Windows Analysis Report
HammerDB-4.11-Win-x64-Setup.exe

Overview

General Information

Sample name:	HammerDB-4.11-Win-x64-Setup.exe
Analysis ID:	1523633
MD5:	0e108f1745add2b9c9e0be898a9f688f
SHA1:	d2335b8eeb9bd62cc146552a6c9d4a4f8ce03605
SHA256:	e6a3e905b9a96e542e12dd8868e6b3568a18a67c0448f68005b3e9adadde3c4b
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Found API chain indicative of debugger detection

Binary contains a suspicious time stamp

Contains functionality for read data from the clipboard

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

PE file contains more sections than normal

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries information about the installed CPU (vendor, model number etc)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Sample file is different than original file name gathered from version info

Classification

Signatures

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: certificate valid

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH

Source:

Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978443415.0000000010042000.00000002.00000001.01000000.00000005.sdmp

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006692F0 FindFirstFileW,FindClose,wcslen,GetFileAttributesA,FindFirstFileA,FindClose,GetFileAttributesA,		0_2_006692F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00665390 GetLastError,GetLastError,GetLastError,strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,		0_2_00665390

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\	Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspx
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970716861.0000000003A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspx
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970921782.0000000003BAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.php
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpller.Er
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpsions
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971887861.0000000004689000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://msdn.mic
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.micr
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.microsoft.co
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tcl.sf.net
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01StylenableTimes
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01r
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975437104.0000000005DB5000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738104902.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975359927.0000000005D2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tkcon.sourceforge.net/
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975319549.0000000005CEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.bitrock.com/api/1_0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.activestate.com/tcl/
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970769892.0000000003A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970992119.0000000003C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/character-sets
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tdom.org
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_005103E0 GetClipboardOwner,OpenClipboard,EmptyClipboard,CloseClipboard,

0_2_005103E0

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_007A8204 SetClipboardData,	0_2_007A8204
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FD670 OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,SetClipboardData,	0_2_004FD670
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FDA40 GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,	0_2_004FDA40

Contains functionality to read the clipboard data

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_007A8014 GetClipboardData,

0_2_007A8014

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00504BD0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00504BD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0059CDA0 MapVirtualKeyA,MapVirtualKeyA,MapVirtualKeyA,ToAscii,ToAscii,GetKeyState,GetKeyState,GetKeyState,ToAscii,VkKeyScanA,MapVirtualKeyA,ToAscii,		0_2_0059CDA0

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00668140: GetLastError,memset,DeviceIoControl,CloseHandle,GetLastError,CloseHandle,

0_2_00668140

Detected potential crypto function

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005402D0	0_2_005402D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006283B0	0_2_006283B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E8470	0_2_004E8470
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006085B0	0_2_006085B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00530640	0_2_00530640
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006347D0	0_2_006347D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00508A30	0_2_00508A30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DCAD0	0_2_005DCAD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B8C00	0_2_005B8C00
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00670D61	0_2_00670D61
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00618DA0	0_2_00618DA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005ECEC0	0_2_005ECEC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00569090	0_2_00569090
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005999B0	0_2_005999B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00625B80	0_2_00625B80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00635EC0	0_2_00635EC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006766E0	0_2_006766E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0060AAD0	0_2_0060AAD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DAC00	0_2_005DAC00
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E3000	0_2_004E3000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005EB270	0_2_005EB270
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0066B200	0_2_0066B200
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005BB420	0_2_005BB420
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005C35D0	0_2_005C35D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004EB770	0_2_004EB770
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006337F0	0_2_006337F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00543810	0_2_00543810
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006679F0	0_2_006679F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E7A10	0_2_005E7A10
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DFAC0	0_2_005DFAC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005EBA90	0_2_005EBA90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005F7C30	0_2_005F7C30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D7D50	0_2_005D7D50
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00683D40	0_2_00683D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00613EC0	0_2_00613EC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00608040	0_2_00608040
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00570010	0_2_00570010
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0065C000	0_2_0065C000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DC0F0	0_2_005DC0F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E4180	0_2_004E4180
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FC1B0	0_2_005FC1B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005AC260	0_2_005AC260
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00654290	0_2_00654290
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0059C350	0_2_0059C350
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006843F5	0_2_006843F5
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005383A0	0_2_005383A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B4540	0_2_005B4540
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E4530	0_2_005E4530
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006505D0	0_2_006505D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00510790	0_2_00510790
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006387A0	0_2_006387A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005A8780	0_2_005A8780
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005688D0	0_2_005688D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00544AF0	0_2_00544AF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00638AA0	0_2_00638AA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00684A90	0_2_00684A90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006E4A90	0_2_006E4A90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005CCB70	0_2_005CCB70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0066CB30	0_2_0066CB30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E4BF0	0_2_005E4BF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005A0C30	0_2_005A0C30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00594CD0	0_2_00594CD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00540D40	0_2_00540D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00560D40	0_2_00560D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00684E60	0_2_00684E60
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004F8E70	0_2_004F8E70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0053CEF0	0_2_0053CEF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00664ED0	0_2_00664ED0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00680ED0	0_2_00680ED0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00548EB0	0_2_00548EB0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00590EA0	0_2_00590EA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FCFD0	0_2_004FCFD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00644FA0	0_2_00644FA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0062CF80	0_2_0062CF80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0055D020	0_2_0055D020
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0066D0C0	0_2_0066D0C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D5130	0_2_005D5130
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E9190	0_2_005E9190
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006E52F0	0_2_006E52F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0052D300	0_2_0052D300
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00571320	0_2_00571320
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FD386	0_2_005FD386
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E5450	0_2_005E5450
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00529410	0_2_00529410
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00509430	0_2_00509430
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005654E0	0_2_005654E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D9570	0_2_005D9570
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B1650	0_2_005B1650
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00665630	0_2_00665630
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005AD6A0	0_2_005AD6A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00569750	0_2_00569750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E1750	0_2_005E1750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00619750	0_2_00619750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006117E0	0_2_006117E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006E57A0	0_2_006E57A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FD8CE	0_2_005FD8CE
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005AD8E0	0_2_005AD8E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006898B0	0_2_006898B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00641900	0_2_00641900
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00579AC0	0_2_00579AC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FDAE0	0_2_005FDAE0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B1A80	0_2_005B1A80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00535B60	0_2_00535B60
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FDC93	0_2_005FDC93
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00541D70	0_2_00541D70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D1F90	0_2_005D1F90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00516060	0_2_00516060
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0067A030	0_2_0067A030
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00596000	0_2_00596000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0056E170	0_2_0056E170
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00642130	0_2_00642130
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E61D0	0_2_005E61D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0062A1A0	0_2_0062A1A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0063A190	0_2_0063A190
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0057A220	0_2_0057A220
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005CE310	0_2_005CE310
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00586330	0_2_00586330
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0064E3A0	0_2_0064E3A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D63B0	0_2_005D63B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E6471	0_2_005E6471
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DA500	0_2_005DA500
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0067E5C0	0_2_0067E5C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0050A5E0	0_2_0050A5E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FE5F0	0_2_004FE5F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E2640	0_2_004E2640
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E26C0	0_2_005E26C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00576750	0_2_00576750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004EE7D0	0_2_004EE7D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00686850	0_2_00686850
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0067E8C0	0_2_0067E8C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D6900	0_2_005D6900
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005669C0	0_2_005669C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005729C0	0_2_005729C0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006E9610 appears 68 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006411B0 appears 223 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00632530 appears 176 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00640D00 appears 42 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006E96C8 appears 36 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00644F60 appears 37 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00644120 appears 51 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006416E0 appears 46 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006EF0F0 appears 40 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 0060C640 appears 44 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 004F5BE0 appears 48 times

PE file contains more sections than normal

Source: BRF6A1.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF1F5.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF662.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF215.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF43C.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF137.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF226.tmp.0.dr	Static PE information: Number of sections : 11 > 10
Source: BRF6C2.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF44D.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: HammerDB-4.11-Win-x64-Setup.exe	Static PE information: Number of sections : 12 > 10
Source: BRF322.tmp.0.dr	Static PE information: Number of sections : 11 > 10
Source: BRF651.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF246.tmp.0.dr	Static PE information: Number of sections : 16 > 10

Sample file is different than original file name gathered from version info

Source: HammerDB-4.11-Win-x64-Setup.exe	Binary or memory string: OriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesetup.exe8 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename 1 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C::maui::changeExecutableResources::windowsResourceOriginalFilename width 40 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ;::maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974569168.0000000005726000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978482877.000000001005A000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenametwapi64.dllD vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6::maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977099693.0000000006A6F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.doNotSerializeIfDefault vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 8windowsResourceOriginalFilename.doNotSerializeIfDefault vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.text vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %windowsResourceOriginalFilename.text vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.tip vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $windowsResourceOriginalFilename.tip vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.type vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %windowsResourceOriginalFilename.type vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.width vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &windowsResourceOriginalFilename.width vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.defaultValue vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -windowsResourceOriginalFilename.defaultValue vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.group vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &windowsResourceOriginalFilename.group vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974074634.0000000005364000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urceOriginalFilename {setup.exe} vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsSigningTimestampServerurceOriginalFilename {setup.exe} vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe

Source: classification engine

Classification label: sus24.evad.winEXE@1/13@0/0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_005047C0 CreateBitmap,GetDC,CreateDIBSection,ReleaseDC,GetLastError,FormatMessageA,MessageBoxA,LocalFree,

0_2_005047C0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00598490 FindResourceA,LoadResource,LockResource,memcpy,

0_2_00598490

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c

Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -start
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startline
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: full-stop
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startline must be less than or equal to -endline
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -address
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startdoctypedeclcommand
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startcdatasectioncommand
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startnamespacedeclcommand

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File read: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Jump to behavior

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: textshaping.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: certificate valid

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: HammerDB-4.11-Win-x64-Setup.exe

Static file information: File size 14564272 > 1048576

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x210400

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH

Source:

Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978443415.0000000010042000.00000002.00000001.01000000.00000005.sdmp

Binary contains a suspicious time stamp

Source: BRF226.tmp.0.dr

Static PE information: 0xA418A410 [Thu Mar 29 07:58:08 2057 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00506E30 LoadCursorA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,LoadIconA,

0_2_00506E30

PE file contains sections with non-standard names

Source: HammerDB-4.11-Win-x64-Setup.exe	Static PE information: section name: .xdata
Source: BRF662.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF662.tmp.0.dr	Static PE information: section name: /4
Source: BRF662.tmp.0.dr	Static PE information: section name: /19
Source: BRF662.tmp.0.dr	Static PE information: section name: /31
Source: BRF662.tmp.0.dr	Static PE information: section name: /45
Source: BRF662.tmp.0.dr	Static PE information: section name: /57
Source: BRF6A1.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /4
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /19
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /31
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /45
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /57
Source: BRF6C2.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /4
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /19
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /31
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /45
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /57
Source: BRF137.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF137.tmp.0.dr	Static PE information: section name: /4
Source: BRF137.tmp.0.dr	Static PE information: section name: /19
Source: BRF137.tmp.0.dr	Static PE information: section name: /31
Source: BRF137.tmp.0.dr	Static PE information: section name: /45
Source: BRF137.tmp.0.dr	Static PE information: section name: /57
Source: BRF1F5.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /4
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /19
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /31
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /45
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /57
Source: BRF215.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF215.tmp.0.dr	Static PE information: section name: /4
Source: BRF215.tmp.0.dr	Static PE information: section name: /19
Source: BRF215.tmp.0.dr	Static PE information: section name: /31
Source: BRF215.tmp.0.dr	Static PE information: section name: /45
Source: BRF215.tmp.0.dr	Static PE information: section name: /57
Source: BRF226.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF246.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF246.tmp.0.dr	Static PE information: section name: /4
Source: BRF246.tmp.0.dr	Static PE information: section name: /19
Source: BRF246.tmp.0.dr	Static PE information: section name: /31
Source: BRF246.tmp.0.dr	Static PE information: section name: /45
Source: BRF246.tmp.0.dr	Static PE information: section name: /57
Source: BRF322.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF43C.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF43C.tmp.0.dr	Static PE information: section name: /4
Source: BRF43C.tmp.0.dr	Static PE information: section name: /19
Source: BRF43C.tmp.0.dr	Static PE information: section name: /31
Source: BRF43C.tmp.0.dr	Static PE information: section name: /45
Source: BRF43C.tmp.0.dr	Static PE information: section name: /57
Source: BRF44D.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF44D.tmp.0.dr	Static PE information: section name: /4
Source: BRF44D.tmp.0.dr	Static PE information: section name: /19
Source: BRF44D.tmp.0.dr	Static PE information: section name: /31
Source: BRF44D.tmp.0.dr	Static PE information: section name: /45
Source: BRF44D.tmp.0.dr	Static PE information: section name: /57
Source: BRF651.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF651.tmp.0.dr	Static PE information: section name: /4
Source: BRF651.tmp.0.dr	Static PE information: section name: /19
Source: BRF651.tmp.0.dr	Static PE information: section name: /31
Source: BRF651.tmp.0.dr	Static PE information: section name: /45
Source: BRF651.tmp.0.dr	Static PE information: section name: /57

Drops PE files

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_006688D0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,strchr,FreeLibrary,FreeLibrary,GetPrivateProfileStringA,GetWindowsDirectoryW,GetWindowsDirectoryA,lstrlenW,

0_2_006688D0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00506900 IsIconic,IsZoomed,AdjustWindowRectEx,SendMessageA,SendMessageA,SendMessageA,GetSystemMetrics,MoveWindow,GetClientRect,MoveWindow,GetWindowRect,DrawMenuBar,MoveWindow,

0_2_00506900

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00660B70 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_00660B70

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006692F0 FindFirstFileW,FindClose,wcslen,GetFileAttributesA,FindFirstFileA,FindClose,GetFileAttributesA,		0_2_006692F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00665390 GetLastError,GetLastError,GetLastError,strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,		0_2_00665390

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00660AB0 GetSystemInfo,VirtualQuery,

0_2_00660AB0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\	Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder\
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud VMware InstallBuilderi avatud l
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Testversion des VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a Open Source do VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en evalueringsversion af VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973625096.000000000504C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lappend Btvxo /Library/Java/JavaVirtualMachines//Home/bin/java /Library/Java/JavaVirtualMachines//*/Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ]Luotu VMware InstallBuilderin kokeiluversiollanstallBuilderin kokeiluversiolla
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o licenta Open Source a VMware InstallBuilder pentru %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ? ponownie teraz? VMware InstallBuilder dla %1$s si
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: icon programa VMware InstallBuilderCompleted=Asennus onnistui
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderX
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: set uLHWW com.vmware.installbuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware Ins
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: el VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een evaluatieversie van VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977514080.0000000006D73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /VMware InstallBuilder Multiplatform Enterprise
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuildere opciones disponibles
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderackageNametrycription</
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975410805.0000000005D6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: if {[string match BITROCKOEM [$licenseInfo cget -organization]] \|\| [string match VMWAREOEM [$licenseInfo cget -organization]]} {
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-ap
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder, Copyright %s-%s VMware, Inc.</string>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: testovacou verziou programu VMware InstallBuilderz
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ico VMware InstallBuilderja
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rama VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: i obert el VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilderr.ParameterFileNotValid=The specified path\n%1$s\nis not afile
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _Tervetuloa tuotteen %1$s ohjattuun asennukseen.ohjattuun asennukseen.erto de VMware InstallBilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilder%d / %d
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ler.EvaluationVersion.Text=VMware InstallBuilder'in deneme
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977966800.00000000070D2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder'in deneme s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce do VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin %1$s-version avoimen l
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ncia de codi obert del VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una licenza Open Source di VMware InstallBuilder per %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: u VMware InstallBuilder pre %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilderInstaller.DownloadComponents.ProgressMeter=T
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: gCrewyd gyda fersiwn gwerthuso VMware InstallBuilder`cQ
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tu VMware InstallBuilder priek
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Installerler.EvaluationVersion.Text=VMware InstallBuilder'in deneme t
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde pour %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /Library/Java/JavaVirtualMachines///Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971805242.0000000004647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: value1VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rograma VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977052179.0000000006A35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sOnly available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: licencji Open Source programu VMware InstallBuilder dla %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: on VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976069677.00000000061D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cget -organization]] \|\| [string match VMWAREOEM [$li
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: on VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tip {Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programa VMware InstallBuilderParameterFileDoesNotExist=Nid yw ffil \n%1$s\nyn bod
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ation de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971805242.0000000004647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programa VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972155954.00000000047DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Ins
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programaVMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urim i hapur i VMware InstallBuilder p
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: About VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: oLoodud kasutades VMware InstallBuilderi prooviversiooni`
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975031683.0000000005A80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: icon programa VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: pod licenciou Open Source programu VMware InstallBuilder pre %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder des abschlie
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: proc Kt_LQ {EOTnn mxtLu DlVtN jXCBl {runAsAdmin 0} {brGJd 0} {osxPlatforms {osx-intel osx-x86_64 osx-ppc osx-10.2}} {uLHWW com.vmware.installbuilder.installer} {cYjJt 1} {version 3.0}} {
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBui
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\%2$sntuk %1$sVMware InstallBuilder unuk %1$s ?
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$sr.Error.DirectoryToUnpack=Nelze nal
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uLHWW com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga %1su VMware InstallBuilder pre %1$sue
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rograma VMware InstallBuilder za %1$suencia de
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976757813.000000000677E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e.zi VMware InstallBuilder pro %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971696782.0000000004605000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "VMware InstallBuilder HTTP Client
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilderproxy.username=Nome utente:
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin kokeiluversiolla
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n VMware InstallBuilder-in A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: testovacou verziou programu VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-a
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder programmasyny
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWAREOEM
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976069677.00000000061D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::environment::jOL_v cget -organization]] \|\| [string match VMWAREOEM [$li
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Crewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o versiune de evaluare VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder pentru %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sGemaakt met een evaluatieversie van VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: yIzdelano z odprtokodno licenco VMware InstallBuilder za %1$snloadComponents.Details=%1$s KB / %2$s KB prenesen. %3$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan versi evaluasi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975031683.0000000005A80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer`
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976728842.000000000673B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder Open Source licenc
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eDibuat dengan versi evaluasi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976128203.0000000006217000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ion av VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: des VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga Burim i hapur i VMware InstallBuilder p
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976757813.000000000677E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: erto de VMware InstallB
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wOprettet med en evalueringsversion af VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnak %1$s-(e)rako kode irekiko lizentziarekin irekitzen da
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izveidots ar VMware InstallBuilder izm
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilderintreg sistemul pot fi create numai de catre un administrtornten die u niet wilt verwijderen. Klik op Volgende als u klaar bent om door te gaan.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ation de VMware InstallBuilders
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnaren ebaluazio-bertsioarekin sortu da
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972155954.00000000047DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UFout bij wijzigen groep van %1$s naar %2$sigen groep van %1$s naar %2$s VMware InsallBuilder voor %1$ssize
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreiran sa Open Source licencom od VMware InstallBuilder-a za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware InsallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder %1$s.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuildern ble ikke modifisertere
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970566184.00000000038E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <product>VMware InstallBuilder Multiplatform Enterprise</product>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uIzveidots ar VMware InstallBuilder izm
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::Dpj2f::Z71sd /Library/Java/JavaVirtualMachines///Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sKreirano sa evaluacionom verzijom VMware InstallBuilder-an=Biranje sajta na kome se nalazi datoteka
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971696782.0000000004605000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder HTTP Client
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uVMware InstallBuilder synag go
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rama VMware InstallBuilderation.reatingLi
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izdelano z odprtokodno licenco VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder un
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$staessa asennuksen poistoa edelt
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2968944004.0000000000E47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977514080.0000000006D73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Multiplatform Enterprise
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kCreat cu o versiune de evaluare VMware InstallBuilder@T
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977052179.0000000006A35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilderr.DownloadComponents.Details=Pobrano: %1$s KB / %2$s KB. %3$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976310211.00000000063A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: llicens av VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder pr
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an evaluation version of VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976728842.000000000673B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qErstellt mit einer Testversion des VMware InstallBuilder an
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c osx-10.2}uLHWW com.vmware.installbuilder.installercYjJt 1version 3.0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$sn.Unzipping=Extrakce kompromovan
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan lisensi Sumber Terbuka VMware InstallBuilder untuk %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Open Source Lizenz von VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a Open Source do VMware InstallBuilder para %1$syn angehrheidiol: %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder'in A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976128203.0000000006217000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt . {About VMware InstallBuilder} {}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737844318.0000000003DFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: defaultValue {VMware InstallBuilder}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder</string>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud kasutades VMware InstallBuilderi prooviversiooni
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder-in s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: About VMware InstallBuilderf
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder synag go

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00506E30 LoadCursorA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,LoadIconA,

0_2_00506E30

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00668D20 GetFileAttributesW,GetFileSecurityW,GetLastError,GetLastError,GetSecurityDescriptorOwner,GetSidIdentifierAuthority,memcmp,HeapFree,GetProcessHeap,HeapAlloc,GetFileSecurityW,GetLastError,HeapFree,CloseHandle,GetLastError,GetLastError,ImpersonateSelf,GetCurrentThread,RevertToSelf,HeapFree,CloseHandle,

0_2_00668D20

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_004E11B0 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,GetStartupInfoA,

0_2_004E11B0

Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute progman progman [format {[ShowGroup("%s",6)]} $tCByq]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::UCmrK::Bidth]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972666707.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738685573.0000000004BA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,,,,,"%s")]} $Dwy2A $LBLLO $name $n1aXo]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972598089.0000000004B06000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: te PROGMAN PROGMAN
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972666707.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738685573.0000000004BA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,"%s",,,,"%s")]} $Dwy2A $LBLLO $name $WfzhF $n1aXo]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974473083.00000000056A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[CreateGroup("%s")]} $tCByq]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: catch {dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $tCByq]}

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00661150 cpuid

0_2_00661150

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,GetClipboardData,GlobalLock,GlobalLock,GetLocaleInfoA,GlobalUnlock,GetClipboardData,CloseClipboard,GetClipboardData,GlobalLock,GlobalUnlock,

0_2_004FD6D0

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the product ID of Windows

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Queries volume information: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Queries volume information: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior

Queries time zone information

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias

Jump to behavior

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_006709D0 GetSystemTimeAsFileTime,GetSystemTimeAsFileTime,QueryPerformanceCounter,QueryPerformanceCounter,QueryPerformanceFrequency,SetEvent,LeaveCriticalSection,WaitForSingleObjectEx,EnterCriticalSection,WaitForSingleObjectEx,QueryPerformanceCounter,GetSystemTimeAsFileTime,EnterCriticalSection,LeaveCriticalSection,

0_2_006709D0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_006712C0 getenv,strlen,strlen,GetTimeZoneInformation,

0_2_006712C0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_0066A450 GetVersionExA,GetSystemInfo,wsprintfA,

0_2_0066A450

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00505390 GetRunningObjectTable,CreateBindCtx,CreateFileMoniker,CreateFileMoniker,CreateFileMoniker,FormatMessageA,strrchr,strlen,LocalFree,wsprintfA,

0_2_00505390

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: certificate valid

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH

Source:

Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978443415.0000000010042000.00000002.00000001.01000000.00000005.sdmp

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006692F0 FindFirstFileW,FindClose,wcslen,GetFileAttributesA,FindFirstFileA,FindClose,GetFileAttributesA,		0_2_006692F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00665390 GetLastError,GetLastError,GetLastError,strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,		0_2_00665390

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\	Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspx
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970716861.0000000003A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspx
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970921782.0000000003BAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.php
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpller.Er
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpsions
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971887861.0000000004689000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://msdn.mic
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.micr
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970677052.00000000039E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.microsoft.co
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tcl.sf.net
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01StylenableTimes
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01r
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975437104.0000000005DB5000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738104902.0000000005DB1000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975359927.0000000005D2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tkcon.sourceforge.net/
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975319549.0000000005CEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://update.bitrock.com/api/1_0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973541631.000000000500A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.activestate.com/tcl/
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970769892.0000000003A68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970992119.0000000003C37000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/character-sets
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970952747.0000000003BF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tdom.org
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725735363.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726442644.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727334799.0000000002C97000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971264298.0000000003DC4000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1726204738.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727124664.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1725487379.0000000002CA7000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1727217782.0000000002CAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_005103E0 GetClipboardOwner,OpenClipboard,EmptyClipboard,CloseClipboard,

0_2_005103E0

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_007A8204 SetClipboardData,	0_2_007A8204
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FD670 OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,SetClipboardData,	0_2_004FD670
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FDA40 GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,	0_2_004FDA40

Contains functionality to read the clipboard data

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_007A8014 GetClipboardData,

0_2_007A8014

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00504BD0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00504BD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0059CDA0 MapVirtualKeyA,MapVirtualKeyA,MapVirtualKeyA,ToAscii,ToAscii,GetKeyState,GetKeyState,GetKeyState,ToAscii,VkKeyScanA,MapVirtualKeyA,ToAscii,		0_2_0059CDA0

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00668140: GetLastError,memset,DeviceIoControl,CloseHandle,GetLastError,CloseHandle,

0_2_00668140

Detected potential crypto function

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005402D0	0_2_005402D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006283B0	0_2_006283B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E8470	0_2_004E8470
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006085B0	0_2_006085B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00530640	0_2_00530640
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006347D0	0_2_006347D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00508A30	0_2_00508A30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DCAD0	0_2_005DCAD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B8C00	0_2_005B8C00
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00670D61	0_2_00670D61
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00618DA0	0_2_00618DA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005ECEC0	0_2_005ECEC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00569090	0_2_00569090
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005999B0	0_2_005999B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00625B80	0_2_00625B80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00635EC0	0_2_00635EC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006766E0	0_2_006766E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0060AAD0	0_2_0060AAD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DAC00	0_2_005DAC00
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E3000	0_2_004E3000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005EB270	0_2_005EB270
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0066B200	0_2_0066B200
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005BB420	0_2_005BB420
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005C35D0	0_2_005C35D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004EB770	0_2_004EB770
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006337F0	0_2_006337F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00543810	0_2_00543810
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006679F0	0_2_006679F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E7A10	0_2_005E7A10
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DFAC0	0_2_005DFAC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005EBA90	0_2_005EBA90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005F7C30	0_2_005F7C30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D7D50	0_2_005D7D50
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00683D40	0_2_00683D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00613EC0	0_2_00613EC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00608040	0_2_00608040
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00570010	0_2_00570010
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0065C000	0_2_0065C000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DC0F0	0_2_005DC0F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E4180	0_2_004E4180
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FC1B0	0_2_005FC1B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005AC260	0_2_005AC260
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00654290	0_2_00654290
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0059C350	0_2_0059C350
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006843F5	0_2_006843F5
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005383A0	0_2_005383A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B4540	0_2_005B4540
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E4530	0_2_005E4530
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006505D0	0_2_006505D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00510790	0_2_00510790
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006387A0	0_2_006387A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005A8780	0_2_005A8780
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005688D0	0_2_005688D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00544AF0	0_2_00544AF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00638AA0	0_2_00638AA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00684A90	0_2_00684A90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006E4A90	0_2_006E4A90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005CCB70	0_2_005CCB70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0066CB30	0_2_0066CB30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E4BF0	0_2_005E4BF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005A0C30	0_2_005A0C30
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00594CD0	0_2_00594CD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00540D40	0_2_00540D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00560D40	0_2_00560D40
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00684E60	0_2_00684E60
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004F8E70	0_2_004F8E70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0053CEF0	0_2_0053CEF0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00664ED0	0_2_00664ED0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00680ED0	0_2_00680ED0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00548EB0	0_2_00548EB0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00590EA0	0_2_00590EA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FCFD0	0_2_004FCFD0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00644FA0	0_2_00644FA0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0062CF80	0_2_0062CF80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0055D020	0_2_0055D020
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0066D0C0	0_2_0066D0C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D5130	0_2_005D5130
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E9190	0_2_005E9190
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006E52F0	0_2_006E52F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0052D300	0_2_0052D300
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00571320	0_2_00571320
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FD386	0_2_005FD386
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E5450	0_2_005E5450
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00529410	0_2_00529410
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00509430	0_2_00509430
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005654E0	0_2_005654E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D9570	0_2_005D9570
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B1650	0_2_005B1650
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00665630	0_2_00665630
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005AD6A0	0_2_005AD6A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00569750	0_2_00569750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E1750	0_2_005E1750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00619750	0_2_00619750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006117E0	0_2_006117E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006E57A0	0_2_006E57A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FD8CE	0_2_005FD8CE
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005AD8E0	0_2_005AD8E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006898B0	0_2_006898B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00641900	0_2_00641900
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00579AC0	0_2_00579AC0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FDAE0	0_2_005FDAE0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005B1A80	0_2_005B1A80
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00535B60	0_2_00535B60
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005FDC93	0_2_005FDC93
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00541D70	0_2_00541D70
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D1F90	0_2_005D1F90
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00516060	0_2_00516060
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0067A030	0_2_0067A030
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00596000	0_2_00596000
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0056E170	0_2_0056E170
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00642130	0_2_00642130
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E61D0	0_2_005E61D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0062A1A0	0_2_0062A1A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0063A190	0_2_0063A190
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0057A220	0_2_0057A220
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005CE310	0_2_005CE310
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00586330	0_2_00586330
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0064E3A0	0_2_0064E3A0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D63B0	0_2_005D63B0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E6471	0_2_005E6471
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005DA500	0_2_005DA500
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0067E5C0	0_2_0067E5C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0050A5E0	0_2_0050A5E0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004FE5F0	0_2_004FE5F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004E2640	0_2_004E2640
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005E26C0	0_2_005E26C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00576750	0_2_00576750
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_004EE7D0	0_2_004EE7D0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00686850	0_2_00686850
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_0067E8C0	0_2_0067E8C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005D6900	0_2_005D6900
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005669C0	0_2_005669C0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_005729C0	0_2_005729C0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006E9610 appears 68 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006411B0 appears 223 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00632530 appears 176 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00640D00 appears 42 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006E96C8 appears 36 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00644F60 appears 37 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 00644120 appears 51 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006416E0 appears 46 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 006EF0F0 appears 40 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 0060C640 appears 44 times
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: String function: 004F5BE0 appears 48 times

PE file contains more sections than normal

Source: BRF6A1.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF1F5.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF662.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF215.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF43C.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF137.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF226.tmp.0.dr	Static PE information: Number of sections : 11 > 10
Source: BRF6C2.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF44D.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: HammerDB-4.11-Win-x64-Setup.exe	Static PE information: Number of sections : 12 > 10
Source: BRF322.tmp.0.dr	Static PE information: Number of sections : 11 > 10
Source: BRF651.tmp.0.dr	Static PE information: Number of sections : 16 > 10
Source: BRF246.tmp.0.dr	Static PE information: Number of sections : 16 > 10

Sample file is different than original file name gathered from version info

Source: HammerDB-4.11-Win-x64-Setup.exe	Binary or memory string: OriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2968759853.00000000007AD000.00000008.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesetup.exe8 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738750640.0000000006996000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::changeExecutableResources::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename 1 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972742598.0000000004C2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C::maui::changeExecutableResources::windowsResourceOriginalFilename width 40 vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ;::maui::autoUpdateProject::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974682405.00000000057EC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974569168.0000000005726000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978482877.000000001005A000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenametwapi64.dllD vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974596976.0000000005768000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6::maui::javaLauncher::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977099693.0000000006A6F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.doNotSerializeIfDefault vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 8windowsResourceOriginalFilename.doNotSerializeIfDefault vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.text vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %windowsResourceOriginalFilename.text vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.tip vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $windowsResourceOriginalFilename.tip vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.type vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %windowsResourceOriginalFilename.type vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.width vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &windowsResourceOriginalFilename.width vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.defaultValue vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -windowsResourceOriginalFilename.defaultValue vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename.group vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &windowsResourceOriginalFilename.group vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977022648.00000000069D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974796359.0000000005870000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974074634.0000000005364000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urceOriginalFilename {setup.exe} vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsSigningTimestampServerurceOriginalFilename {setup.exe} vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974711567.000000000582E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::L70wM::windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: } windowsResourceOriginalFilename { vs HammerDB-4.11-Win-x64-Setup.exe
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: windowsResourceOriginalFilename vs HammerDB-4.11-Win-x64-Setup.exe

Source: classification engine

Classification label: sus24.evad.winEXE@1/13@0/0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_005047C0 CreateBitmap,GetDC,CreateDIBSection,ReleaseDC,GetLastError,FormatMessageA,MessageBoxA,LocalFree,

0_2_005047C0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00598490 FindResourceA,LoadResource,LockResource,memcpy,

0_2_00598490

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c

Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -start
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startline
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: full-stop
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startline must be less than or equal to -endline
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -address
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startdoctypedeclcommand
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startcdatasectioncommand
Source: HammerDB-4.11-Win-x64-Setup.exe	String found in binary or memory: -startnamespacedeclcommand

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File read: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Jump to behavior

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Section loaded: textshaping.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: certificate valid

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: HammerDB-4.11-Win-x64-Setup.exe

Static file information: File size 14564272 > 1048576

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x210400

Source: HammerDB-4.11-Win-x64-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH

Source:

Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2978443415.0000000010042000.00000002.00000001.01000000.00000005.sdmp

Binary contains a suspicious time stamp

Source: BRF226.tmp.0.dr

Static PE information: 0xA418A410 [Thu Mar 29 07:58:08 2057 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00506E30 LoadCursorA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,LoadIconA,

0_2_00506E30

PE file contains sections with non-standard names

Source: HammerDB-4.11-Win-x64-Setup.exe	Static PE information: section name: .xdata
Source: BRF662.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF662.tmp.0.dr	Static PE information: section name: /4
Source: BRF662.tmp.0.dr	Static PE information: section name: /19
Source: BRF662.tmp.0.dr	Static PE information: section name: /31
Source: BRF662.tmp.0.dr	Static PE information: section name: /45
Source: BRF662.tmp.0.dr	Static PE information: section name: /57
Source: BRF6A1.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /4
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /19
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /31
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /45
Source: BRF6A1.tmp.0.dr	Static PE information: section name: /57
Source: BRF6C2.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /4
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /19
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /31
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /45
Source: BRF6C2.tmp.0.dr	Static PE information: section name: /57
Source: BRF137.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF137.tmp.0.dr	Static PE information: section name: /4
Source: BRF137.tmp.0.dr	Static PE information: section name: /19
Source: BRF137.tmp.0.dr	Static PE information: section name: /31
Source: BRF137.tmp.0.dr	Static PE information: section name: /45
Source: BRF137.tmp.0.dr	Static PE information: section name: /57
Source: BRF1F5.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /4
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /19
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /31
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /45
Source: BRF1F5.tmp.0.dr	Static PE information: section name: /57
Source: BRF215.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF215.tmp.0.dr	Static PE information: section name: /4
Source: BRF215.tmp.0.dr	Static PE information: section name: /19
Source: BRF215.tmp.0.dr	Static PE information: section name: /31
Source: BRF215.tmp.0.dr	Static PE information: section name: /45
Source: BRF215.tmp.0.dr	Static PE information: section name: /57
Source: BRF226.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF246.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF246.tmp.0.dr	Static PE information: section name: /4
Source: BRF246.tmp.0.dr	Static PE information: section name: /19
Source: BRF246.tmp.0.dr	Static PE information: section name: /31
Source: BRF246.tmp.0.dr	Static PE information: section name: /45
Source: BRF246.tmp.0.dr	Static PE information: section name: /57
Source: BRF322.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF43C.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF43C.tmp.0.dr	Static PE information: section name: /4
Source: BRF43C.tmp.0.dr	Static PE information: section name: /19
Source: BRF43C.tmp.0.dr	Static PE information: section name: /31
Source: BRF43C.tmp.0.dr	Static PE information: section name: /45
Source: BRF43C.tmp.0.dr	Static PE information: section name: /57
Source: BRF44D.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF44D.tmp.0.dr	Static PE information: section name: /4
Source: BRF44D.tmp.0.dr	Static PE information: section name: /19
Source: BRF44D.tmp.0.dr	Static PE information: section name: /31
Source: BRF44D.tmp.0.dr	Static PE information: section name: /45
Source: BRF44D.tmp.0.dr	Static PE information: section name: /57
Source: BRF651.tmp.0.dr	Static PE information: section name: .xdata
Source: BRF651.tmp.0.dr	Static PE information: section name: /4
Source: BRF651.tmp.0.dr	Static PE information: section name: /19
Source: BRF651.tmp.0.dr	Static PE information: section name: /31
Source: BRF651.tmp.0.dr	Static PE information: section name: /45
Source: BRF651.tmp.0.dr	Static PE information: section name: /57

Drops PE files

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

0_2_006688D0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00506900 IsIconic,IsZoomed,AdjustWindowRectEx,SendMessageA,SendMessageA,SendMessageA,GetSystemMetrics,MoveWindow,GetClientRect,MoveWindow,GetWindowRect,DrawMenuBar,MoveWindow,

0_2_00506900

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

0_2_00660B70

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_006692F0 FindFirstFileW,FindClose,wcslen,GetFileAttributesA,FindFirstFileA,FindClose,GetFileAttributesA,		0_2_006692F0
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Code function: 0_2_00665390 GetLastError,GetLastError,GetLastError,strlen,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,		0_2_00665390

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00660AB0 GetSystemInfo,VirtualQuery,

0_2_00660AB0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	File opened: C:\Users\user\	Jump to behavior

Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder\
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud VMware InstallBuilderi avatud l
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Testversion des VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a Open Source do VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en evalueringsversion af VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2973625096.000000000504C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lappend Btvxo /Library/Java/JavaVirtualMachines//Home/bin/java /Library/Java/JavaVirtualMachines//*/Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ]Luotu VMware InstallBuilderin kokeiluversiollanstallBuilderin kokeiluversiolla
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o licenta Open Source a VMware InstallBuilder pentru %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ? ponownie teraz? VMware InstallBuilder dla %1$s si
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: icon programa VMware InstallBuilderCompleted=Asennus onnistui
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737977081.0000000005503000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderX
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974624771.00000000057AA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: set uLHWW com.vmware.installbuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware Ins
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: el VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een evaluatieversie van VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977514080.0000000006D73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /VMware InstallBuilder Multiplatform Enterprise
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuildere opciones disponibles
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderackageNametrycription</
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975410805.0000000005D6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: if {[string match BITROCKOEM [$licenseInfo cget -organization]] \|\| [string match VMWAREOEM [$licenseInfo cget -organization]]} {
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-ap
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder, Copyright %s-%s VMware, Inc.</string>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: testovacou verziou programu VMware InstallBuilderz
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ico VMware InstallBuilderja
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rama VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: i obert el VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilderr.ParameterFileNotValid=The specified path\n%1$s\nis not afile
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _Tervetuloa tuotteen %1$s ohjattuun asennukseen.ohjattuun asennukseen.erto de VMware InstallBilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilder%d / %d
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ler.EvaluationVersion.Text=VMware InstallBuilder'in deneme
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977966800.00000000070D2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder'in deneme s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce do VMware InstallBuilder para %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin %1$s-version avoimen l
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ncia de codi obert del VMware InstallBuilder per a %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una licenza Open Source di VMware InstallBuilder per %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: u VMware InstallBuilder pre %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilderInstaller.DownloadComponents.ProgressMeter=T
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: gCrewyd gyda fersiwn gwerthuso VMware InstallBuilder`cQ
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tu VMware InstallBuilder priek
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Installerler.EvaluationVersion.Text=VMware InstallBuilder'in deneme t
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde pour %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /Library/Java/JavaVirtualMachines///Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971805242.0000000004647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: value1VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rograma VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977052179.0000000006A35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sOnly available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: licencji Open Source programu VMware InstallBuilder dla %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: on VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976069677.00000000061D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cget -organization]] \|\| [string match VMWAREOEM [$li
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: on VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974374989.000000000550A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tip {Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programa VMware InstallBuilderParameterFileDoesNotExist=Nid yw ffil \n%1$s\nyn bod
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ation de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971805242.0000000004647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976992540.0000000006994000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programa VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972155954.00000000047DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Ins
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programaVMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urim i hapur i VMware InstallBuilder p
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: About VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: oLoodud kasutades VMware InstallBuilderi prooviversiooni`
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975031683.0000000005A80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: icon programa VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: pod licenciou Open Source programu VMware InstallBuilder pre %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder des abschlie
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: proc Kt_LQ {EOTnn mxtLu DlVtN jXCBl {runAsAdmin 0} {brGJd 0} {osxPlatforms {osx-intel osx-x86_64 osx-ppc osx-10.2}} {uLHWW com.vmware.installbuilder.installer} {cYjJt 1} {version 3.0}} {
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBui
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\%2$sntuk %1$sVMware InstallBuilder unuk %1$s ?
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$sr.Error.DirectoryToUnpack=Nelze nal
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uLHWW com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga %1su VMware InstallBuilder pre %1$sue
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rograma VMware InstallBuilder za %1$suencia de
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976757813.000000000677E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e.zi VMware InstallBuilder pro %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971696782.0000000004605000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "VMware InstallBuilder HTTP Client
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilderproxy.username=Nome utente:
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin kokeiluversiolla
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n VMware InstallBuilder-in A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: testovacou verziou programu VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-a
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder programmasyny
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWAREOEM
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976069677.00000000061D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::environment::jOL_v cget -organization]] \|\| [string match VMWAREOEM [$li
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Crewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o versiune de evaluare VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder pentru %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sGemaakt met een evaluatieversie van VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: yIzdelano z odprtokodno licenco VMware InstallBuilder za %1$snloadComponents.Details=%1$s KB / %2$s KB prenesen. %3$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan versi evaluasi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour%1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2975031683.0000000005A80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer`
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976728842.000000000673B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder Open Source licenc
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $com.vmware.installbuilder.installer
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eDibuat dengan versi evaluasi VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976128203.0000000006217000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ion av VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: des VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga Burim i hapur i VMware InstallBuilder p
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976757813.000000000677E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: erto de VMware InstallB
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wOprettet med en evalueringsversion af VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnak %1$s-(e)rako kode irekiko lizentziarekin irekitzen da
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izveidots ar VMware InstallBuilder izm
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilderintreg sistemul pot fi create numai de catre un administrtornten die u niet wilt verwijderen. Klik op Volgende als u klaar bent om door te gaan.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ation de VMware InstallBuilders
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnaren ebaluazio-bertsioarekin sortu da
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972155954.00000000047DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UFout bij wijzigen groep van %1$s naar %2$sigen groep van %1$s naar %2$s VMware InsallBuilder voor %1$ssize
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreiran sa Open Source licencom od VMware InstallBuilder-a za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware InsallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder %1$s.
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuildern ble ikke modifisertere
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2970566184.00000000038E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <product>VMware InstallBuilder Multiplatform Enterprise</product>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uIzveidots ar VMware InstallBuilder izm
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::Dpj2f::Z71sd /Library/Java/JavaVirtualMachines///Home/bin/java
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sKreirano sa evaluacionom verzijom VMware InstallBuilder-an=Biranje sajta na kome se nalazi datoteka
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2971696782.0000000004605000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder HTTP Client
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uVMware InstallBuilder synag go
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rama VMware InstallBuilderation.reatingLi
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izdelano z odprtokodno licenco VMware InstallBuilder za %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976933791.0000000006910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder un
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976844022.0000000006847000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$staessa asennuksen poistoa edelt
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware I
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2968944004.0000000000E47000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977514080.0000000006D73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Multiplatform Enterprise
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kCreat cu o versiune de evaluare VMware InstallBuilder@T
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976612912.0000000006630000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2977052179.0000000006A35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilderr.DownloadComponents.Details=Pobrano: %1$s KB / %2$s KB. %3$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976310211.00000000063A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: llicens av VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder pr
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an evaluation version of VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976728842.000000000673B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder for %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976700838.00000000066F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qErstellt mit einer Testversion des VMware InstallBuilder an
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972013734.00000000046CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: c osx-10.2}uLHWW com.vmware.installbuilder.installercYjJt 1version 3.0
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976786230.00000000067C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$sn.Unzipping=Extrakce kompromovan
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan lisensi Sumber Terbuka VMware InstallBuilder untuk %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Open Source Lizenz von VMware InstallBuilder f
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a Open Source do VMware InstallBuilder para %1$syn angehrheidiol: %1$s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976554381.00000000065B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976672091.00000000066B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976873493.0000000006889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder'in A
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976128203.0000000006217000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt . {About VMware InstallBuilder} {}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1737844318.0000000003DFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: defaultValue {VMware InstallBuilder}
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1731773093.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder</string>
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976642227.0000000006672000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud kasutades VMware InstallBuilderi prooviversiooni
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976902447.00000000068CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder-in s
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2969678933.0000000003313000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: About VMware InstallBuilderf
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2976963364.0000000006952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder synag go

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00506E30 LoadCursorA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,LoadIconA,

0_2_00506E30

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

0_2_00668D20

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_004E11B0 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,GetStartupInfoA,

0_2_004E11B0

Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute progman progman [format {[ShowGroup("%s",6)]} $tCByq]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972333287.0000000004922000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::UCmrK::Bidth]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972666707.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738685573.0000000004BA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,,,,,"%s")]} $Dwy2A $LBLLO $name $n1aXo]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972598089.0000000004B06000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: te PROGMAN PROGMAN
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2972666707.0000000004BA6000.00000004.00000020.00020000.00000000.sdmp, HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000003.1738685573.0000000004BA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,"%s",,,,"%s")]} $Dwy2A $LBLLO $name $WfzhF $n1aXo]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974473083.00000000056A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[CreateGroup("%s")]} $tCByq]
Source: HammerDB-4.11-Win-x64-Setup.exe, 00000000.00000002.2974501233.00000000056E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: catch {dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $tCByq]}

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00661150 cpuid

0_2_00661150

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

0_2_004FD6D0

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the product ID of Windows

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Queries volume information: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Queries volume information: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior

Queries time zone information

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias

Jump to behavior

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

0_2_006709D0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_006712C0 getenv,strlen,strlen,GetTimeZoneInformation,

0_2_006712C0

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_0066A450 GetVersionExA,GetSystemInfo,wsprintfA,

0_2_0066A450

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\HammerDB-4.11-Win-x64-Setup.exe

Code function: 0_2_00505390 GetRunningObjectTable,CreateBindCtx,CreateFileMoniker,CreateFileMoniker,CreateFileMoniker,FormatMessageA,strrchr,strlen,LocalFree,wsprintfA,

0_2_00505390

ID:	1523633
Product:	CloudBasic
Start time:	21:41:30
Start date:	01.10.2024
Sample:	HammerDB-4.11-Win-x64-Setup.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	0e108f1745add2b9c9e0be898a9f688f
SHA1:	d2335b8eeb9bd62cc146552a6c9d4a4f8ce03605
SHA256:	e6a3e905b9a96e542e12dd8868e6b3568a18a67c0448f68005b3e9adadde3c4b
Filetype:	Win64 Executable (generic) (12005/4) 74.95%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF137.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	D2E59EE980C15085BBE292082ABEC7E6	30154E439177235E768C6FC9C7E6D83E9320A80B	EB10D4D4B459F4BBAF611538ED8098C7FAD5A839495085F3363B3BF1050C4958
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1A6.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C3C4F3FE90E3B3B02BEA0E8DA3447ED2	7AC0F54119D2273A2CD261F1FE6C5667E9C486DF	3524EC77985E390ACF9D07D81B1B44305165D711BBCA770F7458EA0A78751F82
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF1F5.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	F62DD6CE51E19349EC1D1F2E88C4EF4D	60BD29538B4FECAF527BA8B7D92B7F32D2E72DDB	BE88244DA9FAAA6636A9D2F4C4249C08066A0B48359690B9B27A2B9ED47E093D
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF215.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	119E67E0B0ADD3F09AABBDE47A599E17	991C049D2466C5242F67E664159CB025F49E5C70	439416FCEBCF073600AF44A2FB83428896DC8F69120EE4A76EE490A6428D6C94
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF226.tmp	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	5FBC6BD806A8A6C460FACEEEA73BD7F7	4D1586A9631A72C3E1D75FB3C385DBD278804665	8033D1B3AF84D47D275E022608DA35BAAC16CF40D9607CA026A47B6CD65E6A97
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF246.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	51C675FC1EF0A62322052D3E86567C06	E295D0B668105D81F9180EF1056D0528E4B2116A	AAA3D7E589E9BE1911EEE5974AFA68C64AF1BBD5E039FF6A82A15C2B54C0F9F0
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF322.tmp	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	A56543B9CD3AA403311B49189D25851E	BD2609D35D4A967FE23EF4092B1DAA6F74A858AD	034756F772399552CD33605A189EE0E45D7947860E0D83EC12AA6DA1A5A42054
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF43C.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	9B299884420745D80C70BBA6B8A7F05A	195423185A7776E072A65FBABAE868C15F7B2F56	9426E96A97F41645FAB524385A852687792F99B505554B6B9809ED99451B2399
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF44D.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	54431791B0B31CCD0112486F542858A1	E628F2DC29D039D474F97FE67E562BD8798C6BA6	B382C74F532AB766C272ED11B107A3EF7C015CCA2E716243379058C084981332
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF651.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	2C8F6A964CA7761122F7DA22042462F4	290E48BF0F83B3F3832F69BB1EA0637ED4D8CCCA	9D6F2629AA5978DD6B87FE9BCE77A5CF0135B8DA2980A050579EB4E23A92F8FA
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF662.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	4640FD47F64BB72CB34DBAFEE65DBDDE	508C8713E06BA55588D41918C5A99308CB4B37A0	F02C4352EA80E1B476EB4754455AE684EFB4289D95EDF925E38BD3789F6EAD49
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6A1.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	7190ECF05EC3B297D6DED3E204399E95	5C085CBBBCC8686266ACFB318E75A38794625E88	49E2C502923DE5F89958DE86F1CC6F91E7DDAFE46D0F81BFB51A669627650E6E
C:\Users\user\AppData\Local\Temp\BRL00001c7c\BRF6C2.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	053A60F34C75CA0A4A821B46EAE86D31	EBCF9F84A393969655969C248C2D572D7A05541C	683F19A461948F4CCA2FBECE26949B34D6347DFF279EFECE983B9F64A868422C

Windows Analysis Report
HammerDB-4.11-Win-x64-Setup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Windows Analysis Report HammerDB-4.11-Win-x64-Setup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
HammerDB-4.11-Win-x64-Setup.exe