-zip.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7z.sfx			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7z.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7z.exe			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7-zip32.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\Uninstall.exe			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7zCon.sfx			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7zG.exe			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7zFM.exe			Jump to dropped file

Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7z.sfx			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	File created: C:\Program Files\7-Zip\7zCon.sfx			Jump to dropped file

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7-zip.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7z.sfx			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7z.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7z.exe			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\Uninstall.exe			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7-zip32.dll			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7zCon.sfx			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7zG.exe			Jump to dropped file
Source: C:\Users\user\Desktop\7z2301-x64.exe	Dropped PE file which has not been started: C:\Program Files\7-Zip\7zFM.exe			Jump to dropped file

Source: 7z2301-x64.exe, 00000000.00000002.2876920400.0000000000823000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Users\user\MusicsProd_VMware_SATA
Source: 7z2301-x64.exe, 00000000.00000003.1747576765.000000000083E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: }\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2301-x64.exe, 00000000.00000003.2353941581.0000000000865000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}(
Source: 7z2301-x64.exe, 00000000.00000003.2353941581.0000000000865000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2301-x64.exe, 00000000.00000003.2070595360.000000000083C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:x
Source: 7z2301-x64.exe, 00000000.00000002.2876920400.0000000000861000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD0hh
Source: 7z2301-x64.exe, 00000000.00000003.1987033584.0000000005115000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}&&
Source: 7z2301-x64.exe, 00000000.00000003.2353941581.0000000000865000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}KK
Source: 7z2301-x64.exe, 00000000.00000002.2877690760.0000000005079000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yz
Source: 7z2301-x64.exe, 00000000.00000002.2877690760.0000000005079000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}`
Source: 7z2301-x64.exe, 00000000.00000003.2101798092.0000000000870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f==
Source: 7z2301-x64.exe, 00000000.00000003.2234627664.0000000000861000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Prod_VMware_SATA_CD0==
Source: 7z2301-x64.exe, 00000000.00000002.2876920400.00000000007CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:o
Source: 7z2301-x64.exe, 00000000.00000003.1747032469.0000000000873000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}en
Source: 7z2301-x64.exe, 00000000.00000003.2353941581.0000000000865000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 7z2301-x64.exe, 00000000.00000003.2070595360.000000000083C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 7z2301-x64.exe, 00000000.00000002.2876920400.00000000007CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:<S
Source: 7z2301-x64.exe, 00000000.00000002.2876920400.00000000007CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0uWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 7z2301-x64.exe, 00000000.00000002.2877690760.0000000005079000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}``U
Source: 7z2301-x64.exe, 00000000.00000002.2876920400.00000000007CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:&
Source: 7z2301-x64.exe, 00000000.00000003.2318928092.0000000000864000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %1!ls! (%2!c!:) %3!ls!Prod_VMware_SATA_CD0==
Source: 7z2301-x64.exe, 00000000.00000003.1688177644.0000000002734000.00000004.00000020.00020000.00000000.sdmp, History.txt.0.dr	Binary or memory string: - 7-Zip now can extract VHDX disk images (Microsoft Hyper-V Virtual Hard Disk v2 format).
Source: 7z2301-x64.exe, 00000000.00000003.2234627664.0000000000844000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}$$

Anti Debugging

Source: C:\Users\user\Desktop\7z2301-x64.exe

Code function: 0_2_00401FB1 GetSystemDirectoryW,lstrlenW,lstrcpyW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,malloc,free,

0_2_00401FB1

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\7z2301-x64.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\7z2301-x64.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\7z2301-x64.exe

Code function: 0_2_00405B75 GetVersion,GetModuleHandleW,GetProcAddress,GetSystemDirectoryW,LoadLibraryExW,

0_2_00405B75