Topic on Talk:Sonic Adventure DX
After digging through the analysis, I've found this:
541c6aa57ddd7da0c6902aa1e92155eb.virus seems to drop and execute various files, including what seems to be an infected copy of Chocolatey which drops this executable disguised as a changelog, an executable called Zombie.exe which is dropped into the system folder and is also dropped by various other *.virus files, a fake version of an Acrobat Reader installer, and a couple of executables disguised as log files.
Along this web there are various outside connections to seemingly-random websites, various IPs, several bitcoin-related URLs and many connections to trojans purporting to be things like Acrobat Reader, logs or temporary files.
None of this seems to happen when running the installer, though.