Source: Setup.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\Setup.exe |
File created: C:\Users\user\AppData\Local\Temp\PatchInstaller.Log |
Jump to behavior |
Source: Setup.exe |
Static PE information: certificate valid |
Source: Setup.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: E:\AzAgent\_work\13\s\Install\Fuse2\SupportFiles\Setup\Aventa_Release\Setup.pdb source: Setup.exe |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E12D30 GetModuleFileNameW,GetLongPathNameW,GetFileAttributesW,wsprintfW,wsprintfW,wsprintfW,GetFileAttributesW,wsprintfW,wsprintfW,FindFirstFileW,FindClose,SHGetFolderPathW,SHGetFolderPathW,GetLastError,FormatMessageW,wsprintfW,wsprintfW,SHGetFolderPathW,SHGetFolderPathW,GetLastError,FormatMessageW, |
0_2_00E12D30 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E1A560 wsprintfW,FindFirstFileW,FindClose,wsprintfW,Sleep,GetFileAttributesW,SetFileAttributesW,SetFileAttributesW,SetFileAttributesW,CopyFileW,wsprintfW,GetLastError,FormatMessageW, |
0_2_00E1A560 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E15DD0 wsprintfW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,SetFileAttributesW,SetFileAttributesW,CopyFileW,wsprintfW,GetFileAttributesW,SetFileAttributesW,SetFileAttributesW,GetLastError,FormatMessageW,FindClose, |
0_2_00E15DD0 |
Source: Setup.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: Setup.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: Setup.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: Setup.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: Setup.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: Setup.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: Setup.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: Setup.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: Setup.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: Setup.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: Setup.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: Setup.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: Setup.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Setup.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E121A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
0_2_00E121A0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E150F0 |
0_2_00E150F0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2A259 |
0_2_00E2A259 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E264EF |
0_2_00E264EF |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E3A699 |
0_2_00E3A699 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2A671 |
0_2_00E2A671 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E3884F |
0_2_00E3884F |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2D9F8 |
0_2_00E2D9F8 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2AAA6 |
0_2_00E2AAA6 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E29CB0 |
0_2_00E29CB0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2DC27 |
0_2_00E2DC27 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E29D5D |
0_2_00E29D5D |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2AEDB |
0_2_00E2AEDB |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E31F40 |
0_2_00E31F40 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: String function: 00E15020 appears 103 times |
|
Source: C:\Users\user\Desktop\Setup.exe |
Code function: String function: 00E27620 appears 48 times |
|
Source: Setup.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean7.winEXE@1/1@0/0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E12D30 GetModuleFileNameW,GetLongPathNameW,GetFileAttributesW,wsprintfW,wsprintfW,wsprintfW,GetFileAttributesW,wsprintfW,wsprintfW,FindFirstFileW,FindClose,SHGetFolderPathW,SHGetFolderPathW,GetLastError,FormatMessageW,wsprintfW,wsprintfW,SHGetFolderPathW,SHGetFolderPathW,GetLastError,FormatMessageW, |
0_2_00E12D30 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E121A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, |
0_2_00E121A0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E114B0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,CloseHandle, |
0_2_00E114B0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E1A9B0 VariantClear,SysAllocString,CoCreateInstance,MessageBoxW,VariantClear, |
0_2_00E1A9B0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E23070 LoadResource,LockResource,SizeofResource, |
0_2_00E23070 |
Source: C:\Users\user\Desktop\Setup.exe |
File created: C:\Users\user\AppData\Local\Temp\PatchInstaller.Log |
Jump to behavior |
Source: Setup.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Setup.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Setup.exe |
String found in binary or memory: /install /passive /norestart |
Source: Setup.exe |
String found in binary or memory: appSettings/add[@key='DevOpsEventId'] |
Source: Setup.exe |
String found in binary or memory: /install /quiet /norestart |
Source: Setup.exe |
String found in binary or memory: appSettings/add[@key='DevOpsUpdatedProductVersion'] |
Source: Setup.exe |
String found in binary or memory: appSettings/add[@key='Market'] |
Source: Setup.exe |
String found in binary or memory: appSettings/add[@key='AllowRemoteServices'] |
Source: Setup.exe |
String found in binary or memory: SeShutdownPrivilegePatchInstaller.LogC:\PatchInstaller.logSetupCould not create log file.FilesPatchesm_szSrcDir: %sm_szPatchDir: %sMarkets\Markets.xmlInformation : Patch Folder ExistsXml Used as %s*.mspInformation : No patch ExistsInvoking Full Install..._isstub.exe COUNTRY /v"COUNTRY=%s"STANDALONEVA /v"STANDALONE=Yes" /v"REBOOT=Force"WEB /v"MEDIATYPE=%s" /v"/qr"01 /v"ALLOWREMOTESERVICES=%s" /v"UNCHECKREMOTESERVICES=%s" -LInstallShield exe Launch call succeeded.InstallShield exe Launch call failed.InstallShield Invoke ExitCode: %luUser cancelled operation.Not all GNWeb params have a value to invoke GNWeb. Check log.SOFTWARE\ReSound\Aventa3MarketBrand registry key not found or could not open: 'HKLM\%s'. dwRes=%luVersionMajorVersionMinorVersionVersionStringVerMajor=%s, VerMinor=%s, Version=%s, VersionString=%sCaching config values...ReSound.Fuse2.Config.dll.configConfig file: '%s'appSettings/add[@key='DevOpsEventId']valuevalue attribute missing for DevOps EventIDappSettings/add[@key='Market']value attribute missing for MarketappSettings/add[@key='DevOpsUpdatedProductVersion']value attribute missing for DevOps Product VersionappSettings/add[@key='AllowRemoteServices']value attribute missing for AllowRemoteServicesFailed to get xml document element...Failed to load config file...EventId: '%s' Market: '%s' ApiProductVersion: '%s' AllowRemoteServices: '%s'Invoking GNWeb...%luError: Exception while setting DevOpsErrorMessage |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: acgenral.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: msacm32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: msxml3.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InProcServer32 |
Jump to behavior |
Source: Setup.exe |
Static PE information: certificate valid |
Source: Setup.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: Setup.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: Setup.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: Setup.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: Setup.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: Setup.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: Setup.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: Setup.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: E:\AzAgent\_work\13\s\Install\Fuse2\SupportFiles\Setup\Aventa_Release\Setup.pdb source: Setup.exe |
Source: Setup.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: Setup.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: Setup.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: Setup.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: Setup.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E27169 push ecx; ret |
0_2_00E2717C |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E27666 push ecx; ret |
0_2_00E27679 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E3F8CF push dword ptr [esp+ecx-75h]; iretd |
0_2_00E3F8D3 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E1CA80 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW, |
0_2_00E1CA80 |
Source: C:\Users\user\Desktop\Setup.exe |
File created: C:\Users\user\AppData\Local\Temp\PatchInstaller.Log |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E264EF GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00E264EF |
Source: C:\Users\user\Desktop\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Setup.exe |
Evasive API call chain: GetLocalTime,DecisionNodes |
Source: C:\Users\user\Desktop\Setup.exe |
API coverage: 7.6 % |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E12D30 GetModuleFileNameW,GetLongPathNameW,GetFileAttributesW,wsprintfW,wsprintfW,wsprintfW,GetFileAttributesW,wsprintfW,wsprintfW,FindFirstFileW,FindClose,SHGetFolderPathW,SHGetFolderPathW,GetLastError,FormatMessageW,wsprintfW,wsprintfW,SHGetFolderPathW,SHGetFolderPathW,GetLastError,FormatMessageW, |
0_2_00E12D30 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E1A560 wsprintfW,FindFirstFileW,FindClose,wsprintfW,Sleep,GetFileAttributesW,SetFileAttributesW,SetFileAttributesW,SetFileAttributesW,CopyFileW,wsprintfW,GetLastError,FormatMessageW, |
0_2_00E1A560 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E15DD0 wsprintfW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,SetFileAttributesW,SetFileAttributesW,CopyFileW,wsprintfW,GetFileAttributesW,SetFileAttributesW,SetFileAttributesW,GetLastError,FormatMessageW,FindClose, |
0_2_00E15DD0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E273D6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00E273D6 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E1D1A0 CreateMutexW,GetLastError,#113,#113,OutputDebugStringW,OutputDebugStringW,MsgWaitForMultipleObjects,MsgWaitForMultipleObjects,PeekMessageW,PeekMessageW,MsgWaitForMultipleObjects,CloseHandle,OutputDebugStringW,OutputDebugStringW,#113, |
0_2_00E1D1A0 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E331F9 mov eax, dword ptr fs:[00000030h] |
0_2_00E331F9 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E3A256 GetProcessHeap, |
0_2_00E3A256 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E273D6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00E273D6 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E27568 SetUnhandledExceptionFilter, |
0_2_00E27568 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2767B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00E2767B |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E2BEA1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00E2BEA1 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E278E7 cpuid |
0_2_00E278E7 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: GetLocaleInfoW, |
0_2_00E380C7 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
0_2_00E3E1B7 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: EnumSystemLocalesW, |
0_2_00E3E47A |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: EnumSystemLocalesW, |
0_2_00E3E42F |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00E3E5A2 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: EnumSystemLocalesW, |
0_2_00E3E515 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: GetLocaleInfoW, |
0_2_00E3E7F2 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
0_2_00E3E91B |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_00E3EAEF |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: GetLocaleInfoW, |
0_2_00E3EA22 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: EnumSystemLocalesW, |
0_2_00E37CD4 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E15020 wsprintfW,GetLocalTime, |
0_2_00E15020 |
Source: C:\Users\user\Desktop\Setup.exe |
Code function: 0_2_00E11070 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,GetVersionExW,GetTokenInformation,GetTokenInformation,GetTokenInformation,DuplicateToken,CreateWellKnownSid,CheckTokenMembership,GetLastError,CloseHandle,CloseHandle,CloseHandle, |
0_2_00E11070 |