Windows Analysis Report
http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34

Overview

General Information

Sample URL:	http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34
Analysis ID:	1430994
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for dropped file

Downloads executable code via HTTP

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34

Avira URL Cloud: detection malicious, Label: malware

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Downloads\Unconfirmed 806031.crdownload	Virustotal: Detection: 14%	Perma Link
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe (copy)	Virustotal: Detection: 14%	Perma Link
Source: Chrome Cache Entry: 44	Virustotal: Detection: 14%	Perma Link

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2

Downloads executable code via HTTP

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: 1771184Connection: keep-aliveAccess-Control-Allow-Origin: *Cache-Control: private, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0Content-Disposition: attachment; filename="free-barcode-6.8.10-installer_c-RQoW1.exe"; filename*=UTF-8''free-barcode-6.8.10-installer_c-RQoW1.exeContent-Transfer-Encoding: binaryDate: Wed, 24 Apr 2024 10:42:45 GMTExpires: Mon, 26 Jul 1997 05:00:00 GMTPragma: publicX-Cache: Miss from cloudfrontVia: 1.1 912d83c7c9b4676eb19f09c9bfabda24.cloudfront.net (CloudFront)X-Amz-Cf-Pop: SFO5-P2X-Amz-Cf-Id: Q9u_XHooeKOYQ6RdaKkHziSNdHuVy0qxRIwRHEjD1uqTCW0jBkk1Vw==Age: 0Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 18 f2 ec 63 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 52 0b 00 00 5e 01 00 00 00 00 00 ec 5e 0b 00 00 10 00 00 00 70 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 01 00 06 00 00 00 06 00 01 00 00 00 00 00 00 80 0d 00 00 04 00 00 f1 9e 1b 00 02 00 40 81 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 40 0c 00 9a 00 00 00 00 20 0c 00 dc 0f 00 00 00 70 0c 00 00 10 01 00 00 00 00 00 00 00 00 00 90 de 1a 00 20 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 Data Ascii: MZP@!L!This program must be run under Win32$7PELcR^^p@@@@ p (`"T0.text

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9H6zm9SFOtVZWe&MD=RvkHDuaf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9H6zm9SFOtVZWe&MD=RvkHDuaf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /build/pl/v4.397.63.30.34 HTTP/1.1Host: d1isumqvmnq7jz.cloudfront.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: d1isumqvmnq7jz.cloudfront.net

Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.00000000021CB000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d2cxd1qpd0dh21.cloudfront.net/f/
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d2cxd1qpd0dh21.cloudfront.net/o
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d2cxd1qpd0dh21.cloudfront.net/zbd
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000000.2477448761.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://risecodes.com/privacy
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://risecodes.com/terms
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002660000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000000.2486672634.0000000000401000.00000020.00000001.01000000.00000007.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: https://www.innosetup.com/
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002660000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000000.2486672634.0000000000401000.00000020.00000001.01000000.00000007.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: https://www.remobjects.com/ps

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2

PE file contains executable resources (Code or Archives)

Source: free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

PE file does not import any functions

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: mal56.win@22/6@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp

Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe

File created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp

Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe "C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe"
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp "C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp" /SL5="$A0076,837550,832512,C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp "C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp" /SL5="$A0076,837550,832512,C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe"	Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

PE file contains an invalid checksum

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr

Static PE information: real checksum: 0x1b9ef1 should be: 0x11bd7

PE file contains sections with non-standard names

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr	Static PE information: section name: .didata
Source: Unconfirmed 806031.crdownload.0.dr	Static PE information: section name: .didata
Source: chromecache_44.2.dr	Static PE information: section name: .didata
Source: free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	Static PE information: section name: .didata

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 44	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 806031.crdownload	Jump to dropped file
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	File created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe (copy)	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 44
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 44			Jump to dropped file

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
108.139.9.151	d1isumqvmnq7jz.cloudfront.net	United States	16509	AMAZON-02US	false
142.250.101.147	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
d1isumqvmnq7jz.cloudfront.net	108.139.9.151	true
www.google.com	142.250.101.147	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	8A8ADFED91899D41DFB711744C8BE5E7	9EC17CA8E400883669D6E2F54B5009D8BA7FC227	FC513B2A786487740CB4B9E8718B74B5C7F2CD0A0C7365C8A1D161DD92BC4DDF
C:\Users\user\Downloads\5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	11D73D0FA4B3FBBC43F88D72727563B1	F68C8A16E3E8201F80127A59793EC55AACE4619B	CB02EB644F43A62E04F631CE485475D1F6B17034F5FEDEAADCAB335D144D7276
C:\Users\user\Downloads\Unconfirmed 806031.crdownload	PE32 executable (GUI) Intel 80386, for MS Windows	6144AC21E74CC0373B54BCFE210BAFC8	6FF84F1DE37A0A0A14689C79795AB46478A93C17	645D8251617DB27B66CF8FB0A499A7371B410B56946F9FF143951EA5BCD077AE
C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	6144AC21E74CC0373B54BCFE210BAFC8	6FF84F1DE37A0A0A14689C79795AB46478A93C17	645D8251617DB27B66CF8FB0A499A7371B410B56946F9FF143951EA5BCD077AE
Chrome Cache Entry: 44	PE32 executable (GUI) Intel 80386, for MS Windows	6144AC21E74CC0373B54BCFE210BAFC8	6FF84F1DE37A0A0A14689C79795AB46478A93C17	645D8251617DB27B66CF8FB0A499A7371B410B56946F9FF143951EA5BCD077AE

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34

Avira URL Cloud: detection malicious, Label: malware

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Downloads\Unconfirmed 806031.crdownload	Virustotal: Detection: 14%	Perma Link
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe (copy)	Virustotal: Detection: 14%	Perma Link
Source: Chrome Cache Entry: 44	Virustotal: Detection: 14%	Perma Link

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2

Downloads executable code via HTTP

Source: global traffic

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 23.3.84.131
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9H6zm9SFOtVZWe&MD=RvkHDuaf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y9H6zm9SFOtVZWe&MD=RvkHDuaf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /build/pl/v4.397.63.30.34 HTTP/1.1Host: d1isumqvmnq7jz.cloudfront.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: d1isumqvmnq7jz.cloudfront.net

Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002958000.00000004.00001000.00020000.00000000.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.00000000021CB000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d2cxd1qpd0dh21.cloudfront.net/f/
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d2cxd1qpd0dh21.cloudfront.net/o
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://d2cxd1qpd0dh21.cloudfront.net/zbd
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000000.2477448761.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Unconfirmed 806031.crdownload.0.dr, chromecache_44.2.dr	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://risecodes.com/privacy
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000002.2547046677.0000000002231000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2478358740.0000000002520000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000002.2547723483.0000000002600000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000003.2488850030.00000000035D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://risecodes.com/terms
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002660000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000000.2486672634.0000000000401000.00000020.00000001.01000000.00000007.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: https://www.innosetup.com/
Source: free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2484669764.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.exe, 00000009.00000003.2481996833.0000000002660000.00000004.00001000.00020000.00000000.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp, 0000000A.00000000.2486672634.0000000000401000.00000020.00000001.01000000.00000007.sdmp, free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	String found in binary or memory: https://www.remobjects.com/ps

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.3.84.131:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49747 version: TLS 1.2

PE file contains executable resources (Code or Archives)

Source: free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr

Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

PE file does not import any functions

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: mal56.win@22/6@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp

Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe

File created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp

Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe "C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe"
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp "C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp" /SL5="$A0076,837550,832512,C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5480 --field-trial-handle=2208,i,4406949674789423698,2697958066234429667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Process created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp "C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp" /SL5="$A0076,837550,832512,C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe"	Jump to behavior

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Section loaded: dwmapi.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

PE file contains an invalid checksum

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr

Static PE information: real checksum: 0x1b9ef1 should be: 0x11bd7

PE file contains sections with non-standard names

Source: 5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp.0.dr	Static PE information: section name: .didata
Source: Unconfirmed 806031.crdownload.0.dr	Static PE information: section name: .didata
Source: chromecache_44.2.dr	Static PE information: section name: .didata
Source: free-barcode-6.8.10-installer_c-RQoW1.tmp.9.dr	Static PE information: section name: .didata

Drops PE files

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 44	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 806031.crdownload	Jump to dropped file
Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	File created: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\5acd5e57-60dc-40cb-8ab4-5615a88e4ecf.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe (copy)	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 44
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 44			Jump to dropped file

Source: C:\Users\user\Downloads\free-barcode-6.8.10-installer_c-RQoW1.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VUMNN.tmp\free-barcode-6.8.10-installer_c-RQoW1.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

ID:	1430994
Product:	CloudBasic
Start time:	12:41:50
Start date:	24.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://d1isumqvmnq7jz.cloudfront.net/build/pl/v4.397.63.30.34