Windows Analysis Report
ArbExpress_V3.6_en_0703_066146106.exe

Overview

General Information

Sample name: ArbExpress_V3.6_en_0703_066146106.exe
Analysis ID: 1528662
MD5: e2e80e23d79df3609dcaee7c2d7c2e72
SHA1: 5318eef048fc22d2a027a1715658089c34c1d41d
SHA256: 5c9ab13b2956d8dfadde510ea37578d8a67a59aff8d40d7524c756e1b602db5f
Infos:

Detection

Score: 24
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Installs new ROOT certificates
PE file has a writeable .text section
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: ArbExpress_V3.6_en_0703_066146106.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Window detected: &Next >Cancel< &BackRelease NotesThe InstallShield Wizard will install Tektronix ArbExpress Software on your system. This program is subject to the accompanying Tektronix Software License Agreement.Welcome to the InstallShield Wizard for Tektronix ArbExpress Software.Click Next to continue with the setup program.To know more about what's new in this version of ArbExpress software click 'Release Notes'.
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Window detected: &Next >Cancel< &BackRelease NotesThe InstallShield Wizard will install Tektronix ArbExpress Software on your system. This program is subject to the accompanying Tektronix Software License Agreement.Welcome to the InstallShield Wizard for Tektronix ArbExpress Software.Click Next to continue with the setup program.To know more about what's new in this version of ArbExpress software click 'Release Notes'.
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\DotNetInstaller.exe.log Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll Jump to behavior
Source: Binary string: C:\CodeBases\isdev\Redist\Language Independent\x64\ISBEW64.pdb source: ISBEW64.exe, 00000003.00000000.2387483013.0000000140010000.00000002.00000001.01000000.00000009.sdmp, ISBEW64.exe, 00000003.00000002.3073858819.0000000140010000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: E.PDBF source: ArbExpress_V3.6_en_0703_066146106.exe
Source: Binary string: C:\projects\Perforce\tcong_PC-bej4-5RNY5Y2_ArbExpress\ArbExpress\ArbExpress\bin\Release\ArbFile.pdb source: ArbF5357.rra.0.dr
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData Jump to behavior
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)
Source: unknown DNS traffic detected: query: 197.87.175.4.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: 197.87.175.4.in-addr.arpa
Source: data1.hdr.0.dr String found in binary or memory: http://deviis4.installshield.com/NetNirvana/
Source: ArbExpress_V3.6_en_0703_066146106.exe String found in binary or memory: http://deviis4.installshield.com/NetNirvana/data2.cabDisk1
Source: dotnetinstaller.exe, 0000000A.00000002.2730293507.0000000004AB2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://fontawesome.ioWebfont
Source: dotnetinstaller.exe, 0000000A.00000002.2724965656.00000000005E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.veri
Source: 8f5b.rra.0.dr, setufd6.rra.0.dr, setup.ini1.0.dr, setup.ini.0.dr String found in binary or memory: http://www.Tektronix.com
Source: 8f5b.rra.0.dr String found in binary or memory: http://www.Tektronix.com/Measurement/cgi-bin/framed.pl?Document=/Measurement/signal_sources/home.htm
Source: ArbExpress_V3.6_en_0703_066146106.exe, data1.hdr.0.dr String found in binary or memory: http://www.Tektronix.comID_STRING30ID_STRING35ID_STRING31ID_STRING32ID_STRING33ID_STRING34
Source: dotnetinstaller.exe, 0000000A.00000002.2730293507.0000000004AB2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.devcomponents.com/dotnetbar/order.html
Source: dotnetinstaller.exe, 0000000A.00000002.2730293507.0000000004AB2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.devcomponents.comAmailto:support
Source: dotnetinstaller.exe, 0000000A.00000002.2730293507.0000000004AB2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.devcomponents.comKSystem.Windows.Forms.ContextMenuStrip
Source: dotnetinstaller.exe, 0000000A.00000002.2725795677.0000000000835000.00000004.00000020.00020000.00000000.sdmp, dotnetinstaller.exe, 0000000C.00000002.2752519143.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, dotnetinstaller.exe, 0000000E.00000002.2767514032.0000000000445000.00000004.00000020.00020000.00000000.sdmp, dotnetinstaller.exe, 00000010.00000002.2786766818.0000000000975000.00000004.00000020.00020000.00000000.sdmp, dotnetinstaller.exe, 00000012.00000002.2807797854.0000000000995000.00000004.00000020.00020000.00000000.sdmp, dotnetinstaller.exe, 00000014.00000002.2819852174.0000000000915000.00000004.00000020.00020000.00000000.sdmp, dotnetinstaller.exe, 00000016.00000002.2832409663.00000000004D5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.flexerasoftware.com0
Source: ArbExpress_V3.6_en_0703_066146106.exe, setufd6.rra.0.dr, setup.ini1.0.dr, setup.ini.0.dr String found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
Source: 8f5b.rra.0.dr String found in binary or memory: http://www.tek.com
Source: ArbE549f.rra.0.dr, ArbE5441.rra.0.dr String found in binary or memory: http://www.tek.com/contact)
Source: ArbExpress_V3.6_en_0703_066146106.exe String found in binary or memory: https://HuF.?AVfile_exception

System Summary
barindex
PE file has a writeable .text section
Source: ISSetup.dll.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isrt9045.rra.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSee7e.rra.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140001A00 3_2_0000000140001A00
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140004D40 3_2_0000000140004D40
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_000000014000961C 3_2_000000014000961C
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_000000014000DEA8 3_2_000000014000DEA8
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140004340 3_2_0000000140004340
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Code function: 12_2_0489525D 12_2_0489525D
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Code function: 16_2_049A2B91 16_2_049A2B91
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Code function: 16_2_049A68C3 16_2_049A68C3
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Code function: 20_2_0496496E 20_2_0496496E
PE file contains executable resources (Code or Archives)
Source: isrt9045.rra.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
PE file does not import any functions
Source: _isu9094.rra.0.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: ArbExpress_V3.6_en_0703_066146106.exe, 00000000.00000000.2029003323.00000000004B9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameInstallShield Setup.exeL vs ArbExpress_V3.6_en_0703_066146106.exe
Source: ArbExpress_V3.6_en_0703_066146106.exe Binary or memory string: OriginalFilenameInstallShield Setup.exeL vs ArbExpress_V3.6_en_0703_066146106.exe
Uses 32bit PE files
Source: ArbExpress_V3.6_en_0703_066146106.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: ISSetup.dll.0.dr Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isrt9045.rra.0.dr Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSee7e.rra.0.dr Static PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSetup.dll.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: isrt9045.rra.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: ISSee7e.rra.0.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engine Classification label: sus24.winEXE@31/292@2/0
Source: ArbE5441.rra.0.dr Initial sample: http://www.tek.com/contact
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140003230 CoCreateInstance, 3_2_0000000140003230
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140005870 LoadLibraryExW,FindResourceW,LoadResource,SizeofResource,MultiByteToWideChar,FreeLibrary, 3_2_0000000140005870
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\InstallShield Installation Information\ Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\Public\Desktop\ArbExpress Application.lnk Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2452:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1900:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:356:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1476:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3128:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4752:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6692:120:WilError_03
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Mutant created: \Sessions\1\BaseNamedObjects\5045756C-7552-4E48-B39F-C28A48E4EACD
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6360:120:WilError_03
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{3AC6FFEA-3778-4530-BBC2-4614DD352102}\ Jump to behavior
Source: ArbExpress_V3.6_en_0703_066146106.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File read: C:\Users\user\AppData\Local\Temp\{3AC6FFEA-3778-4530-BBC2-4614DD352102}\Disk1\setup.ini Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File read: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe "C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe"
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A3681F74-C246-4C16-9456-61CA4AC85351}
Source: unknown Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\DevComponents.DotNetBar2.dll"
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll"
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbExpress.exe"
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll"
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\DisplayComponent.dll"
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\PreviewComponent.dll"
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ScopeAcqPages.dll"
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe /c cacls "C:\Program Files (x86)\Tektronix\ArbExpress" /T /E /G Users:F
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cacls.exe cacls "C:\Program Files (x86)\Tektronix\ArbExpress" /T /E /G Users:F
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A3681F74-C246-4C16-9456-61CA4AC85351} Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\DevComponents.DotNetBar2.dll" Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll" Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbExpress.exe" Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll" Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\DisplayComponent.dll" Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\PreviewComponent.dll" Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe "C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\DotNetInstaller.exe" "C:\Program Files (x86)\Tektronix\ArbExpress\System\ScopeAcqPages.dll" Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe /c cacls "C:\Program Files (x86)\Tektronix\ArbExpress" /T /E /G Users:F Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cacls.exe cacls "C:\Program Files (x86)\Tektronix\ArbExpress" /T /E /G Users:F
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: lz32.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: spp.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: sxproxy.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: spp.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: srcore.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: ktmw32.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: wer.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: bcd.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: dsrole.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\System32\SrTasks.exe Section loaded: vss_ps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\cacls.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cacls.exe Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: ArbExpress Installation Manual.lnk.0.dr LNK file: ..\..\..\..\..\..\..\Program Files (x86)\Tektronix\ArbExpress\Documentation\ArbExpress Installation Manual.pdf
Source: ArbExpress User Manual.lnk.0.dr LNK file: ..\..\..\..\..\..\..\Program Files (x86)\Tektronix\ArbExpress\Documentation\ArbExpress User Manual.pdf
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File written: C:\Users\user\AppData\Local\Temp\{3AC6FFEA-3778-4530-BBC2-4614DD352102}\Disk1\0x0409.ini Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Automated click: I accept the terms of the license agreement
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Automated click: Next >
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Automated click: Next >
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Automated click: Next >
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Automated click: OK
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Window detected: &Next >Cancel< &BackRelease NotesThe InstallShield Wizard will install Tektronix ArbExpress Software on your system. This program is subject to the accompanying Tektronix Software License Agreement.Welcome to the InstallShield Wizard for Tektronix ArbExpress Software.Click Next to continue with the setup program.To know more about what's new in this version of ArbExpress software click 'Release Notes'.
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Window detected: &Next >Cancel< &BackRelease NotesThe InstallShield Wizard will install Tektronix ArbExpress Software on your system. This program is subject to the accompanying Tektronix Software License Agreement.Welcome to the InstallShield Wizard for Tektronix ArbExpress Software.Click Next to continue with the setup program.To know more about what's new in this version of ArbExpress software click 'Release Notes'.
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll Jump to behavior
Source: ArbExpress_V3.6_en_0703_066146106.exe Static file information: File size 45206398 > 1048576
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll Jump to behavior
Source: Binary string: C:\CodeBases\isdev\Redist\Language Independent\x64\ISBEW64.pdb source: ISBEW64.exe, 00000003.00000000.2387483013.0000000140010000.00000002.00000001.01000000.00000009.sdmp, ISBEW64.exe, 00000003.00000002.3073858819.0000000140010000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: E.PDBF source: ArbExpress_V3.6_en_0703_066146106.exe
Source: Binary string: C:\projects\Perforce\tcong_PC-bej4-5RNY5Y2_ArbExpress\ArbExpress\ArbExpress\bin\Release\ArbFile.pdb source: ArbF5357.rra.0.dr
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_00000001400068B0 LoadLibraryW,GetProcAddress,FreeLibrary,FreeLibrary, 3_2_00000001400068B0
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .rsrc
PE file contains sections with non-standard names
Source: ArbE502a.rra.0.dr Static PE information: section name: .textbss
Source: MakW53a5.rra.0.dr Static PE information: section name: _RDATA
Source: DevC1043.rra.0.dr Static PE information: section name: .datax
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Code function: 10_2_01EE000C push eax; iretd 10_2_01EE0055
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Code function: 10_2_01EE0744 push esi; iretd 10_2_01EE0745
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Code function: 14_2_004E2A54 push esp; iretd 14_2_004E2A55
Source: ISSetup.dll.0.dr Static PE information: section name: .text entropy: 7.980557814009445
Source: isrt9045.rra.0.dr Static PE information: section name: .text entropy: 7.974556688094566
Source: ISSee7e.rra.0.dr Static PE information: section name: .text entropy: 7.980557814009445

Persistence and Installation Behavior
barindex
Installs new ROOT certificates
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 Blob Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\mata504a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\isrt.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\PreviewComponent.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\Prev39a5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{3AC6FFEA-3778-4530-BBC2-4614DD352102}\Disk1\ISSetup.dll Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbFile.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\mata50b7.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbExpress.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\ISSee7e.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isr90a3.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\ISSetup.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotn9017.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\DevC1043.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\Disp3196.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBE9026.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbL2be9.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\setude2.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\matarb.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbEqu.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\ArbE502a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isuser_0x0409.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\DisplayComponent.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\matarb.mexw32 (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isu9094.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\MakW53a5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ScopeAcqPages.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\MakWfm.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\setup.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isres_0x0409.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE240a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\isrt9045.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{3AC6FFEA-3778-4530-BBC2-4614DD352102}\Disk1\setup.exe Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE51a1.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\Scop3dbc.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbF5357.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbC1fa5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbEther.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE5163.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\DevComponents.DotNetBar2.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\ArbEther.dll (copy) Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotn9017.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBE9026.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\isrt9045.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isu9094.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isr90a3.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\ArbE502a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\mata504a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\mata50b7.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\setude2.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\ISSee7e.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE5163.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE51a1.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbF5357.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\MakW53a5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\DevC1043.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbC1fa5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE240a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbL2be9.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Documentation\ArbE5441.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\Documentation\ArbE549f.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\Disp3196.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\Prev39a5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\Program Files (x86)\Tektronix\ArbExpress\System\Scop3dbc.rra Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\DotNetInstaller.exe.log Jump to behavior
Creates or modifies windows services
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore Jump to behavior
Modifies existing windows services
Source: C:\Windows\System32\SrTasks.exe Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\ Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Documentation\ Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Documentation\ArbExpress Installation Manual.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Documentation\ArbExpress User Manual.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\ArbExpress Application.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\ArbExpress Help.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Release Notes.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Samples\ Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Samples\Waveforms.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Samples\Equations.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Tools\ Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Tools\Matlab.lnk Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tektronix ArbExpress\Uninstall ArbExpress.lnk Jump to behavior
Uses cacls to modify the permissions of files
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cacls.exe cacls "C:\Program Files (x86)\Tektronix\ArbExpress" /T /E /G Users:F
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 2020000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 2680000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 2280000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 780000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 2790000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 7E0000 memory commit | memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 540000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 25C0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 20B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 940000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 2680000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 4680000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 660000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 25E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 1FB0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 740000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 2600000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 4600000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 25A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 25A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: 45A0000 memory commit | memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\mata504a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\isrt.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\PreviewComponent.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\Prev39a5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{3AC6FFEA-3778-4530-BBC2-4614DD352102}\Disk1\ISSetup.dll Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbFile.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\mata50b7.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbExpress.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\ISSee7e.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isr90a3.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\ISSetup.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\DevC1043.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\Disp3196.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbL2be9.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\matarb.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\setude2.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbEqu.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\matarb.mexw32 (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isuser_0x0409.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\ArbE502a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\DisplayComponent.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isu9094.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ScopeAcqPages.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\MakW53a5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\MakWfm.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\InstallShield Installation Information\{5045756C-7552-4E48-B39F-C28A48E4EACD}\setup.exe (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\_isres_0x0409.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE240a.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\{5045756C-7552-4E48-B39F-C28A48E4EACD}\isrt9045.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{3AC6FFEA-3778-4530-BBC2-4614DD352102}\Disk1\setup.exe Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE51a1.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\Scop3dbc.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbF5357.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbC1fa5.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbEther.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbE5163.rra Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\System\DevComponents.DotNetBar2.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Dropped PE file which has not been started: C:\Program Files (x86)\Tektronix\ArbExpress\Tools\Matlab\ArbEther.dll (copy) Jump to dropped file
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\SrTasks.exe TID: 5672 Thread sleep time: -290000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe TID: 4088 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe TID: 2656 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe TID: 4984 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe TID: 6676 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe TID: 6704 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe TID: 6824 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe TID: 3572 Thread sleep time: -922337203685477s >= -30000s
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File Volume queried: C:\Windows FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe File opened: C:\Users\user\AppData Jump to behavior
Source: SrTasks.exe, 00000008.00000003.2897968400.000001A9ACA13000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: SrTasks.exe, 00000008.00000003.2892882833.000001A9ACA6F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:88
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_000000014000946C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_000000014000946C
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_00000001400068B0 LoadLibraryW,GetProcAddress,FreeLibrary,FreeLibrary, 3_2_00000001400068B0
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_000000014000946C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_000000014000946C
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140009CA8 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_2_0000000140009CA8
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140007200 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_2_0000000140007200
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_0000000140009E28 SetUnhandledExceptionFilter, 3_2_0000000140009E28
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\cacls.exe cacls "C:\Program Files (x86)\Tektronix\ArbExpress" /T /E /G Users:F
Source: ISSetup.dll.0.dr Binary or memory string: ?OPTYPE_PROGMAN_FIELDSWWW
Source: 8f5b.rra.0.dr Binary or memory string: OPTYPE_PROGMAN
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: GetLocaleInfoA, 3_2_000000014000E89C
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\ArbExpress_V3.6_en_0703_066146106.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\DevComponents.DotNetBar2.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\DevComponents.DotNetBar2.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbConnect.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\DisplayComponent.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\DisplayComponent.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ArbLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\PreviewComponent.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\PreviewComponent.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ScopeAcqPages.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Queries volume information: C:\Program Files (x86)\Tektronix\ArbExpress\System\ScopeAcqPages.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\ISBEW64.exe Code function: 3_2_000000014000A824 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 3_2_000000014000A824
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Adds / modifies Windows certificates
Source: C:\Users\user\AppData\Local\Temp\{D087C162-559C-4D68-B967-62FB89959971}\dotnetinstaller.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 Blob Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528662 Sample: ArbExpress_V3.6_en_0703_066... Startdate: 08/10/2024 Architecture: WINDOWS Score: 24 48 206.23.85.13.in-addr.arpa 2->48 50 197.87.175.4.in-addr.arpa 2->50 52 PE file has a writeable .text section 2->52 8 ArbExpress_V3.6_en_0703_066146106.exe 46 219 2->8         started        11 SrTasks.exe 1 2->11         started        signatures3 process4 file5 40 C:\Users\user\...\dotnetinstaller.exe (copy), PE32 8->40 dropped 42 C:\Users\user\AppData\Local\...\isrt9045.rra, PE32 8->42 dropped 44 C:\Users\user\AppData\...\isrt.dll (copy), PE32 8->44 dropped 46 41 other files (none is malicious) 8->46 dropped 13 dotnetinstaller.exe 4 8->13         started        16 cmd.exe 8->16         started        18 dotnetinstaller.exe 3 8->18         started        22 6 other processes 8->22 20 conhost.exe 11->20         started        process6 signatures7 54 Installs new ROOT certificates 13->54 24 conhost.exe 13->24         started        26 conhost.exe 16->26         started        28 cacls.exe 16->28         started        30 conhost.exe 18->30         started        32 conhost.exe 22->32         started        34 conhost.exe 22->34         started        36 conhost.exe 22->36         started        38 2 other processes 22->38 process8
No contacted IP infos

Contacted Domains

Name IP Active
206.23.85.13.in-addr.arpa unknown unknown
197.87.175.4.in-addr.arpa unknown unknown