Windows Analysis Report
ADF435x_v4_5_0.exe

Overview

General Information

Sample name:	ADF435x_v4_5_0.exe
Analysis ID:	1541055
MD5:	db1355797efc166b115c0d378ed953f8
SHA1:	3254c3d841aedf98af545701122fe241fddcdd82
SHA256:	4a2f0dbfcbecf1ce034265bc8b2213906959062d45df29d432923e0bbc42cb30
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Installs new ROOT certificates

Sample is not signed and drops a device driver

Adds / modifies Windows certificates

Checks for available system drives (often done to infect USB drives)

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the driver directory

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sigma detected: Use Short Name Path in Command Line

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,	3_2_01004F6B
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010045EB GetFileAttributesA,LoadLibraryA,GetProcAddress,DecryptFileA,GetLastError,	3_2_010045EB
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1F189E __EH_prolog3,CryptQueryObject,GetLastError,CertCloseStore,CryptMsgClose,GetLastError,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,	5_2_6D1F189E
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E3B CryptMsgGetAndVerifySigner,	5_2_6D1D7E3B
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E2A CryptQueryObject,	5_2_6D1D7E2A
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E4C CryptHashPublicKeyInfo,SetLastError,	5_2_6D1D7E4C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E7C CryptMsgGetParam,SetLastError,	5_2_6D1D7E7C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7EBB CryptDecodeObject,SetLastError,	5_2_6D1D7EBB
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1F189E __EH_prolog3,CryptQueryObject,GetLastError,CertCloseStore,CryptMsgClose,GetLastError,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,	8_2_6D1F189E
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E3B CryptMsgGetAndVerifySigner,	8_2_6D1D7E3B
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E2A CryptQueryObject,	8_2_6D1D7E2A
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E4C CryptHashPublicKeyInfo,SetLastError,	8_2_6D1D7E4C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E7C CryptMsgGetParam,SetLastError,	8_2_6D1D7E7C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7EBB CryptDecodeObject,SetLastError,	8_2_6D1D7EBB

Uses 32bit PE files

Source: ADF435x_v4_5_0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.lib
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.exe
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.xml
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb_rfg.cat
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\ADI_CYUSB_RFG_x64.inf
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20241024_050332743-MSI_vc_red.msi.txt			Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20241024_050342548-MSI_vc_red.msi.txt

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1049\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1049\eula.rtf	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: C:\Users\RBRENNAN\Documents\Visual Studio 2008\Projects\ADF435x\ADF435x\ADF435x\obj\Release\ADF435x.pdb source: ADF435x.exe.20.dr
Source:	Binary string: sfxcab.pdb source: vcredist_x86.exe, vcredist_x86.exe, 00000003.00000002.1404909404.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x86.exe, 00000003.00000000.1306707639.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x64.exe, 00000007.00000002.1501356558.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x64.exe, 00000007.00000000.1407048744.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x86.exe.2.dr, vcredist_x64.exe.2.dr, WinUSBCoInstaller.dll.2.dr
Source:	Binary string: WdfCoInstaller01007.pdbH source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: MFCM100U.i386.pdb source: mfcm100u.dll.6.dr
Source:	Binary string: WdfCoInstaller01007.pdb source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: sfxcab.pdbU source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: MFCM100.i386.pdb0@ source: mfcm100.dll.6.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000008.00000003.1453297775.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1453525481.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, 492e91.msi.10.dr, vc_red.msi.3.dr, 492e8e.msi.10.dr
Source:	Binary string: mfc100.amd64.pdb source: mfc100.dll.10.dr
Source:	Binary string: MFCM100.i386.pdb source: mfcm100.dll.6.dr
Source:	Binary string: winusbcoinstaller.pdb source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdbLn `*_CorExeMainmscoree.dll source: ADF435x.vshost.exe.20.dr
Source:	Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000008.00000000.1424303855.0000000000181000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000008.00000002.1498324798.0000000000181000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: DpInst.pdb source: dpinst.exe, dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst.exe.15.dr
Source:	Binary string: c:\views\antioch_nnpl_cysuiteusb_latest\software\products\hsusb\cysuiteusb\cyusb_sys\src\objfre_wlh_amd64\amd64\cyusb.pdb source: dpinst_amd64.exe, 00000010.00000003.1592789689.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1597305637.0000025D0FA12000.00000004.00000020.00020000.00000000.sdmp, SET62EF.tmp.17.dr
Source:	Binary string: MFCM100U.i386.pdb0@ source: mfcm100u.dll.6.dr
Source:	Binary string: vcomp100.amd64.pdb source: vcomp100.dll.10.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1499950429.000000006CEC1000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1500061845.000000006D191000.00000020.00000001.01000000.00000013.sdmp
Source:	Binary string: patchhooks.pdbX source: vc_red.msi.3.dr
Source:	Binary string: DPCA.pdb source: MSIAD92.tmp.20.dr
Source:	Binary string: vcomp100.i386.pdb source: vcomp100.dll.6.dr
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll.10.dr
Source:	Binary string: DpInst.pdb7 source: dpinst.exe.15.dr
Source:	Binary string: msdia100.pdb source: msdia100.dll.10.dr
Source:	Binary string: DpInst.pdbH source: dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp
Source:	Binary string: mfc100u.amd64.pdb source: mfc100u.dll.10.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll.10.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdb source: ADF435x.vshost.exe.20.dr
Source:	Binary string: winusbcoinstaller.pdbH source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: SetupUi.pdb source: SetupUi.dll.7.dr
Source:	Binary string: SetupResources.pdb source: SetupResources.dll.7.dr, SetupResources.dll2.7.dr, SetupResources.dll3.7.dr, SetupResources.dll6.3.dr
Source:	Binary string: DPCA.pdb<0 source: MSIAD92.tmp.20.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405D07 FindFirstFileA,FindClose,	0_2_00405D07
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405331
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_0040263E FindFirstFileA,	0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405D07 FindFirstFileA,FindClose,	2_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	2_2_00405331
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_0040263E FindFirstFileA,	2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	3_2_010046B9
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D178097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	5_2_6D178097
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D164281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	5_2_6D164281
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	5_2_6D1C5BC0
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	5_2_6D1C4120
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CED8097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	8_2_6CED8097
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC4281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	8_2_6CEC4281
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	8_2_6D1C5BC0
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	8_2_6D1C4120
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405D07 FindFirstFileA,FindClose,	15_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	15_2_00405331
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_0040263E FindFirstFileA,	15_2_0040263E

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D204EB6 URLDownloadToFileW,

5_2_6D204EB6

Source: mfc100.dll.10.dr, mfc100u.dll.10.dr	String found in binary or memory: ftp://http://HTTP/1.0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/cps.html0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/last.crl0G
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acedicom.edicomgroup.com/doc0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B52000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526659920.0000027218ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B52000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Setup.exe, 00000008.00000003.1453337853.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsof
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: drvinst.exe, 0000000D.00000003.1530294675.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1527207605.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526130596.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186B9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557133232.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555544587.000001E346FF9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E34708B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E34708B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crlW
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1622481046.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.1638324879.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1609535181.0000025D0FA99000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1603496027.0000025D0FA9A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1632854685.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1622919561.0000025D0FA99000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1621657129.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.1619412968.000001CB8D6CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: drvinst.exe, 00000011.00000003.1632854685.0000025D0FA09000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.1638324879.0000025D0FA09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabZ
Source: rundll32.exe, 00000012.00000002.1619412968.000001CB8D6AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabmeb
Source: rundll32.exe, 0000000E.00000002.1555628489.000001E347018000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabmel
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabym
Source: drvinst.exe, 0000000D.00000003.1526355480.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526199129.0000027218B1B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526511210.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
Source: drvinst.exe, 0000000D.00000003.1526355480.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526199129.0000027218B1B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526511210.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
Source: drvinst.exe, 0000000D.00000003.1531690114.0000027218669000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.0000027218648000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: ADF435x.exe.20.dr	String found in binary or memory: http://forms.analog.com/form_pages/rfcomms/adisimpll.aspChttp://ez.analog.com/community/rf;http://ww
Source: Setup.exe, 00000005.00000003.1334583366.0000000002B50000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000003.1343553097.0000000002550000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1428794566.0000000003070000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1432386746.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
Source: ADI_RFG_Drivers.exe, ADI_RFG_Drivers.exe, 0000000F.00000000.1585175645.0000000000409000.00000008.00000001.01000000.00000017.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000003.1647424068.000000000072A000.00000004.00000020.00020000.00000000.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000002.1648017205.0000000000409000.00000004.00000001.01000000.00000017.sdmp, ADF435x_v4_5_0.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: ADF435x_v4_5_0.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.gva.es0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com
Source: drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQJ1TBLBrQ9OnPHXPVaWb87MxkNlgQUwu79F9f%2Btw%2FGc
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186B9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E34708B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E34708B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.comhttp://crl.thawte.com/ThawteTimestampingCA.crl
Source: drvinst.exe, 0000000D.00000003.1526727863.0000027218AC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.digidentity.eu/validatie0
Source: drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557133232.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: Setup.exe, 00000008.00000003.1451069612.0000000001366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsof
Source: Setup.exe, 00000008.00000003.1451069612.0000000001366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1529383433.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565330068.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cerS
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1529383433.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565330068.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl8
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crlV
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crlX
Source: drvinst.exe, 0000000D.00000003.1531420864.0000027218B3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com)
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186B9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1564861535.0000027218ADD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRi82PVYYKWGJWdgVNyePy5kYTdqQQUX5r1blzMz
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1529383433.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565330068.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com1.3.6.1.5.5.7.48.2http://ts-aia.ws.symantec.com/tss-ca-g2.cer
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comE
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org/doc0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: SDPDrivers.exe, 00000002.00000002.1583916881.0000000000639000.00000004.00000020.00020000.00000000.sdmp, SDPDrivers.exe, 00000002.00000003.1583254079.0000000000621000.00000004.00000020.00020000.00000000.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000002.1648619079.0000000000708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.analog.com
Source: ADF435x.exe.20.dr	String found in binary or memory: http://www.analog.com/en/rfif-components/pll-synthesizersvcos/products/index.html
Source: SDPDrivers.exe, 00000002.00000002.1583916881.0000000000639000.00000004.00000020.00020000.00000000.sdmp, SDPDrivers.exe, 00000002.00000003.1583254079.0000000000621000.00000004.00000020.00020000.00000000.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000002.1648619079.0000000000708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.analog.comPublisherAnalog
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ancert.com/cps0
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/es/address-direccion.html
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: drvinst.exe, 0000000D.00000003.1526765655.0000027218ACB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526727863.0000027218AC7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class1.crl0
Source: drvinst.exe, 0000000D.00000003.1531690114.0000027218669000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.0000027218648000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: drvinst.exe, 0000000D.00000003.1526355480.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526199129.0000027218B1B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526511210.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.comsign.co.il/cps0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.defence.gov.au/pki0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca0f
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dnie.es/dpc0
Source: drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-me.lv/repository0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crl
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
Source: drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/SZSZ/0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526355480.0000027218B00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525697871.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-trust.be/CPS/QNcerts
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.eme.lv/repository0
Source: drvinst.exe, 0000000D.00000003.1531598076.0000027218AFB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0=
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oaticerts.com/repository.
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0%
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rcsc.lt/repository0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/cps/0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/juur/crl/0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530294675.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1527207605.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526130596.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ssc.lt/cps03
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: Setup.exe, 00000005.00000003.1352014446.00000000008B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w.org/TR
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rca.e-szigno.hu/ocsp0-
Source: drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557133232.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525808694.0000027218B5F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: drvinst.exe, 0000000D.00000003.1529236517.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530215503.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1527118656.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531561296.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565153679.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557208081.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557336838.0000027218B43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.tsp.zetes.com0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwgn.com/r
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ACTAS/789230
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/address/)1(0&
Source: drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: drvinst.exe, 0000000D.00000003.1525656429.0000027218C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.hu/docs/
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.net/docs
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B52000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00404EE8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00404EE8

Drops certificate files (DER)

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62DE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb_rfg.cat	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\ADI_CYUSB_RFG.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4361.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\SET6119.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\adisdp_x64.cat	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET40FF.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\AdiSdp_x64.cat (copy)	Jump to dropped file

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,	3_2_01003972
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_0100358B NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	3_2_0100358B
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010034F4 NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	3_2_010034F4

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Code function: 3_2_01002B13: GetDriveTypeA,CreateFileA,DeviceIoControl,CloseHandle,

3_2_01002B13

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,	0_2_004030FA
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,	2_2_004030FA
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,	3_2_01003972
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1E4B5B ExitWindowsEx,	5_2_6D1E4B5B
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1E4B5B ExitWindowsEx,	8_2_6D1E4B5B
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,	15_2_004030FA

Creates driver files

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe

File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys

Creates files inside the driver directory

Source: C:\Windows\System32\drvinst.exe

File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}

Creates files inside the system directory

Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\system32\csaDriverInterface.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\4908e6.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC80.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\atl100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100chs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100cht.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100deu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100enu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100esn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100fra.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100ita.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100jpn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100kor.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100rus.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\vcomp100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\4908e9.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\4908e9.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\492e8e.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI32A5.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\atl100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100chs.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100cht.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100deu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100enu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100esn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100fra.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100ita.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100jpn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100kor.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100rus.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\msvcr100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\vcomp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\492e91.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\492e91.msi
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Windows\DPINST.LOG
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\adisdp_x64.inf_amd64_7baaf95d09ad2dfb
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\adi_cyusb_rfg_x64.inf_amd64_2366957b1c96956c
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem5.inf
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\49acc7.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAD92.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIADF1.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{491647C1-1281-4343-AA61-F87CA00A92A2}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAE50.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}\_853F67D554F05449430E7E.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}\_CBDBE159E3FB79ADDB2047.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}\_86E302AD3AEF842FD2938A.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\49acc9.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\49acc9.msi

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\4908e9.msi

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00406128	0_2_00406128
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_004046F9	0_2_004046F9
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_004068FF	0_2_004068FF
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00406128	2_2_00406128
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_004046F9	2_2_004046F9
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_004068FF	2_2_004068FF
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01008906	3_2_01008906
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_0100911E	3_2_0100911E
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01009558	3_2_01009558
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01008286	3_2_01008286
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_0100859D	3_2_0100859D
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01008CC5	3_2_01008CC5
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D17D81C	5_2_6D17D81C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D17D064	5_2_6D17D064
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D169A50	5_2_6D169A50
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1FE7C2	5_2_6D1FE7C2
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21AD3E	5_2_6D21AD3E
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D215C30	5_2_6D215C30
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21C9DE	5_2_6D21C9DE
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21B41F	5_2_6D21B41F
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1BF75A	5_2_6D1BF75A
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21A7E8	5_2_6D21A7E8
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21C38B	5_2_6D21C38B
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21A292	5_2_6D21A292
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEDD064	8_2_6CEDD064
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEDD81C	8_2_6CEDD81C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC9A50	8_2_6CEC9A50
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1FE7C2	8_2_6D1FE7C2
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21AD3E	8_2_6D21AD3E
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D215C30	8_2_6D215C30
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21C9DE	8_2_6D21C9DE
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21B41F	8_2_6D21B41F
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1BF75A	8_2_6D1BF75A
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21A7E8	8_2_6D21A7E8
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21C38B	8_2_6D21C38B
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21A292	8_2_6D21A292
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00406128	15_2_00406128
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_004046F9	15_2_004046F9
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_004068FF	15_2_004068FF

Found potential string decryption / allocating functions

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D1E80F9 appears 578 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D2171AA appears 551 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D1E8377 appears 56 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D208EA6 appears 109 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D1B3A0D appears 43 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D1E80F9 appears 578 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D2171AA appears 551 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D1E8377 appears 56 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D208EA6 appears 109 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D1B3A0D appears 43 times

PE file contains executable resources (Code or Archives)

Source: WdfCoInstaller01007.dll.2.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 1406448 bytes, 4 files, at 0x44 +A "Wdf01000.inf" +A "Wdf.cat", flags 0x4, ID 13879, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
Source: WinUSBCoInstaller.dll.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SetupResources.dll4.3.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SetupResources.dll4.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: SetupResources.dll8.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll2.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll8.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll3.3.dr	Static PE information: No import functions for PE file found
Source: mfc100fra.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100esn.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100enu.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll7.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll7.7.dr	Static PE information: No import functions for PE file found
Source: mfc100deu.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll5.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll2.3.dr	Static PE information: No import functions for PE file found
Source: mfc100cht.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100rus.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll5.7.dr	Static PE information: No import functions for PE file found
Source: mfc100jpn.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll0.7.dr	Static PE information: No import functions for PE file found
Source: mfc100chs.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100ita.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll0.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll4.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll1.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll4.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll1.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll3.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll6.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll6.7.dr	Static PE information: No import functions for PE file found
Source: mfc100kor.dll.6.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: ADF435x_v4_5_0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: mfc100fra.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100esn.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100enu.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100deu.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100cht.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100rus.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100jpn.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100chs.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100ita.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100kor.dll.6.dr	Static PE information: Section .rsrc

Source: WdfCoInstaller01007.dll.2.dr

Static PE information: Section: .rsrc ZLIB complexity 0.9967273866510116

Source: classification engine

Classification label: sus24.evad.winEXE@35/309@0/0

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1FCF6E __EH_prolog3,GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,

5_2_6D1FCF6E

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1E4B28 AdjustTokenPrivileges,		5_2_6D1E4B28
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1E4B28 AdjustTokenPrivileges,		8_2_6D1E4B28

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_004041FC GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004041FC

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1D4F48 CreateToolhelp32Snapshot,_memset,Process32FirstW,Process32NextW,CloseHandle,

5_2_6D1D4F48

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,

0_2_00402020

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D207C0B LoadResource,LockResource,SizeofResource,

5_2_6D207C0B

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1DE813 StartServiceW,

5_2_6D1DE813

Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe

File created: C:\Program Files (x86)\Analog Devices

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\Public\Desktop\ADF435x.lnk

Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\DPINST_LOG_SCROLLER_MUTEX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Mutant created: NULL
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\VC_Redist_SetupMutex

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

File created: C:\Users\user~1\AppData\Local\Temp\nscEC36.tmp

Jump to behavior

Source: ADF435x_v4_5_0.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} Global\{02855856-448c-0b4c-9dc0-f42f67f33c11} C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat

Source: MSIAD92.tmp.20.dr

Binary or memory string: SELECT `Directory`, `DefaultDir` FROM `Directory` WHERE `Directory_Parent` = '%s'Software\Microsoft\NET Framework Setup\NDP\v3.%lu%sSOFTWARE\Microsoft\NET Framework Setup\DotNetClient\v3.5Software\Microsoft\NET Framework Setup\NDPSELECT * FROM `%s`Custom action not implemented.ToggleNearestAppRoot.kernel32IsWow64ProcessProcess call was successful.The error indicates that IIS is in 64 bit mode, while this application is a 32 bit application and thus not compatible.The error indicates that IIS is in 32 bit mode, while this application is a 64 bit application and thus not compatible.The error indicates that this version of ASP.NET must first be registered on the machine.Unknown Error.The call to aspnet_regiis.exe was failed. Path: '%s'Process Call Result Code: '%ld'Process Exit Code: '%ld'.Create Process failed.Running process '%s' with parameters '%s' silently...Access denied.CoInitializeEx - COM initialization Free Threaded.FAILED:%ldCoInitializeEx - COM initialization Apartment Threaded...Attach Debugger To MeVSCADEBUGATTACHSetTARGETSITETargetVersion%s\v%d\%sGatherWebSitesGatherAppPoolsSetTARGETAPPPOOLTARGETIISPATHRoot//LM/TARGETVDIRTARGETSITESetTARGETIISPATHaspnet_regiis.exeRESULTPath = PathUsing 64 bit registry key...Reading registry value Path from key 'HKLM\%s'...Software\Microsoft\ASP.NET\%sProductNameRunning show message with fUseMessageBox = %sFALSETRUEVSDINVALIDURLMSGHideFatalErrorFormopenExecuting URL '%s' with source directory '%s'...SourceDirRESULT:Condition is false.RESULT:Condition is true. Nothing more to do.Evaluating condition '%s'...Getting the condition to evaluate...A launch condition has already fired. My work is done here.Checking a launch condition..."/><supportedRuntime version=";VSDFxConfigFile

Source: Setup.exe	String found in binary or memory: Pre-Installation Warnings:
Source: Setup.exe	String found in binary or memory: Pre-Installation Warnings:
Source: dpinst.exe	String found in binary or memory: Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.
Source: dpinst.exe	String found in binary or memory: Error 0x%X - Could not delete service info key for '%ws', even though there are no more DIFx-installed driver stores using this se
Source: dpinst.exe	String found in binary or memory: During undo of install, we failed to re-install the driver. Error code 0x%X
Source: dpinst.exe	String found in binary or memory: Some post-install cleanup tasks failed. Error code is 0x%X
Source: dpinst.exe	String found in binary or memory: Successfully re-added '%s' to reference list of driver store entry '%s'
Source: dpinst.exe	String found in binary or memory: Could not re-add '%s' to reference list of driver store entry '%s'
Source: dpinst_amd64.exe	String found in binary or memory: Error 0x%X - Could not delete service info key for '%ws', even though there are no more DIFx-installed driver stores using this se
Source: dpinst_amd64.exe	String found in binary or memory: Some post-install cleanup tasks failed. Error code is 0x%X
Source: dpinst_amd64.exe	String found in binary or memory: During undo of install, we failed to re-install the driver. Error code 0x%X
Source: dpinst_amd64.exe	String found in binary or memory: Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.
Source: dpinst_amd64.exe	String found in binary or memory: Could not re-add '%s' to reference list of driver store entry '%s'
Source: dpinst_amd64.exe	String found in binary or memory: Successfully re-added '%s' to reference list of driver store entry '%s'

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

File read: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ADF435x_v4_5_0.exe "C:\Users\user\Desktop\ADF435x_v4_5_0.exe"
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe C:\Users\user~1\AppData\Local\Temp\SDPDrivers.exe /S
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x86.exe /q
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process created: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe c:\6cd6594ee40f26ffb7ca6883eb\Setup.exe /q
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x64.exe /q
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process created: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe c:\dd75838cbf6dd04545e5fee87fbf\Setup.exe /q
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe "C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe" /sw /sa /path "C:\Program Files (x86)\Analog Devices\SDP\DriversR2"
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\adisdp_x64.inf" "9" "4efe11aab" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "c:\program files (x86)\analog devices\sdp\driversr2"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} Global\{02855856-448c-0b4c-9dc0-f42f67f33c11} C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe C:\Users\user~1\AppData\Local\Temp\ADI_RFG_Drivers.exe /S
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe "C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe" /sw /sa /path "C:\Program Files\Analog Devices\USB Drivers\RFG" /lm
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\adi_cyusb_rfg_x64.inf" "9" "4f41e6c43" "0000000000000170" "WinSta0\Default" "000000000000016C" "208" "c:\program files\analog devices\usb drivers\rfg"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} Global\{a48a4ac5-05ee-5148-b49d-b491db96c803} C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "msiexec" /i "C:\Users\user~1\AppData\Local\Temp\ADF435x.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6B5A3C60BB00D53DB335AFC1B0CDDA21 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3EAB4146E26D2C9785A5EA8A5DAF2D23
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe C:\Users\user~1\AppData\Local\Temp\SDPDrivers.exe /S	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe C:\Users\user~1\AppData\Local\Temp\ADI_RFG_Drivers.exe /S	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "msiexec" /i "C:\Users\user~1\AppData\Local\Temp\ADF435x.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x86.exe /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x64.exe /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe "C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe" /sw /sa /path "C:\Program Files (x86)\Analog Devices\SDP\DriversR2"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process created: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe c:\6cd6594ee40f26ffb7ca6883eb\Setup.exe /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process created: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe c:\dd75838cbf6dd04545e5fee87fbf\Setup.exe /q	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} Global\{02855856-448c-0b4c-9dc0-f42f67f33c11} C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe "C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe" /sw /sa /path "C:\Program Files\Analog Devices\USB Drivers\RFG" /lm
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} Global\{a48a4ac5-05ee-5148-b49d-b491db96c803} C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6B5A3C60BB00D53DB335AFC1B0CDDA21 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3EAB4146E26D2C9785A5EA8A5DAF2D23

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: clusapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: setupengine.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sqmapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: clusapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: apphelp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: acgenral.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: uxtheme.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winmm.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: samcli.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msacm32.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: version.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: userenv.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: dwmapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: urlmon.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: mpr.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sspicli.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winmmbase.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winmmbase.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: iertutil.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: srvcli.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: netutils.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: aclayers.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sfc.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sfc_os.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: setupengine.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winhttp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: secur32.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sqmapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msasn1.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: profapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: ntmarta.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: kernel.appcore.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: windows.storage.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: wldp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: cryptsp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: rsaenh.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: cryptbase.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: gpapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msisip.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: srpapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: tsappcmp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: netapi32.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: msxml3.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: drvstore.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: devrtl.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: spinf.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: cabinet.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: drvstore.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: devrtl.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: spinf.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textshaping.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msihnd.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dwmapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: oleacc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.lib
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.exe
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.xml
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb_rfg.cat
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\ADI_CYUSB_RFG_x64.inf
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

Source: ADF435x_v4_5_0.exe

Static file information: File size 21736003 > 1048576

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: C:\Users\RBRENNAN\Documents\Visual Studio 2008\Projects\ADF435x\ADF435x\ADF435x\obj\Release\ADF435x.pdb source: ADF435x.exe.20.dr
Source:	Binary string: sfxcab.pdb source: vcredist_x86.exe, vcredist_x86.exe, 00000003.00000002.1404909404.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x86.exe, 00000003.00000000.1306707639.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x64.exe, 00000007.00000002.1501356558.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x64.exe, 00000007.00000000.1407048744.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x86.exe.2.dr, vcredist_x64.exe.2.dr, WinUSBCoInstaller.dll.2.dr
Source:	Binary string: WdfCoInstaller01007.pdbH source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: MFCM100U.i386.pdb source: mfcm100u.dll.6.dr
Source:	Binary string: WdfCoInstaller01007.pdb source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: sfxcab.pdbU source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: MFCM100.i386.pdb0@ source: mfcm100.dll.6.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000008.00000003.1453297775.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1453525481.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, 492e91.msi.10.dr, vc_red.msi.3.dr, 492e8e.msi.10.dr
Source:	Binary string: mfc100.amd64.pdb source: mfc100.dll.10.dr
Source:	Binary string: MFCM100.i386.pdb source: mfcm100.dll.6.dr
Source:	Binary string: winusbcoinstaller.pdb source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdbLn `*_CorExeMainmscoree.dll source: ADF435x.vshost.exe.20.dr
Source:	Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000008.00000000.1424303855.0000000000181000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000008.00000002.1498324798.0000000000181000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: DpInst.pdb source: dpinst.exe, dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst.exe.15.dr
Source:	Binary string: c:\views\antioch_nnpl_cysuiteusb_latest\software\products\hsusb\cysuiteusb\cyusb_sys\src\objfre_wlh_amd64\amd64\cyusb.pdb source: dpinst_amd64.exe, 00000010.00000003.1592789689.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1597305637.0000025D0FA12000.00000004.00000020.00020000.00000000.sdmp, SET62EF.tmp.17.dr
Source:	Binary string: MFCM100U.i386.pdb0@ source: mfcm100u.dll.6.dr
Source:	Binary string: vcomp100.amd64.pdb source: vcomp100.dll.10.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1499950429.000000006CEC1000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1500061845.000000006D191000.00000020.00000001.01000000.00000013.sdmp
Source:	Binary string: patchhooks.pdbX source: vc_red.msi.3.dr
Source:	Binary string: DPCA.pdb source: MSIAD92.tmp.20.dr
Source:	Binary string: vcomp100.i386.pdb source: vcomp100.dll.6.dr
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll.10.dr
Source:	Binary string: DpInst.pdb7 source: dpinst.exe.15.dr
Source:	Binary string: msdia100.pdb source: msdia100.dll.10.dr
Source:	Binary string: DpInst.pdbH source: dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp
Source:	Binary string: mfc100u.amd64.pdb source: mfc100u.dll.10.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll.10.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdb source: ADF435x.vshost.exe.20.dr
Source:	Binary string: winusbcoinstaller.pdbH source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: SetupUi.pdb source: SetupUi.dll.7.dr
Source:	Binary string: SetupResources.pdb source: SetupResources.dll.7.dr, SetupResources.dll2.7.dr, SetupResources.dll3.7.dr, SetupResources.dll6.3.dr
Source:	Binary string: DPCA.pdb<0 source: MSIAD92.tmp.20.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D2E

PE file contains an invalid checksum

Source: GetVersion.dll.2.dr	Static PE information: real checksum: 0x0 should be: 0x887a
Source: ADI_RFG_Drivers.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xad089
Source: System.dll.2.dr	Static PE information: real checksum: 0x0 should be: 0xa27d
Source: uninst.exe.2.dr	Static PE information: real checksum: 0x138565c should be: 0x15fc8

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010065F3 push ecx; ret	3_2_01006603
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_00C63DF5 push ecx; ret	5_2_00C63E08
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D164821 push ecx; ret	5_2_6D164834
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D161B89 push ecx; ret	5_2_6D161B9C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D20E605 push ecx; ret	5_2_6D20E618
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D217296 push ecx; ret	5_2_6D2172A9
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_00183DF5 push ecx; ret	8_2_00183E08
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC4821 push ecx; ret	8_2_6CEC4834
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC1B89 push ecx; ret	8_2_6CEC1B9C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D20E605 push ecx; ret	8_2_6D20E618
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D217296 push ecx; ret	8_2_6D2172A9

Source: F_CENTRAL_msvcr100_x86.6.dr

Static PE information: section name: .text entropy: 6.90903234258047

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 Blob

Sample is not signed and drops a device driver

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe

File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIADF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\CyUSB.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1036\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\SET612A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	File created: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\uninst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62EF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1031\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WdfCoInstaller01007.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\3082\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WinUSBCoInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\sqmapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1041\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET40DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\System32\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsp180A.tmp\GetVersion.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\GetVersion.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	File created: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsp180A.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\sdpApi1.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\2052\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI7934.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4301.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1042\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAD92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET4061.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI79E1.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4340.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.vshost.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1033\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1036\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\INIFileParser.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1033\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1031\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\sqmapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\dpinst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIADF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4301.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAD92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62EF.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\System32\csaDriverInterface.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4340.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86			Jump to dropped file

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20241024_050332743-MSI_vc_red.msi.txt			Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20241024_050342548-MSI_vc_red.msi.txt

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1049\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1049\eula.rtf	Jump to behavior

Creates or modifies windows services

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VSSetup

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Analog Devices
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Analog Devices\ADF435x
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Analog Devices\ADF435x\ADF435x.lnk

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1DE813 StartServiceW,

5_2_6D1DE813

Stores large binary data to the registry

Source: C:\Windows\System32\drvinst.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 Blob

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1042\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsp180A.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\sdpApi1.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIADF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI7934.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4301.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\CyUSB.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1042\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\SET612A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAD92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\uninst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET4061.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62EF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI79E1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.vshost.exe	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4340.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1031\SetupResources.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WdfCoInstaller01007.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1036\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1041\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1033\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\INIFileParser.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WinUSBCoInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1041\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1033\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1031\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET40DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Windows\System32\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1028\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100enu.dll	Jump to dropped file

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found evasive API chain checking for process token information

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe TID: 5956

Thread sleep count: 47 > 30

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405D07 FindFirstFileA,FindClose,	0_2_00405D07
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405331
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_0040263E FindFirstFileA,	0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405D07 FindFirstFileA,FindClose,	2_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	2_2_00405331
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_0040263E FindFirstFileA,	2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	3_2_010046B9
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D178097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	5_2_6D178097
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D164281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	5_2_6D164281
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	5_2_6D1C5BC0
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	5_2_6D1C4120
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CED8097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	8_2_6CED8097
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC4281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	8_2_6CEC4281
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	8_2_6D1C5BC0
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	8_2_6D1C4120
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405D07 FindFirstFileA,FindClose,	15_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	15_2_00405331
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_0040263E FindFirstFileA,	15_2_0040263E

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1F0D5E __EH_prolog3_GS,GetModuleHandleW,GetLastError,GetSystemInfo,GetNativeSystemInfo,GetLastError,GetLastError,GetLastError,_memset,GetNativeSystemInfo,GetLastError,

5_2_6D1F0D5E

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	API call chain: ExitProcess graph end node
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	API call chain: ExitProcess graph end node
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	API call chain: ExitProcess graph end node

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_00C62BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

5_2_00C62BA5

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D20CB2B VirtualProtect ?,-00000001,00000104,?

5_2_6D20CB2B

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D2E

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Code function: 3_2_01005899 InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateEventA,CreateThread,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,ExpandEnvironmentStringsA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,

3_2_01005899

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010062FF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_010062FF
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_00C62BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00C62BA5
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_00C645BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00C645BE
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D16171F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_6D16171F
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1E7462 __EH_prolog3,GetModuleHandleW,GetProcAddress,SetThreadStackGuarantee,SetUnhandledExceptionFilter,GetCommandLineW,	5_2_6D1E7462
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D20EF0A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_6D20EF0A
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D20B431 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_6D20B431
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_001845BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_001845BE
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_00182BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00182BA5
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC171F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_6CEC171F
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1E7462 __EH_prolog3,GetModuleHandleW,GetProcAddress,SetThreadStackGuarantee,SetUnhandledExceptionFilter,GetCommandLineW,	8_2_6D1E7462
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D20EF0A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_6D20EF0A
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D20B431 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_6D20B431

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe

Process created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe "C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe" /sw /sa /path "C:\Program Files\Analog Devices\USB Drivers\RFG" /lm

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} global\{02855856-448c-0b4c-9dc0-f42f67f33c11} c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.cat
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} global\{a48a4ac5-05ee-5148-b49d-b491db96c803} c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg.cat
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} global\{02855856-448c-0b4c-9dc0-f42f67f33c11} c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.cat
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} global\{a48a4ac5-05ee-5148-b49d-b491db96c803} c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg.cat

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Code function: 3_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,

3_2_01004F6B

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Code function: 3_2_01003D02 AllocateAndInitializeSid,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLengthSid,GetTokenInformation,GetLengthSid,

3_2_01003D02

Source: Setup.exe, 00000005.00000003.1352014446.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000003.1352140521.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000002.1401791963.000000000088E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: Setup.exe, 00000008.00000003.1451985277.00000000013A9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000002.1498886934.000000000133E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1450993621.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerc`YB
Source: Setup.exe, 00000005.00000003.1352014446.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000003.1352791579.00000000008BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [4056] [explorer.exe] [Program Manager] [Visible]ml
Source: Setup.exe, 00000008.00000003.1451069612.0000000001366000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [4056] [explorer.exe] [Program Manager] [Visible].xml=

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

3_2_01004F6B

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1E78FB __EH_prolog3_GS,GetCommandLineW,_memset,GetTimeZoneInformation,GetThreadLocale,

5_2_6D1E78FB

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00405A2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405A2E

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Windows\System32\drvinst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CE8D888A7214455FA1DBBE83729D9F33A39A3846 Blob

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,CloseHandle,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,	3_2_01004F6B
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010045EB GetFileAttributesA,LoadLibraryA,GetProcAddress,DecryptFileA,GetLastError,	3_2_010045EB
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1F189E __EH_prolog3,CryptQueryObject,GetLastError,CertCloseStore,CryptMsgClose,GetLastError,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,	5_2_6D1F189E
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E3B CryptMsgGetAndVerifySigner,	5_2_6D1D7E3B
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E2A CryptQueryObject,	5_2_6D1D7E2A
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E4C CryptHashPublicKeyInfo,SetLastError,	5_2_6D1D7E4C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7E7C CryptMsgGetParam,SetLastError,	5_2_6D1D7E7C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1D7EBB CryptDecodeObject,SetLastError,	5_2_6D1D7EBB
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1F189E __EH_prolog3,CryptQueryObject,GetLastError,CertCloseStore,CryptMsgClose,GetLastError,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,	8_2_6D1F189E
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E3B CryptMsgGetAndVerifySigner,	8_2_6D1D7E3B
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E2A CryptQueryObject,	8_2_6D1D7E2A
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E4C CryptHashPublicKeyInfo,SetLastError,	8_2_6D1D7E4C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7E7C CryptMsgGetParam,SetLastError,	8_2_6D1D7E7C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1D7EBB CryptDecodeObject,SetLastError,	8_2_6D1D7EBB

Uses 32bit PE files

Source: ADF435x_v4_5_0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.lib
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.exe
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.xml
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb_rfg.cat
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\ADI_CYUSB_RFG_x64.inf
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20241024_050332743-MSI_vc_red.msi.txt			Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20241024_050342548-MSI_vc_red.msi.txt

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1049\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1049\eula.rtf	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: C:\Users\RBRENNAN\Documents\Visual Studio 2008\Projects\ADF435x\ADF435x\ADF435x\obj\Release\ADF435x.pdb source: ADF435x.exe.20.dr
Source:	Binary string: sfxcab.pdb source: vcredist_x86.exe, vcredist_x86.exe, 00000003.00000002.1404909404.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x86.exe, 00000003.00000000.1306707639.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x64.exe, 00000007.00000002.1501356558.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x64.exe, 00000007.00000000.1407048744.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x86.exe.2.dr, vcredist_x64.exe.2.dr, WinUSBCoInstaller.dll.2.dr
Source:	Binary string: WdfCoInstaller01007.pdbH source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: MFCM100U.i386.pdb source: mfcm100u.dll.6.dr
Source:	Binary string: WdfCoInstaller01007.pdb source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: sfxcab.pdbU source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: MFCM100.i386.pdb0@ source: mfcm100.dll.6.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000008.00000003.1453297775.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1453525481.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, 492e91.msi.10.dr, vc_red.msi.3.dr, 492e8e.msi.10.dr
Source:	Binary string: mfc100.amd64.pdb source: mfc100.dll.10.dr
Source:	Binary string: MFCM100.i386.pdb source: mfcm100.dll.6.dr
Source:	Binary string: winusbcoinstaller.pdb source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdbLn `*_CorExeMainmscoree.dll source: ADF435x.vshost.exe.20.dr
Source:	Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000008.00000000.1424303855.0000000000181000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000008.00000002.1498324798.0000000000181000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: DpInst.pdb source: dpinst.exe, dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst.exe.15.dr
Source:	Binary string: c:\views\antioch_nnpl_cysuiteusb_latest\software\products\hsusb\cysuiteusb\cyusb_sys\src\objfre_wlh_amd64\amd64\cyusb.pdb source: dpinst_amd64.exe, 00000010.00000003.1592789689.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1597305637.0000025D0FA12000.00000004.00000020.00020000.00000000.sdmp, SET62EF.tmp.17.dr
Source:	Binary string: MFCM100U.i386.pdb0@ source: mfcm100u.dll.6.dr
Source:	Binary string: vcomp100.amd64.pdb source: vcomp100.dll.10.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1499950429.000000006CEC1000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1500061845.000000006D191000.00000020.00000001.01000000.00000013.sdmp
Source:	Binary string: patchhooks.pdbX source: vc_red.msi.3.dr
Source:	Binary string: DPCA.pdb source: MSIAD92.tmp.20.dr
Source:	Binary string: vcomp100.i386.pdb source: vcomp100.dll.6.dr
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll.10.dr
Source:	Binary string: DpInst.pdb7 source: dpinst.exe.15.dr
Source:	Binary string: msdia100.pdb source: msdia100.dll.10.dr
Source:	Binary string: DpInst.pdbH source: dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp
Source:	Binary string: mfc100u.amd64.pdb source: mfc100u.dll.10.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll.10.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdb source: ADF435x.vshost.exe.20.dr
Source:	Binary string: winusbcoinstaller.pdbH source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: SetupUi.pdb source: SetupUi.dll.7.dr
Source:	Binary string: SetupResources.pdb source: SetupResources.dll.7.dr, SetupResources.dll2.7.dr, SetupResources.dll3.7.dr, SetupResources.dll6.3.dr
Source:	Binary string: DPCA.pdb<0 source: MSIAD92.tmp.20.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\msiexec.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405D07 FindFirstFileA,FindClose,	0_2_00405D07
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405331
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_0040263E FindFirstFileA,	0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405D07 FindFirstFileA,FindClose,	2_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	2_2_00405331
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_0040263E FindFirstFileA,	2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	3_2_010046B9
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D178097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	5_2_6D178097
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D164281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	5_2_6D164281
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	5_2_6D1C5BC0
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	5_2_6D1C4120
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CED8097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	8_2_6CED8097
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC4281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	8_2_6CEC4281
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	8_2_6D1C5BC0
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	8_2_6D1C4120
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405D07 FindFirstFileA,FindClose,	15_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	15_2_00405331
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_0040263E FindFirstFileA,	15_2_0040263E

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D204EB6 URLDownloadToFileW,

5_2_6D204EB6

Source: mfc100.dll.10.dr, mfc100u.dll.10.dr	String found in binary or memory: ftp://http://HTTP/1.0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/cps.html0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ac.economia.gob.mx/last.crl0G
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acedicom.edicomgroup.com/doc0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca.mtin.es/mtin/ocsp0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certificates.starfieldtech.com/repository/1604
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B52000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526659920.0000027218ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.defence.gov.au/pki0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B52000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Setup.exe, 00000008.00000003.1453337853.00000000013C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsof
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
Source: drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
Source: drvinst.exe, 0000000D.00000003.1530294675.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1527207605.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526130596.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186B9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557133232.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555544587.000001E346FF9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E34708B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E34708B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crlW
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1622481046.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.1638324879.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1609535181.0000025D0FA99000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1603496027.0000025D0FA9A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1632854685.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1622919561.0000025D0FA99000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1621657129.0000025D0FA87000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000012.00000002.1619412968.000001CB8D6CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: drvinst.exe, 00000011.00000003.1632854685.0000025D0FA09000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000002.1638324879.0000025D0FA09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabZ
Source: rundll32.exe, 00000012.00000002.1619412968.000001CB8D6AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabmeb
Source: rundll32.exe, 0000000E.00000002.1555628489.000001E347018000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabmel
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabym
Source: drvinst.exe, 0000000D.00000003.1526355480.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526199129.0000027218B1B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526511210.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
Source: drvinst.exe, 0000000D.00000003.1526355480.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526199129.0000027218B1B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526511210.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
Source: drvinst.exe, 0000000D.00000003.1531690114.0000027218669000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.0000027218648000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
Source: ADF435x.exe.20.dr	String found in binary or memory: http://forms.analog.com/form_pages/rfcomms/adisimpll.aspChttp://ez.analog.com/community/rf;http://ww
Source: Setup.exe, 00000005.00000003.1334583366.0000000002B50000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000003.1343553097.0000000002550000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1428794566.0000000003070000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1432386746.0000000002D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
Source: ADI_RFG_Drivers.exe, ADI_RFG_Drivers.exe, 0000000F.00000000.1585175645.0000000000409000.00000008.00000001.01000000.00000017.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000003.1647424068.000000000072A000.00000004.00000020.00020000.00000000.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000002.1648017205.0000000000409000.00000004.00000001.01000000.00000017.sdmp, ADF435x_v4_5_0.exe	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: ADF435x_v4_5_0.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.ncdc.gov.sa0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.pki.gva.es0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com
Source: drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQJ1TBLBrQ9OnPHXPVaWb87MxkNlgQUwu79F9f%2Btw%2FGc
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186B9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E34708B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E34708B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.comhttp://crl.thawte.com/ThawteTimestampingCA.crl
Source: drvinst.exe, 0000000D.00000003.1526727863.0000027218AC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.digidentity.eu/validatie0
Source: drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557133232.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pki.registradores.org/normativa/index.htm0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: Setup.exe, 00000008.00000003.1451069612.0000000001366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsof
Source: Setup.exe, 00000008.00000003.1451069612.0000000001366000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.microsoft.
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1529383433.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565330068.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cerS
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1529383433.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565330068.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl8
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crlV
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crlX
Source: drvinst.exe, 0000000D.00000003.1531420864.0000027218B3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com
Source: drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com)
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186B9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1564861535.0000027218ADD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531690114.00000272186B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRi82PVYYKWGJWdgVNyePy5kYTdqQQUX5r1blzMz
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.00000272186D3000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526800289.00000272186CB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1529383433.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563785395.00000272185B5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565330068.0000027218B6E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000002.1555681753.000001E347035000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1555063263.000001E347030000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000E.00000003.1533463212.000001E34705D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: drvinst.exe, 0000000D.00000002.1563843394.00000272186A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com1.3.6.1.5.5.7.48.2http://ts-aia.ws.symantec.com/tss-ca-g2.cer
Source: drvinst.exe, 0000000D.00000003.1557160813.00000272186D7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531504436.00000272186D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.comE
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org/doc0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.acabogacia.org0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
Source: SDPDrivers.exe, 00000002.00000002.1583916881.0000000000639000.00000004.00000020.00020000.00000000.sdmp, SDPDrivers.exe, 00000002.00000003.1583254079.0000000000621000.00000004.00000020.00020000.00000000.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000002.1648619079.0000000000708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.analog.com
Source: ADF435x.exe.20.dr	String found in binary or memory: http://www.analog.com/en/rfif-components/pll-synthesizersvcos/products/index.html
Source: SDPDrivers.exe, 00000002.00000002.1583916881.0000000000639000.00000004.00000020.00020000.00000000.sdmp, SDPDrivers.exe, 00000002.00000003.1583254079.0000000000621000.00000004.00000020.00020000.00000000.sdmp, ADI_RFG_Drivers.exe, 0000000F.00000002.1648619079.0000000000708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.analog.comPublisherAnalog
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ancert.com/cps0
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
Source: drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.anf.es/es/address-direccion.html
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
Source: drvinst.exe, 0000000D.00000003.1526765655.0000027218ACB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526727863.0000027218AC7000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certicamara.com/dpc/0Z
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class1.crl0
Source: drvinst.exe, 0000000D.00000003.1531690114.0000027218669000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1563843394.0000027218648000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: drvinst.exe, 0000000D.00000003.1526355480.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526199129.0000027218B1B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526511210.0000027218B1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.comsign.co.il/cps0
Source: drvinst.exe, 0000000D.00000003.1527252385.0000027218AC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-int0
Source: drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.datev.de/zertifikat-policy-std0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.defence.gov.au/pki0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.disig.sk/ca0f
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.dnie.es/dpc0
Source: drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530363122.0000027218B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-me.lv/repository0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crl
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
Source: drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-szigno.hu/SZSZ/0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526355480.0000027218B00000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525697871.0000027218B6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.e-trust.be/CPS/QNcerts
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecee.gov.pt/dpc0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.eme.lv/repository0
Source: drvinst.exe, 0000000D.00000003.1531598076.0000027218AFB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.globaltrust.info0=
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oaticerts.com/repository.
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
Source: drvinst.exe, 0000000D.00000003.1526434518.0000027218AE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B2D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pki.gva.es/cps0%
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
Source: drvinst.exe, 0000000D.00000003.1525510967.0000027218B63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rcsc.lt/repository0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/cps/0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sk.ee/juur/crl/0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530294675.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1527207605.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526130596.000002721871B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1526130596.000002721872E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ssc.lt/cps03
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
Source: drvinst.exe, 0000000D.00000003.1526024348.0000027218B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
Source: Setup.exe, 00000005.00000003.1352014446.00000000008B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.w.org/TR
Source: drvinst.exe, 0000000D.00000003.1526236328.0000027218B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526586643.0000027218ACF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://rca.e-szigno.hu/ocsp0-
Source: drvinst.exe, 0000000D.00000002.1565258270.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557133232.0000027218B5A000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525808694.0000027218B5F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.luxtrust.lu0
Source: drvinst.exe, 0000000D.00000003.1529236517.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1530215503.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1527118656.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1531561296.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000002.1565153679.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525990049.0000027218B3F000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557208081.0000027218B44000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1557336838.0000027218B43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://repository.tsp.zetes.com0
Source: drvinst.exe, 0000000D.00000003.1525856715.000002721871D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.certicamara.com/marco-legal0Z
Source: dpinst.exe, 0000000B.00000003.1569176281.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1572299592.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000002.1582071257.00000000010EC000.00000004.00000020.00020000.00000000.sdmp, dpinst.exe, 0000000B.00000003.1571614268.00000000010EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwgn.com/r
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ACTAS/789230
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
Source: drvinst.exe, 0000000D.00000003.1526471636.0000027218AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.anf.es/address/)1(0&
Source: drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: drvinst.exe, 0000000D.00000003.1525602901.0000027218B54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: drvinst.exe, 0000000D.00000003.1525656429.0000027218C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.hu/docs/
Source: drvinst.exe, 0000000D.00000003.1526320150.0000027218AFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.netlock.net/docs
Source: drvinst.exe, 0000000D.00000003.1525924141.0000027218B52000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1525551126.0000027218B4B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

0_2_00404EE8

Drops certificate files (DER)

Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62DE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb_rfg.cat	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\ADI_CYUSB_RFG.cat (copy)	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4361.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\SET6119.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\adisdp_x64.cat	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET40FF.tmp	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\AdiSdp_x64.cat (copy)	Jump to dropped file

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,	3_2_01003972
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_0100358B NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	3_2_0100358B
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010034F4 NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	3_2_010034F4

Contains functionality to communicate with device drivers

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Code function: 3_2_01002B13: GetDriveTypeA,CreateFileA,DeviceIoControl,CloseHandle,

3_2_01002B13

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,	0_2_004030FA
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,	2_2_004030FA
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,	3_2_01003972
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1E4B5B ExitWindowsEx,	5_2_6D1E4B5B
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1E4B5B ExitWindowsEx,	8_2_6D1E4B5B
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,	15_2_004030FA

Creates driver files

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe

File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys

Creates files inside the driver directory

Source: C:\Windows\System32\drvinst.exe

File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}

Creates files inside the system directory

Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\system32\csaDriverInterface.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\4908e6.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIC80.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\atl100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100chs.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100cht.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100deu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100enu.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100esn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100fra.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100ita.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100jpn.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100kor.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100rus.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfc100u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\mfcm100u.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\SysWOW64\vcomp100.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\4908e9.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\4908e9.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\492e8e.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI32A5.tmp
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\atl100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100chs.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100cht.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100deu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100enu.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100esn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100fra.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100ita.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100jpn.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100kor.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100rus.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfc100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\mfcm100u.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\msvcr100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\system32\vcomp100.dll
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\492e91.msi
Source: C:\Windows\System32\msiexec.exe	File created: c:\Windows\Installer\492e91.msi
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Windows\DPINST.LOG
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\adisdp_x64.inf_amd64_7baaf95d09ad2dfb
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem4.inf
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\FileRepository\adi_cyusb_rfg_x64.inf_amd64_2366957b1c96956c
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\inf\oem5.inf
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\49acc7.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAD92.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIADF1.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{491647C1-1281-4343-AA61-F87CA00A92A2}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAE50.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}\_853F67D554F05449430E7E.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}\_CBDBE159E3FB79ADDB2047.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{491647C1-1281-4343-AA61-F87CA00A92A2}\_86E302AD3AEF842FD2938A.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\49acc9.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\49acc9.msi

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\4908e9.msi

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00406128	0_2_00406128
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_004046F9	0_2_004046F9
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_004068FF	0_2_004068FF
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00406128	2_2_00406128
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_004046F9	2_2_004046F9
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_004068FF	2_2_004068FF
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01008906	3_2_01008906
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_0100911E	3_2_0100911E
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01009558	3_2_01009558
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01008286	3_2_01008286
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_0100859D	3_2_0100859D
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_01008CC5	3_2_01008CC5
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D17D81C	5_2_6D17D81C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D17D064	5_2_6D17D064
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D169A50	5_2_6D169A50
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1FE7C2	5_2_6D1FE7C2
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21AD3E	5_2_6D21AD3E
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D215C30	5_2_6D215C30
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21C9DE	5_2_6D21C9DE
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21B41F	5_2_6D21B41F
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1BF75A	5_2_6D1BF75A
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21A7E8	5_2_6D21A7E8
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21C38B	5_2_6D21C38B
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D21A292	5_2_6D21A292
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEDD064	8_2_6CEDD064
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEDD81C	8_2_6CEDD81C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC9A50	8_2_6CEC9A50
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1FE7C2	8_2_6D1FE7C2
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21AD3E	8_2_6D21AD3E
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D215C30	8_2_6D215C30
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21C9DE	8_2_6D21C9DE
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21B41F	8_2_6D21B41F
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1BF75A	8_2_6D1BF75A
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21A7E8	8_2_6D21A7E8
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21C38B	8_2_6D21C38B
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D21A292	8_2_6D21A292
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00406128	15_2_00406128
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_004046F9	15_2_004046F9
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_004068FF	15_2_004068FF

Found potential string decryption / allocating functions

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D1E80F9 appears 578 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D2171AA appears 551 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D1E8377 appears 56 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D208EA6 appears 109 times
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: String function: 6D1B3A0D appears 43 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D1E80F9 appears 578 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D2171AA appears 551 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D1E8377 appears 56 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D208EA6 appears 109 times
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: String function: 6D1B3A0D appears 43 times

PE file contains executable resources (Code or Archives)

Source: WdfCoInstaller01007.dll.2.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 1406448 bytes, 4 files, at 0x44 +A "Wdf01000.inf" +A "Wdf.cat", flags 0x4, ID 13879, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
Source: WinUSBCoInstaller.dll.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SetupResources.dll4.3.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SetupResources.dll4.7.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: SetupResources.dll8.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll2.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll8.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll3.3.dr	Static PE information: No import functions for PE file found
Source: mfc100fra.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100esn.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100enu.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll7.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll7.7.dr	Static PE information: No import functions for PE file found
Source: mfc100deu.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll5.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll2.3.dr	Static PE information: No import functions for PE file found
Source: mfc100cht.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100rus.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll5.7.dr	Static PE information: No import functions for PE file found
Source: mfc100jpn.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll0.7.dr	Static PE information: No import functions for PE file found
Source: mfc100chs.dll.6.dr	Static PE information: No import functions for PE file found
Source: mfc100ita.dll.6.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll0.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll4.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll1.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll4.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll1.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll3.7.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll6.3.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll6.7.dr	Static PE information: No import functions for PE file found
Source: mfc100kor.dll.6.dr	Static PE information: No import functions for PE file found

Uses 32bit PE files

Source: ADF435x_v4_5_0.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: mfc100fra.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100esn.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100enu.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100deu.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100cht.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100rus.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100jpn.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100chs.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100ita.dll.6.dr	Static PE information: Section .rsrc
Source: mfc100kor.dll.6.dr	Static PE information: Section .rsrc

Source: WdfCoInstaller01007.dll.2.dr

Static PE information: Section: .rsrc ZLIB complexity 0.9967273866510116

Source: classification engine

Classification label: sus24.evad.winEXE@35/309@0/0

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1FCF6E __EH_prolog3,GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,

5_2_6D1FCF6E

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1E4B28 AdjustTokenPrivileges,		5_2_6D1E4B28
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1E4B28 AdjustTokenPrivileges,		8_2_6D1E4B28

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_004041FC GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_004041FC

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1D4F48 CreateToolhelp32Snapshot,_memset,Process32FirstW,Process32NextW,CloseHandle,

5_2_6D1D4F48

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,

0_2_00402020

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D207C0B LoadResource,LockResource,SizeofResource,

5_2_6D207C0B

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1DE813 StartServiceW,

5_2_6D1DE813

Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe

File created: C:\Program Files (x86)\Analog Devices

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\Public\Desktop\ADF435x.lnk

Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\DPINST_LOG_SCROLLER_MUTEX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Mutant created: NULL
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\VC_Redist_SetupMutex

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

File created: C:\Users\user~1\AppData\Local\Temp\nscEC36.tmp

Jump to behavior

Source: ADF435x_v4_5_0.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\drvinst.exe

Source: MSIAD92.tmp.20.dr

Source: Setup.exe	String found in binary or memory: Pre-Installation Warnings:
Source: Setup.exe	String found in binary or memory: Pre-Installation Warnings:
Source: dpinst.exe	String found in binary or memory: Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.
Source: dpinst.exe	String found in binary or memory: Error 0x%X - Could not delete service info key for '%ws', even though there are no more DIFx-installed driver stores using this se
Source: dpinst.exe	String found in binary or memory: During undo of install, we failed to re-install the driver. Error code 0x%X
Source: dpinst.exe	String found in binary or memory: Some post-install cleanup tasks failed. Error code is 0x%X
Source: dpinst.exe	String found in binary or memory: Successfully re-added '%s' to reference list of driver store entry '%s'
Source: dpinst.exe	String found in binary or memory: Could not re-add '%s' to reference list of driver store entry '%s'
Source: dpinst_amd64.exe	String found in binary or memory: Error 0x%X - Could not delete service info key for '%ws', even though there are no more DIFx-installed driver stores using this se
Source: dpinst_amd64.exe	String found in binary or memory: Some post-install cleanup tasks failed. Error code is 0x%X
Source: dpinst_amd64.exe	String found in binary or memory: During undo of install, we failed to re-install the driver. Error code 0x%X
Source: dpinst_amd64.exe	String found in binary or memory: Install option set: Suppress pre-install of Plug and Play drivers if no matching devices are present.
Source: dpinst_amd64.exe	String found in binary or memory: Could not re-add '%s' to reference list of driver store entry '%s'
Source: dpinst_amd64.exe	String found in binary or memory: Successfully re-added '%s' to reference list of driver store entry '%s'

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

File read: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ADF435x_v4_5_0.exe "C:\Users\user\Desktop\ADF435x_v4_5_0.exe"
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe C:\Users\user~1\AppData\Local\Temp\SDPDrivers.exe /S
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x86.exe /q
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process created: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe c:\6cd6594ee40f26ffb7ca6883eb\Setup.exe /q
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x64.exe /q
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process created: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe c:\dd75838cbf6dd04545e5fee87fbf\Setup.exe /q
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe "C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe" /sw /sa /path "C:\Program Files (x86)\Analog Devices\SDP\DriversR2"
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\adisdp_x64.inf" "9" "4efe11aab" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "c:\program files (x86)\analog devices\sdp\driversr2"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} Global\{02855856-448c-0b4c-9dc0-f42f67f33c11} C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe C:\Users\user~1\AppData\Local\Temp\ADI_RFG_Drivers.exe /S
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe "C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe" /sw /sa /path "C:\Program Files\Analog Devices\USB Drivers\RFG" /lm
Source: unknown	Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\adi_cyusb_rfg_x64.inf" "9" "4f41e6c43" "0000000000000170" "WinSta0\Default" "000000000000016C" "208" "c:\program files\analog devices\usb drivers\rfg"
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} Global\{a48a4ac5-05ee-5148-b49d-b491db96c803} C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "msiexec" /i "C:\Users\user~1\AppData\Local\Temp\ADF435x.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6B5A3C60BB00D53DB335AFC1B0CDDA21 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3EAB4146E26D2C9785A5EA8A5DAF2D23
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe C:\Users\user~1\AppData\Local\Temp\SDPDrivers.exe /S	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe C:\Users\user~1\AppData\Local\Temp\ADI_RFG_Drivers.exe /S	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "msiexec" /i "C:\Users\user~1\AppData\Local\Temp\ADF435x.msi"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x86.exe /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe C:\Users\user~1\AppData\Local\Temp\vcredist_x64.exe /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe "C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe" /sw /sa /path "C:\Program Files (x86)\Analog Devices\SDP\DriversR2"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process created: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe c:\6cd6594ee40f26ffb7ca6883eb\Setup.exe /q	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process created: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe c:\dd75838cbf6dd04545e5fee87fbf\Setup.exe /q	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} Global\{02855856-448c-0b4c-9dc0-f42f67f33c11} C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe "C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe" /sw /sa /path "C:\Program Files\Analog Devices\USB Drivers\RFG" /lm
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} Global\{a48a4ac5-05ee-5148-b49d-b491db96c803} C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6B5A3C60BB00D53DB335AFC1B0CDDA21 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3EAB4146E26D2C9785A5EA8A5DAF2D23

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: clusapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: setupengine.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: sqmapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msxml3.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: clusapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Section loaded: feclient.dll	Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: apphelp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: acgenral.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: uxtheme.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winmm.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: samcli.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msacm32.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: version.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: userenv.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: dwmapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: urlmon.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: mpr.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sspicli.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winmmbase.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winmmbase.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: iertutil.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: srvcli.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: netutils.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: aclayers.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sfc.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sfc_os.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: setupengine.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: winhttp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: secur32.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: sqmapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msasn1.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: profapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: ntmarta.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: kernel.appcore.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msxml3.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: windows.storage.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: wldp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: cryptsp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: rsaenh.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: cryptbase.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: gpapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: msisip.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: srpapi.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: tsappcmp.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: netapi32.dll
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: msxml3.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: drvstore.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: devrtl.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: spinf.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: cabinet.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: msxml3.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: drvstore.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: devrtl.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: spinf.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: cryptnet.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: slc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: pnpui.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: dui70.dll
Source: C:\Windows\System32\drvinst.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textshaping.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msihnd.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dwmapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: oleacc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC
Source: C:\Windows\System32\msiexec.exe	Directory created: c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.lib
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.exe
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\dpinst.xml
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb_rfg.cat
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\ADI_CYUSB_RFG_x64.inf
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Directory created: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}

Source: ADF435x_v4_5_0.exe

Static file information: File size 21736003 > 1048576

Source: C:\Windows\System32\msiexec.exe

File opened: c:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: C:\Users\RBRENNAN\Documents\Visual Studio 2008\Projects\ADF435x\ADF435x\ADF435x\obj\Release\ADF435x.pdb source: ADF435x.exe.20.dr
Source:	Binary string: sfxcab.pdb source: vcredist_x86.exe, vcredist_x86.exe, 00000003.00000002.1404909404.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x86.exe, 00000003.00000000.1306707639.0000000001002000.00000020.00000001.01000000.00000005.sdmp, vcredist_x64.exe, 00000007.00000002.1501356558.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x64.exe, 00000007.00000000.1407048744.0000000001002000.00000020.00000001.01000000.00000010.sdmp, vcredist_x86.exe.2.dr, vcredist_x64.exe.2.dr, WinUSBCoInstaller.dll.2.dr
Source:	Binary string: WdfCoInstaller01007.pdbH source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: MFCM100U.i386.pdb source: mfcm100u.dll.6.dr
Source:	Binary string: WdfCoInstaller01007.pdb source: WdfCoInstaller01007.dll.2.dr
Source:	Binary string: sfxcab.pdbU source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: MFCM100.i386.pdb0@ source: mfcm100.dll.6.dr
Source:	Binary string: patchhooks.pdb source: Setup.exe, 00000008.00000003.1453297775.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1453525481.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, 492e91.msi.10.dr, vc_red.msi.3.dr, 492e8e.msi.10.dr
Source:	Binary string: mfc100.amd64.pdb source: mfc100.dll.10.dr
Source:	Binary string: MFCM100.i386.pdb source: mfcm100.dll.6.dr
Source:	Binary string: winusbcoinstaller.pdb source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdbLn `*_CorExeMainmscoree.dll source: ADF435x.vshost.exe.20.dr
Source:	Binary string: Setup.pdb source: Setup.exe, Setup.exe, 00000008.00000000.1424303855.0000000000181000.00000020.00000001.01000000.00000012.sdmp, Setup.exe, 00000008.00000002.1498324798.0000000000181000.00000020.00000001.01000000.00000012.sdmp
Source:	Binary string: DpInst.pdb source: dpinst.exe, dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst.exe.15.dr
Source:	Binary string: c:\views\antioch_nnpl_cysuiteusb_latest\software\products\hsusb\cysuiteusb\cyusb_sys\src\objfre_wlh_amd64\amd64\cyusb.pdb source: dpinst_amd64.exe, 00000010.00000003.1592789689.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 00000011.00000003.1597305637.0000025D0FA12000.00000004.00000020.00020000.00000000.sdmp, SET62EF.tmp.17.dr
Source:	Binary string: MFCM100U.i386.pdb0@ source: mfcm100u.dll.6.dr
Source:	Binary string: vcomp100.amd64.pdb source: vcomp100.dll.10.dr
Source:	Binary string: sqmapi.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1499950429.000000006CEC1000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: SetupEngine.pdb source: Setup.exe, Setup.exe, 00000008.00000002.1500061845.000000006D191000.00000020.00000001.01000000.00000013.sdmp
Source:	Binary string: patchhooks.pdbX source: vc_red.msi.3.dr
Source:	Binary string: DPCA.pdb source: MSIAD92.tmp.20.dr
Source:	Binary string: vcomp100.i386.pdb source: vcomp100.dll.6.dr
Source:	Binary string: MFCM100.amd64.pdbHp source: mfcm100.dll.10.dr
Source:	Binary string: DpInst.pdb7 source: dpinst.exe.15.dr
Source:	Binary string: msdia100.pdb source: msdia100.dll.10.dr
Source:	Binary string: DpInst.pdbH source: dpinst.exe, 0000000B.00000000.1503533722.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst.exe, 0000000B.00000002.1582738423.00007FF710751000.00000020.00000001.01000000.00000016.sdmp, dpinst_amd64.exe, 00000010.00000002.1646402957.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp, dpinst_amd64.exe, 00000010.00000000.1589587262.00007FF644B11000.00000020.00000001.01000000.0000001B.sdmp
Source:	Binary string: mfc100u.amd64.pdb source: mfc100u.dll.10.dr
Source:	Binary string: MFCM100.amd64.pdb source: mfcm100.dll.10.dr
Source:	Binary string: f:\dd\vsproject\vshost\vshost32-clr2\objr\i386\vshost32-clr2.pdb source: ADF435x.vshost.exe.20.dr
Source:	Binary string: winusbcoinstaller.pdbH source: WinUSBCoInstaller.dll.2.dr
Source:	Binary string: SetupUi.pdb source: SetupUi.dll.7.dr
Source:	Binary string: SetupResources.pdb source: SetupResources.dll.7.dr, SetupResources.dll2.7.dr, SetupResources.dll3.7.dr, SetupResources.dll6.3.dr
Source:	Binary string: DPCA.pdb<0 source: MSIAD92.tmp.20.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D2E

PE file contains an invalid checksum

Source: GetVersion.dll.2.dr	Static PE information: real checksum: 0x0 should be: 0x887a
Source: ADI_RFG_Drivers.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xad089
Source: System.dll.2.dr	Static PE information: real checksum: 0x0 should be: 0xa27d
Source: uninst.exe.2.dr	Static PE information: real checksum: 0x138565c should be: 0x15fc8

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010065F3 push ecx; ret	3_2_01006603
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_00C63DF5 push ecx; ret	5_2_00C63E08
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D164821 push ecx; ret	5_2_6D164834
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D161B89 push ecx; ret	5_2_6D161B9C
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D20E605 push ecx; ret	5_2_6D20E618
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D217296 push ecx; ret	5_2_6D2172A9
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_00183DF5 push ecx; ret	8_2_00183E08
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC4821 push ecx; ret	8_2_6CEC4834
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC1B89 push ecx; ret	8_2_6CEC1B9C
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D20E605 push ecx; ret	8_2_6D20E618
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D217296 push ecx; ret	8_2_6D2172A9

Source: F_CENTRAL_msvcr100_x86.6.dr

Static PE information: section name: .text entropy: 6.90903234258047

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 Blob	Jump to behavior
Source: C:\Windows\System32\drvinst.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 Blob

Sample is not signed and drops a device driver

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe

File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1042\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIADF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\CyUSB.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1036\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\SET612A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	File created: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\uninst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62EF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1031\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WdfCoInstaller01007.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\3082\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WinUSBCoInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\sqmapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1041\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET40DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\System32\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsp180A.tmp\GetVersion.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\GetVersion.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	File created: C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	File created: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsp180A.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\sdpApi1.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\2052\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\SetupEngine.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI7934.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4301.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1042\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAD92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET4061.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSI79E1.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4340.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.vshost.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	File created: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1033\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\1036\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1041\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Analog Devices\ADF435x\INIFileParser.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1033\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1031\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: C:\6cd6594ee40f26ffb7ca6883eb\sqmapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: C:\dd75838cbf6dd04545e5fee87fbf\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File created: C:\Program Files\Analog Devices\USB Drivers\dpinst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIADF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4301.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAD92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62EF.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\System32\csaDriverInterface.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	File created: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4340.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	File created: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86			Jump to dropped file

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20241024_050332743-MSI_vc_red.msi.txt			Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File created: C:\Users\user~1\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_20241024_050342548-MSI_vc_red.msi.txt

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	File created: c:\6cd6594ee40f26ffb7ca6883eb\1049\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1033\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1041\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1042\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1028\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\2052\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1040\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1036\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1031\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\3082\eula.rtf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	File created: c:\dd75838cbf6dd04545e5fee87fbf\1049\eula.rtf	Jump to behavior

Creates or modifies windows services

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\VSSetup

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Analog Devices
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Analog Devices\ADF435x
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Analog Devices\ADF435x\ADF435x.lnk

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1DE813 StartServiceW,

5_2_6D1DE813

Stores large binary data to the registry

Source: C:\Windows\System32\drvinst.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 Blob

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1042\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsp180A.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\sdpApi1.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIADF1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100cht.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\atl100.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI7934.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100chs.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4301.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100esn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\2052\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\CyUSB.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Program Files\Analog Devices\USB Drivers\RFG\adi_cyusb.sys	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1036\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcr100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100cht.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1042\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\SET612A.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100ita.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WinUSBCoInstaller.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Program Files\Analog Devices\USB Drivers\ADI_CYUSB_USB4.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAD92.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100deu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100ita.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\uninst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100u.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET4061.tmp	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\SET62EF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1028\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI79E1.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\ADF435x.vshost.exe	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\SET4340.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100esn.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100fra.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100fra.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1031\SetupResources.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\sdpDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WdfCoInstaller01007.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1036\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1041\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1033\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\atl100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100rus.dll	Jump to dropped file
Source: C:\Windows\System32\drvinst.exe	Dropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\WdfCoInstaller01007.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Program Files\Analog Devices\USB Drivers\RFG\uninstall.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\ADF435x\INIFileParser.DLL	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\System.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\WinUSBCoInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1041\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1033\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\3082\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100rus.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1031\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Dropped PE file which has not been started: C:\6cd6594ee40f26ffb7ca6883eb\1049\SetupResources.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100enu.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfcm100u.dll	Jump to dropped file
Source: C:\Program Files (x86)\Analog Devices\SDP\DriversR2\dpinst.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{e893f925-8aa1-9045-bd56-cfe82a26da46}\SET40DF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Dropped PE file which has not been started: C:\Windows\System32\csaDriverInterface.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\1028\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100kor.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\vcredist_x64.exe	Dropped PE file which has not been started: C:\dd75838cbf6dd04545e5fee87fbf\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsn5F06.tmp\dpinst_amd64.exe	Dropped PE file which has not been started: C:\Users\user~1\AppData\Local\Temp\{d55074ba-c19a-bb44-89de-a58a465055fb}\ADI_CYUSB.sys (copy)	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\mfc100jpn.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\vcomp100.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc100enu.dll	Jump to dropped file

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found evasive API chain checking for process token information

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe TID: 5956

Thread sleep count: 47 > 30

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405D07 FindFirstFileA,FindClose,	0_2_00405D07
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405331
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	Code function: 0_2_0040263E FindFirstFileA,	0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405D07 FindFirstFileA,FindClose,	2_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	2_2_00405331
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	Code function: 2_2_0040263E FindFirstFileA,	2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	3_2_010046B9
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D178097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	5_2_6D178097
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D164281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	5_2_6D164281
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	5_2_6D1C5BC0
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	5_2_6D1C4120
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CED8097 memset,memset,FindFirstFileW,DeleteFileW,GetLastError,FindNextFileW,FindClose,	8_2_6CED8097
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC4281 memset,EnterCriticalSection,FindFirstFileW,LeaveCriticalSection,ctype,FindNextFileW,FindClose,ResetEvent,CreateThread,CloseHandle,GetLastError,	8_2_6CEC4281
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C5BC0 __EH_prolog3_GS,_memset,FindFirstFileW,FindNextFileW,FindClose,	8_2_6D1C5BC0
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1C4120 FindFirstFileW,GetFullPathNameW,SetLastError,_wcsrchr,_wcsrchr,	8_2_6D1C4120
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405D07 FindFirstFileA,FindClose,	15_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	15_2_00405331
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	Code function: 15_2_0040263E FindFirstFileA,	15_2_0040263E

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1F0D5E __EH_prolog3_GS,GetModuleHandleW,GetLastError,GetSystemInfo,GetNativeSystemInfo,GetLastError,GetLastError,GetLastError,_memset,GetNativeSystemInfo,GetLastError,

5_2_6D1F0D5E

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\nsExec.dll
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\nsn5F06.tmp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\Temp\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\Local\
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	File opened: C:\Users\user~1\AppData\

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\SDPDrivers.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	API call chain: ExitProcess graph end node
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	API call chain: ExitProcess graph end node
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe	API call chain: ExitProcess graph end node

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_00C62BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

5_2_00C62BA5

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D20CB2B VirtualProtect ?,-00000001,00000104,?

5_2_6D20CB2B

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D2E

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

3_2_01005899

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe	Code function: 3_2_010062FF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_010062FF
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_00C62BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00C62BA5
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_00C645BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00C645BE
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D16171F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_6D16171F
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D1E7462 __EH_prolog3,GetModuleHandleW,GetProcAddress,SetThreadStackGuarantee,SetUnhandledExceptionFilter,GetCommandLineW,	5_2_6D1E7462
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D20EF0A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_6D20EF0A
Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe	Code function: 5_2_6D20B431 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_6D20B431
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_001845BE _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_001845BE
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_00182BA5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_00182BA5
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6CEC171F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_6CEC171F
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D1E7462 __EH_prolog3,GetModuleHandleW,GetProcAddress,SetThreadStackGuarantee,SetUnhandledExceptionFilter,GetCommandLineW,	8_2_6D1E7462
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D20EF0A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	8_2_6D20EF0A
Source: C:\dd75838cbf6dd04545e5fee87fbf\Setup.exe	Code function: 8_2_6D20B431 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	8_2_6D20B431

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\ADI_RFG_Drivers.exe

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} global\{02855856-448c-0b4c-9dc0-f42f67f33c11} c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.cat
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} global\{a48a4ac5-05ee-5148-b49d-b491db96c803} c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg.cat
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e75da1e8-debd-1d48-8eb4-57c7f25d3f2a} global\{02855856-448c-0b4c-9dc0-f42f67f33c11} c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.inf c:\windows\system32\driverstore\temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\adisdp_x64.cat
Source: C:\Windows\System32\drvinst.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe c:\windows\system32\pnpui.dll,installsecuritypromptrundllw 20 global\{e5e3580a-288d-8044-bc87-e0b602ccf4f0} global\{a48a4ac5-05ee-5148-b49d-b491db96c803} c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg_x64.inf c:\windows\system32\driverstore\temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\adi_cyusb_rfg.cat

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

3_2_01004F6B

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Code function: 3_2_01003D02 AllocateAndInitializeSid,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLengthSid,GetTokenInformation,GetLengthSid,

3_2_01003D02

Source: Setup.exe, 00000005.00000003.1352014446.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000003.1352140521.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000002.1401791963.000000000088E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: Setup.exe, 00000008.00000003.1451985277.00000000013A9000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000002.1498886934.000000000133E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000008.00000003.1450993621.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Managerc`YB
Source: Setup.exe, 00000005.00000003.1352014446.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000005.00000003.1352791579.00000000008BB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [4056] [explorer.exe] [Program Manager] [Visible]ml
Source: Setup.exe, 00000008.00000003.1451069612.0000000001366000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [4056] [explorer.exe] [Program Manager] [Visible].xml=

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{20a4443f-2192-184e-868a-e7d67d434dc5}\AdiSdp_x64.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe	Queries volume information: C:\Windows\System32\DriverStore\Temp\{56f22667-61e0-6e49-a66d-9e6684a6bc0f}\ADI_CYUSB_RFG.cat VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

3_2_01004F6B

Source: C:\6cd6594ee40f26ffb7ca6883eb\Setup.exe

Code function: 5_2_6D1E78FB __EH_prolog3_GS,GetCommandLineW,_memset,GetTimeZoneInformation,GetThreadLocale,

5_2_6D1E78FB

Source: C:\Users\user\Desktop\ADF435x_v4_5_0.exe

Code function: 0_2_00405A2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405A2E

Source: C:\Users\user\AppData\Local\Temp\vcredist_x86.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Windows\System32\drvinst.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\CE8D888A7214455FA1DBBE83729D9F33A39A3846 Blob

ID:	1541055
Product:	CloudBasic
Start time:	11:02:28
Start date:	24.10.2024
Sample:	ADF435x_v4_5_0.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	db1355797efc166b115c0d378ed953f8
SHA1:	3254c3d841aedf98af545701122fe241fddcdd82
SHA256:	4a2f0dbfcbecf1ce034265bc8b2213906959062d45df29d432923e0bbc42cb30
Filetype:	Win32 Executable (generic) a (10002005/4) 92.16%

Windows Analysis Report
ADF435x_v4_5_0.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report ADF435x_v4_5_0.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
ADF435x_v4_5_0.exe