Windows Analysis Report
wrapper-windows-x86-64-3.5.59-pro.exe

ID:	1532860
Product:	CloudBasic
Start time:	02:34:40
Start date:	14.10.2024
Sample:	wrapper-windows-x86-64-3.5.59-pro.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	4cb008375a7b737c1a6ccf569327df9e
SHA1:	67eb89f50b067628ad733ba3b1a47cdd42dd0364
SHA256:	4c65e4b6f9909d4d4bfc74852c33fd05de53a952d98968bd94d323ec14573992
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\nst714A.tmp\LangDLL.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	50016010FB0D8DB2BC4CD258CEB43BE5	44BA95EE12E69DA72478CF358C93533A9C7A01DC	32230128C18574C1E860DFE4B17FE0334F685740E27BC182E0D525A8948C9C2E
C:\Users\user\AppData\Local\Temp\nst714A.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4ADD245D4BA34B04F213409BFE504C07	EF756D6581D70E87D58CC4982E3F4D18E0EA5B09	9111099EFE9D5C9B391DC132B2FAF0A3851A760D4106D5368E30AC744EB42706
C:\Users\user\AppData\Local\Temp\nst714A.tmp\modern-header.bmp	PC bitmap, Windows 3.x format, 150 x 57 x 24, image size 25764, resolution 3543 x 3543 px/m, cbSize 25818, bits offset 54	10C7EA910D0FCE3FB24F5086788B67D4	81A886DAF2E3D6A4131767CCA0F15666B5E508D7	AAAA7569450EEBE23B4EA62302B4A27C60BCD29E06542BEA6269A081D7683BA2
C:\Users\user\AppData\Local\Temp\nst714A.tmp\modern-wizard.bmp	PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 3543 x 3543 px/m, cbSize 154542, bits offset 54	2BF9DE020C2B6CE10EF79AD63FA3D182	76E10E3A591F795BAA4D670A34D0B6AE1845202C	5C82DDC879A3B0F2B6E1048ADC000112890B6B4AE8AAB2F3724B4669FE08C896
C:\Users\user\AppData\Local\Temp\nst714A.tmp\nsDialogs.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1D8F01A83DDD259BC339902C1D33C8F1	9F7806AF462C94C39E2EC6CC9C7AD05C44EBA04E	4B7D17DA290F41EBE244827CC295CE7E580DA2F7E9F7CC3EFC1ABC6898E3C9ED
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_de.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D088A67F5AB6DE2DA52E0E95B19D5350	F38E644644546B9E7F39B9EFAAE52BFC9C2761B2	6F15A197C54D027BA77F956535361ECF2F28B51F41F6F8AC5492380E2E7048C7
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt	ASCII text, with CRLF line terminators	49AB109C1E32DEF6B4C27E8355C3174A	859EE33C85DB3C4874917D0363DDD741C6F7E800	AF59036005E0CD153905785ADB9BCEE5868C14104317FC63A114AF3085994F1F
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_es.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C222CB7AA4F73C02476AFB7148B2A1F9	660804ABE3880118EAC929C1DA257CCAD26925B9	1B2A5A6A8B5C623FAF5474D27A02E140A53286FBF6F53E4FA7A754CD775457EB
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_ja.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	82CC25F10C47E6A6066339A0AED47345	09E71FA50A56D3BB43030CDB0A1F7E294A1A9134	2F7165599F72C4991231C497194CAA53FC3F70C307603126CAA9A8FD5F7EB37B
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\DemoApp.bat	DOS batch file, ASCII text, with CRLF line terminators	CE5C3047AB22B3E923387070779003CC	C4624EF18DFC2C4CEB8F1F867D92412C831254FE	55327F633C056FF523EF11C79D38676FC9DF692FCE264F05752A0F38A6574274
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\GetHostId.bat	DOS batch file, ASCII text, with CRLF line terminators	FA62DCDD04D7EC9E41D6004B74F1C61C	093FE666873E60B62AC64A00473AB0E38A0CDC1B	490B3376B9AE612B37564DC894A4767927F8BF5492D188415398ABF7A983153E
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\InstallTestWrapper-NT.bat	DOS batch file, ASCII text, with CRLF line terminators	3C58D2DA94F2ADBCA8BB2FB1D9A08613	4DC03D21AA2A542F5B0B986CC62F29151D2FE3A4	8E95C300802F66BA56C3A812A020D3F9F3B95384A8D79341713290C8215F721F
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\PauseTestWrapper-NT.bat	DOS batch file, ASCII text, with CRLF line terminators	E72F141CCD6B50D5137A97C868F9417F	8BAE5D8B3DF13B2DA75B647F380668280B6B24CB	A6B30BA819CEEFA88C4C775541F2E379695FAB2FA25568AE72DD81049E4DD290
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\QueryTestWrapper-NT.bat	DOS batch file, ASCII text, with CRLF line terminators	1E6D275EA634F3F219643AB76A9AEAF4	05328633A5233A707CDA45486F52E6C24CE44D51	8050AC8CE814285E40816248490F36484C6FFB710761DFB815F1958F0DE5B35D
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\ResumeTestWrapper-NT.bat	DOS batch file, ASCII text, with CRLF line terminators	9D79EE1C615CED1C15529AFD5AACB599	834E62ED524E0D2BC623F442BB2CA87BC1793AC1	559BA28D13FD19E20C069DC6EC08C89AB13C8220545F42BE0D61930436DDAC5C
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\SetupTestWrapper.bat	DOS batch file, ASCII text, with CRLF line terminators	98E4F8A247694D96B18ECD867F66C06D	0C8328369F5658131E11D736F961F25DF181CD79	5B28B27C1A14E95CA5F71483AD00F99D82330FD8727E6E4A992C106DB2A4CD15
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\StartTestWrapper-NT.bat	DOS batch file, ASCII text, with CRLF line terminators	BFE379DF92440E0925926FE6AEEB4197	F94AD87E0123EAFF585A8CA560D9BAFE40A04FBB	CA1D76E47A1466A44FB418FE797ECC82FD05DD16214A42055A4C85CF6B91CD27
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\StopTestWrapper-NT.bat	DOS batch file, ASCII text, with CRLF line terminators	2BE057A6FA1811972B4D61805645488E	FCA67B03EB619708C63F1F199D5308FF0168671C	683B8F2531042156BAD95939BBB56EE408F20916FE57F0F1DE98CFE50FA5DD1E
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\TeardownTestWrapper.bat	DOS batch file, ASCII text, with CRLF line terminators	E79CDF147657F721C014AD748B7A73FD	0DFD8179153824D7A6A610C79F2299DE0A1CF4B3	2A248C606A8117868D5E402FAB240609794DB0BDEA0642FAE2A8A180776EDDC3
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\TestWrapper.bat	DOS batch file, ASCII text, with CRLF line terminators	85D359C35FA0F4149DFA5C32F191251B	591988FBC1AB72E850A55766895C3034ED6D4EFA	A4354463D2BBB76ED26E5674B4A8F148745BAF87AC0F418B52A4C7C08A4DE00B
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\TestWrapperCommand.bat	DOS batch file, ASCII text, with CRLF line terminators	D2EBCDC9DB83DA236FA92261B02E0D59	148B41A349020AFF420682133D71E02615E5FA66	CED5E895AA2EDD808C771BCAE02B1A96C01312E9A16826A7AC3EA8B1CBCF117D
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\UninstallTestWrapper-NT.bat	DOS batch file, ASCII text, with CRLF line terminators	8A14B1F06C83AF23D141A7E50D7939B2	D5B41DC8C1A3C98D7132D4EB35C48DF541FD73FA	CFB1852F3829CA10BB982B7DB989A49E34E9F744E548F593659E32F18761936E
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapper.exe	PE32+ executable (console) x86-64, for MS Windows	4A15F9039361AF0E3BB5D8BE1EC0FA16	B9075EBA50A62976E633A2E0AF760257E17A4332	7FCC01AECB75707D5CC041CE644ECE79D30E866ECC96E7A2A0B5EB71D1C5BEDA
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapperw.exe	PE32+ executable (GUI) x86-64, for MS Windows	D748FCFCCE9F2459085D5F60B0C83FA4	C37C35B176048E9D4B359BE3FB6D5AA51DBFE734	EAA057DDE29DA3906C76CDB4D6BBCBCC656F4688731B77EEF942D1A290E62C9A
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\conf\demoapp.conf	C source, ASCII text, with CRLF line terminators	51D1BC7E0711673ADA763DA8BE5A34D2	12E08E0E7EA4D71950723803ED89E4C8CAE80334	FF1AF8593B6EEBB28539EB1B327BEBAF2A30BD318D7C24155D09DBD509E50EDF
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\conf\wrapper-license.conf	ASCII text, with CRLF line terminators	C2E5FAFC194B32FCAFBE41A4C4271AA3	9BF8ACFD7369D60086019FBBFFF5ABBF0EB8DFAA	1AB6476B9BB97594346588F309E7EB825A36865309B00568FB7C6A18630CBDFA
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\conf\wrapper.conf	C source, ASCII text, with CRLF line terminators	9E2CAE47FE18158F7EFF3BBBD9A9C28B	84882389921F68DCB94A16154FB98224B132D97C	13B61D495113FAD80B30E0C4B7C91406597681F5D99E8ADDE6C7D6CF3961EC73
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\index.html	HTML document, ASCII text, with CRLF line terminators	F07BD55A1707BC7B9AAC277CBBC1BA65	EC8B90C7E981242678EFD2740D4AC3FD2358891F	0DE0A936CE56457E164A1F1882596B02A45366F2C15DA2C8D48A21981843327B
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\revisions.txt	ASCII text, with CRLF line terminators	8397A17F4EACFEDE9BAE4D0ECD66F002	C6C3279717BB2AA533C6DC72446662AEEEBAD413	138EEFA0AA42B71E5F295D3DA768773D75516DCDF0228D85AAE87764AC63D91B
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-development-license-1.3.txt	ASCII text, with CRLF line terminators	C638D637C484599EF47F0F5947FE060C	9722C5CF2FD9CEC07FC20BE5475BE7B4684AB505	09AE65DD73D1594D3FB24CC52E63D6ABDA62BB167A79AEE0881293C820F298DD
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-server-license-1.3.txt	ASCII text, with CRLF line terminators	9B688E24CA5080BE302FA3FB317B8D4F	3DAA0CA0A3743EB842A49273D60E29A91C4B9B23	976C8ADD5A2613BC96867304F41D7F71F4BBDF5D19227EA284AAFA2074C9B060
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-tsims-addendum-1.3.txt	ASCII text, with CRLF line terminators	DF9AE096B58F68A5257D8F718672CDAB	E587A3BDD4DF31F8F0B3779AD668C4A97B26B497	3705441426ACF81292D63BAFA2228F150094F0B35BA99999D649C620D0D99E5F
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperTestApp_de.mo	GNU message catalog (little endian), revision 0.0, 306 messages, Project-Id-Version: louserzationwrapper 3.5.0 ' TestAction access_violation_native '	5A50BAAE87A72D6F9A4020A5C60B3574	5E5596CFD690F15417DA862094D6800E428C5BF1	1092E7159F024CB2BDC24602AD2C01A1EE7F4A363DE781FF4E0939035C88AE50
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperTestApp_ja.mo	GNU message catalog (little endian), revision 0.0, 306 messages, Project-Id-Version: Wrapper Test Application ' \343\202\242\343\202\257\343\202\267\343\203\247\343\203\263\343\201\256\343\203\206\343\202\271\343\203\210 access_violation_native '	0ADAFD943F6C92B225A69B15361D2614	B890BE23DEA376C810BD6EE2BAA41B829B00B2EA	56DDFEDA724CB900E233080527A2280B0637AD61A22D994DA8AC9343F391FA44
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapper_de.mo	GNU message catalog (little endian), revision 0.0, 2003 messages, Project-Id-Version: louserzationwrapper 3.5.0 'Rufe StartServiceCtrlDispatcher auf \342\200\246 bitte warten.'	74105488C87BDCC2A560EA73BC9B914C	F3B9332B4CB3D24084AF11A6286BDB956608A428	4A83FABF1081548C973B345EAD9C06010CF9F03852EE6DD4F782DA505349E3D5
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapper_ja.mo	GNU message catalog (little endian), revision 0.0, 1957 messages, Project-Id-Version: Wrapper louserzation 1.0 'StartServiceCtrlDispatcher \343\202\222\345\221\274\343\201\263\345\207\272\343\201\227\344\270\255\342\200\246\343\201\212\345\276\205\343\201\241\343\201\217\343\201\240\343\201\225\343\201\204\343\200\202'	B26266CDEC1D78E9748B3AC36851A7FC	66C95247A47463873E0F3976436ADC38013C1362	659CCAB53200B0746AD70486861E625D8F05961ADB3A8ADA1C5EC4C9AE521CA7
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperjni_de.mo	GNU message catalog (little endian), revision 0.0, 511 messages, Project-Id-Version: louserzationwrapper 3.5.0 ' der Anwendung.'	F98FCD99647A712068BAD9AAFAB08012	6C776DB9294C895E8F80B0AAA7390339720D11C2	CC56469C818449C3481A3727136F5FF66E45BCE159EE3ACECF34ACB418E04281
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lang\wrapperjni_ja.mo	GNU message catalog (little endian), revision 0.0, 522 messages, Project-Id-Version: Wrapper louserzation 1.0 ' \343\200\200'	D5887D2A4E7FA8BB7E839316ECE5917B	9C72E8A36C57499AC74AC668BD53F89E33317AB3	C710AEB50FF5AC07655F395C8DBB00BE15ACC7A1E0E1DE62EEA9060DDF9E93A7
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapper.dll	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	71165922712AC864C946C9F1DB57E557	C73287F4E6F5E182E690DCAE2CA368690B3E7C91	DA4EABE35B1589133FE6C49D98BBE3D06AA3580E25178BEFF50C31C32AF4106D
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapper.jar	Zip archive data, at least v2.0 to extract, compression method=deflate	070A70FBB1B1C7BAB82B7A2A7B5D8D68	CF6ABF27159C287205FB6DF39CDB48C66D1B345D	1C84967ABC930275B5B69159A56CFEE96A52811B2F25B92C40E761B2EE2CA2CC
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapperdemo.jar	Zip archive data, at least v2.0 to extract, compression method=deflate	317FEE7E30130FCBBBDE16C7C043C761	885729C54EFC955516C7631B417F98D8C111490D	F2EA1A7BEE20508F0D160368306FBA00B4C79401A9BA957B90B48B22781531EB
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrappertest.jar	Zip archive data, at least v2.0 to extract, compression method=deflate	7614F13F2062DBC5CA0378230C1FA018	D237E0AC2C781D4D3355B97E171F5DB3A4E6F483	4021B936095C30E56D6C520479DDAD7AA38FF437217B1FD48558C3B5925A1B0F
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\App.bat.in	DOS batch file, ASCII text, with CRLF line terminators	5EC2C7F99DF82C55ECEE38A0F83FB508	C49390FEBACC494EBA40E5D30FA058CBE684AC65	D1663E79204B2438AE876549FBD33F27D5614AF244ABBC7B768C7BF267FB7B1B
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppCommand.bat.in	DOS batch file, ASCII text, with CRLF line terminators	88FA78E820A09B2F369F5F1B66106F1C	611E79D97C0F760B1CF347F0E486FCFBBF8F7D16	E601BA93F1BFF7782F6B150946B330A61FBEC874CB4A200E30D94DD601462131
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppNoWrapper.bat.in	DOS batch file, ASCII text, with CRLF line terminators	2DA1AA2ABF9C3EA1CDFD43B2CFD7F256	2169BCEC0510B2A83744330CC6C0CF0CB7B2141F	55E0E460CBCC4C096AA683B21662A08252F046E5E1B88A8E3EEC465F5527D0AC
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppTemplate.bat.in	DOS batch file, ASCII text, with CRLF line terminators	92880960250207CA09326DEA7A60F382	7316CB80F8224471F1FAD5480B60674556643077	F83CD735C05ED5D90458F57B6A9901321EA79FEBDB7F7938AD8DE75DFAB7911A
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\AppTemplatePassThrough.bat.in	DOS batch file, ASCII text, with CRLF line terminators	EA9ED2F7DA59C1D71140137C13B44EE4	F2A944174167BD8661FAB54B49DCAC941E1264F8	E0346BA19E143071D57DD23EF7926D8DDC9CC6E011D57DD49ACA46B7F9EF4E4A
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\InstallApp-NT.bat.in	DOS batch file, ASCII text, with CRLF line terminators	406EDB4D392C7D215296BB4B1ADC7ABF	EC6ACEFEBC8554144037B3BCB1B6E7266604E207	7220D1083583C8D2DD9A50E81229958BF376FE40F76DF2FB062BD529574DB490
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\PauseApp-NT.bat.in	DOS batch file, ASCII text, with CRLF line terminators	E72F141CCD6B50D5137A97C868F9417F	8BAE5D8B3DF13B2DA75B647F380668280B6B24CB	A6B30BA819CEEFA88C4C775541F2E379695FAB2FA25568AE72DD81049E4DD290
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\QueryApp-NT.bat.in	DOS batch file, ASCII text, with CRLF line terminators	1E6D275EA634F3F219643AB76A9AEAF4	05328633A5233A707CDA45486F52E6C24CE44D51	8050AC8CE814285E40816248490F36484C6FFB710761DFB815F1958F0DE5B35D
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\ResumeApp-NT.bat.in	DOS batch file, ASCII text, with CRLF line terminators	9D79EE1C615CED1C15529AFD5AACB599	834E62ED524E0D2BC623F442BB2CA87BC1793AC1	559BA28D13FD19E20C069DC6EC08C89AB13C8220545F42BE0D61930436DDAC5C
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\SetupApp.bat.in	DOS batch file, ASCII text, with CRLF line terminators	98E4F8A247694D96B18ECD867F66C06D	0C8328369F5658131E11D736F961F25DF181CD79	5B28B27C1A14E95CA5F71483AD00F99D82330FD8727E6E4A992C106DB2A4CD15
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\StartApp-NT.bat.in	DOS batch file, ASCII text, with CRLF line terminators	BFE379DF92440E0925926FE6AEEB4197	F94AD87E0123EAFF585A8CA560D9BAFE40A04FBB	CA1D76E47A1466A44FB418FE797ECC82FD05DD16214A42055A4C85CF6B91CD27
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\StopApp-NT.bat.in	DOS batch file, ASCII text, with CRLF line terminators	2BE057A6FA1811972B4D61805645488E	FCA67B03EB619708C63F1F199D5308FF0168671C	683B8F2531042156BAD95939BBB56EE408F20916FE57F0F1DE98CFE50FA5DD1E
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\TeardownApp.bat.in	DOS batch file, ASCII text, with CRLF line terminators	E79CDF147657F721C014AD748B7A73FD	0DFD8179153824D7A6A610C79F2299DE0A1CF4B3	2A248C606A8117868D5E402FAB240609794DB0BDEA0642FAE2A8A180776EDDC3
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\bin\UninstallApp-NT.bat.in	DOS batch file, ASCII text, with CRLF line terminators	8A14B1F06C83AF23D141A7E50D7939B2	D5B41DC8C1A3C98D7132D4EB35C48DF541FD73FA	CFB1852F3829CA10BB982B7DB989A49E34E9F744E548F593659E32F18761936E
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\conf\wrapper-license-time.conf	ASCII text, with CRLF line terminators	C2E5FAFC194B32FCAFBE41A4C4271AA3	9BF8ACFD7369D60086019FBBFFF5ABBF0EB8DFAA	1AB6476B9BB97594346588F309E7EB825A36865309B00568FB7C6A18630CBDFA
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\conf\wrapper.conf.in	C source, ASCII text, with CRLF line terminators	9AEB7FA196AAB9BE2DE3E85679ED36C0	7D36F98C5D81C94516FD96A9EE715A63AA935B6D	5A19905692E7B91C3EBABD8460DA722491407E81928DFA2817E1D3CE52EED276
C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\src\conf\wrapper.conf.in_ja	C source, Unicode text, UTF-8 text, with CRLF line terminators	723F1864401B7A81F88E4E2B5A948D15	8D614DE99F42A3676E3E6F548CD6C15ECC662BC3	00796366C6DA71C7788DE4280EDB2B78CAEF40348CAF6DAED907F61A455B563E

Privilege Escalation

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	EXE: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapper.exe			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	EXE: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapperw.exe			Jump to behavior

Compliance

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	EXE: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapper.exe			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	EXE: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapperw.exe			Jump to behavior

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Windows\SysWOW64\notepad.exe

Window detected: -------------------------------------------------------------------------------Java Service Wrapper Professional Edition 3.5.59Copyright (C) 1999-2024 Tanuki Software Ltd. All Rights Reserved.https://wrapper.tanukisoftware.com-------------------------------------------------------------------------------Summary:1. What is the Java Service Wrapper?2. Documentation3. Installation4. License Options5. How to Purchase6. Getting Updates7. FAQ8. Support9. System Requirements1. What is the Java Service Wrapper?-------------------------------------------------------------------------------The Java Service Wrapper is an application that has evolved out of a desire to solve a number of problems common to many Java applications. Some of the Wrapper's features are: * Run a Java application as a Windows Service or Unix Daemon * Java Application Reliability * Automatic detection and recovery of Crashes Freezes and Deadlocks * On-Demand Restarts * Standard Out-of-the Box Scripting * Flexible Cross-Platform Configuration * Ease Application Installations * Logging * Many more...See our Product Features page for a more detailed feature list: => https://wrapper.tanukisoftware.com/doc/english/product-features.htmlFor more information please visit: => https://wrapper.tanukisoftware.com/doc/english/introduction.html2. Documentation-------------------------------------------------------------------------------Please visit our website for the full documentation.Here are some ways to get you started. * Complete documentation can be found online: => https://wrapper.tanukisoftware.com/ * How to integrate the Java Service Wrapper with an Application: => https://wrapper.tanukisoftware.com/doc/english/integrate.html * Configuration Properties: => https://wrapper.tanukisoftware.com/doc/english/properties.html * HOWTOs: => https://wrapper.tanukisoftware.com/doc/english/howto.html * Javadocs for advanced users: => https://wrapper.tanukisoftware.com/doc/english/javadocs.html * Tanuki Software Ltd. Corporate site: => https://www.tanukisoftware.com/3. Installation-------------------------------------------------------------------------------If you are reading this it means you have successfully unpacked this software.The Standard and Professional Editions of the Java Service Wrapper ship witha time-limited but full-featured trial license key which allows you to runthe Wrapper as many times as you want for up to 15 minutes. This is meantfor quick no-hassle testing.You can also request a FREE 1-month trial license that allows you to run theWrapper for the validity of the license (one month) on a single server withoutthe 15-minute limit per session.Trial licenses can be obtained at the following URL: => https://wrapper.tanukisoftware.com/doc/english/requestTrial.jspPermanent licenses can be purchased at the following URL: => https://wrapper.tanukisoftware.com/doc/english/accountLicenses.jspIf you have already purchased a license you can generate and

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_de.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_es.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_ja.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-development-license-1.3.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-server-license-1.3.txt			Jump to behavior

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static PE information: certificate valid

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\jenkins-agent\workspace\wrapper\wrapper-64\wrapper_prerelease_3.5.59-pro\src\c\wrapperJNI64_VC8__Win32_Release\wrapper.pdb source: wrapper.dll.0.dr
Source:	Binary string: C:\jenkins-agent\workspace\wrapper\wrapper-64\wrapper_prerelease_3.5.59-pro\src\c\wrapper64_VC8__Win32_Release\wrapper.pdb source: wrapper.exe.0.dr
Source:	Binary string: C:\jenkins-agent\workspace\wrapper\wrapper-64\wrapper_prerelease_3.5.59-pro\src\c\wrapperw32_VC8__Win32_Release\wrapperw.pdb source: wrapperw.exe.0.dr

Networking

Source: revisions.txt.0.dr	String found in binary or memory: http://bugs.sun.com/view_bug.do?bug_id=6965962
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: wrapper-windows-x86-64-3.5.59-pro.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: wrapper.exe.0.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: demoapp.conf.0.dr, wrapper.conf.0.dr, wrapper.conf.in.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.com/doc/english/integrate.html
Source: TestWrapper.bat.0.dr, StartTestWrapper-NT.bat.0.dr, AppTemplate.bat.in.0.dr, AppTemplatePassThrough.bat.in.0.dr, DemoApp.bat.0.dr, ResumeApp-NT.bat.in.0.dr, StopTestWrapper-NT.bat.0.dr, App.bat.in.0.dr, TestWrapperCommand.bat.0.dr, TeardownApp.bat.in.0.dr, InstallApp-NT.bat.in.0.dr, AppNoWrapper.bat.in.0.dr, InstallTestWrapper-NT.bat.0.dr, StopApp-NT.bat.in.0.dr, TeardownTestWrapper.bat.0.dr, PauseTestWrapper-NT.bat.0.dr, QueryTestWrapper-NT.bat.0.dr, GetHostId.bat.0.dr, UninstallApp-NT.bat.in.0.dr, SetupApp.bat.in.0.dr, QueryApp-NT.bat.in.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.com/doc/english/licenseOverview.html
Source: wrapper.conf.in_ja.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.com/doc/japanese/integrate.html
Source: demoapp.conf.0.dr, wrapper.conf.0.dr, wrapper-license.conf.0.dr, wrapper-license-time.conf.0.dr, wrapper.conf.in_ja.0.dr, wrapper.conf.in.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.com/purchase
Source: demoapp.conf.0.dr, wrapper.conf.0.dr, wrapper-license.conf.0.dr, wrapper-license-time.conf.0.dr, wrapper.conf.in_ja.0.dr, wrapper.conf.in.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.com/trial
Source: index.html.0.dr, wrapper-development-license-1.3.txt.0.dr, wrapper-server-license-1.3.txt.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.org
Source: revisions.txt.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.org/doc/english/licenseOverview.html
Source: index.html.0.dr	String found in binary or memory: http://wrapper.tanukisoftware.org/jdoc/index.html
Source: TestWrapper.bat.0.dr, StartTestWrapper-NT.bat.0.dr, AppTemplate.bat.in.0.dr, AppTemplatePassThrough.bat.in.0.dr, DemoApp.bat.0.dr, ResumeApp-NT.bat.in.0.dr, StopTestWrapper-NT.bat.0.dr, App.bat.in.0.dr, TestWrapperCommand.bat.0.dr, TeardownApp.bat.in.0.dr, InstallApp-NT.bat.in.0.dr, AppNoWrapper.bat.in.0.dr, InstallTestWrapper-NT.bat.0.dr, StopApp-NT.bat.in.0.dr, TeardownTestWrapper.bat.0.dr, PauseTestWrapper-NT.bat.0.dr, QueryTestWrapper-NT.bat.0.dr, GetHostId.bat.0.dr, UninstallApp-NT.bat.in.0.dr, SetupApp.bat.in.0.dr, QueryApp-NT.bat.in.0.dr	String found in binary or memory: http://www.tanukisoftware.com
Source: wrapper-windows-x86-64-3.5.59-pro.exe, wrapper.dll.0.dr, wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: notepad.exe, 00000009.00000002.2486216320.0000000002CA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrapper.tan
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr, README_ja.txt.0.dr, README_de.txt.0.dr, README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr, README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/
Source: wrapper-windows-x86-64-3.5.59-pro.exe, 00000000.00000002.1496372828.00000000009A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/accountDevLicenses.jsp
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/accountLicenses.jsp
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/accountServerLicenses.jsp
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CBD000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/debugging.html
Source: notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/download.jsp
Source: notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/faq.html
Source: notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/howto-upgrade.html
Source: README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/howto.html
Source: wrapper_de.mo.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/integrate.html
Source: wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/integrate.htmlThe
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/introduction.html
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/javadocs.html
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/licenseOverview.html
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/product-features.html
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/properties.html
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CBD000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/qna.html
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/requestTrial.jsp
Source: wrapperTestApp_de.mo.0.dr, wrapperTestApp_ja.mo.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/security-model.html
Source: wrapperTestApp_de.mo.0.dr, wrapperTestApp_ja.mo.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/security-model.htmlThrow
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CBD000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/support.jsp
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CBD000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/supported-platforms.html
Source: notepad.exe, 00000009.00000002.2486216320.0000000002CA4000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CBD000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/english/troubleshooting.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/accountDevLicenses.jsp
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/accountLicenses.jsp
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/accountServerLicenses.jsp
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/debugging.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/download.jsp
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/faq.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/howto-upgrade.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/howto.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/integrate.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/introduction.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/javadocs.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/licenseOverview.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/properties.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/qna.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/requestTrial.jsp
Source: wrapperTestApp_de.mo.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/security-model.html
Source: wrapperTestApp_de.mo.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/security-model.htmlGibt
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/support.jsp
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/supported-platforms.html
Source: README_de.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/german/troubleshooting.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/accountDevLicenses.jsp
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/accountLicenses.jsp
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/accountServerLicenses.jsp
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/debugging.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/download.jsp
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/faq.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/howto-upgrade.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/howto.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/integrate.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/introduction.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/javadocs.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/licenseOverview.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/product-features.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/properties.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/qna.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/requestTrial.jsp
Source: wrapperTestApp_ja.mo.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/security-model.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/support.jsp
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/supported-platforms.html
Source: README_ja.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/japanese/troubleshooting.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/accountDevLicenses.jsp
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/accountLicenses.jsp
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/accountServerLicenses.jsp
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/debugging.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/download.jsp
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/faq.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/howto-upgrade.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/howto.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/integrate.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/introduction.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/javadocs.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/licenseOverview.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/product-features.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/properties.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/qna.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/requestTrial.jsp
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/support.jsp
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/supported-platforms.html
Source: README_es.txt.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/doc/spanish/troubleshooting.html
Source: wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/integrateGetNativeSystemInfokernel32.dllMicrosoft
Source: wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/purchaseYou
Source: wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com/trialLicense
Source: wrapperw.exe.0.dr, wrapper.exe.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.com2024GVBtWUThis
Source: wrapper_ja.mo.0.dr	String found in binary or memory: https://wrapper.tanukisoftware.org/doc/japanese/integrate.html
Source: notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr, README_de.txt.0.dr	String found in binary or memory: https://www.tanukisoftware.com/
Source: notepad.exe, 00000009.00000002.2486216320.0000000002CCA000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000009.00000003.1496079559.0000000002CC4000.00000004.00000020.00020000.00000000.sdmp, README_en.txt.0.dr, README_de.txt.0.dr	String found in binary or memory: https://www.tanukisoftware.com/en/distributors.php
Source: README_es.txt.0.dr	String found in binary or memory: https://www.tanukisoftware.com/es/
Source: README_es.txt.0.dr	String found in binary or memory: https://www.tanukisoftware.com/es/distributors.php
Source: README_ja.txt.0.dr	String found in binary or memory: https://www.tanukisoftware.com/ja/
Source: README_ja.txt.0.dr	String found in binary or memory: https://www.tanukisoftware.com/ja/distributors.php

System Summary

Source: wrapper-windows-x86-64-3.5.59-pro.exe, 00000000.00000003.1494919897.0000000000A36000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNOTEPAD.EXE.MUIj% vs wrapper-windows-x86-64-3.5.59-pro.exe
Source: wrapper-windows-x86-64-3.5.59-pro.exe, 00000000.00000003.1494919897.0000000000A36000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNOTEPAD.EXEj% vs wrapper-windows-x86-64-3.5.59-pro.exe

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean2.winEXE@3/59@0/0

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro

Jump to behavior

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

File created: C:\Users\user\AppData\Local\Temp\nsd7139.tmp

Jump to behavior

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

File read: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe "C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe"
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt			Jump to behavior

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: oleacc.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: shfolder.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: riched20.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: usp10.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: msls31.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: policymanager.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: msvcp110_win.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: appresolver.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: bcp47langs.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: slc.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: sppc.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: mrmcorer.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: efswrt.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: twinapi.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: oleacc.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: policymanager.dll			Jump to behavior
Source: C:\Windows\SysWOW64\notepad.exe	Section loaded: msvcp110_win.dll			Jump to behavior

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\notepad.exe

Window detected: -------------------------------------------------------------------------------Java Service Wrapper Professional Edition 3.5.59Copyright (C) 1999-2024 Tanuki Software Ltd. All Rights Reserved.https://wrapper.tanukisoftware.com-------------------------------------------------------------------------------Summary:1. What is the Java Service Wrapper?2. Documentation3. Installation4. License Options5. How to Purchase6. Getting Updates7. FAQ8. Support9. System Requirements1. What is the Java Service Wrapper?-------------------------------------------------------------------------------The Java Service Wrapper is an application that has evolved out of a desire to solve a number of problems common to many Java applications. Some of the Wrapper's features are: * Run a Java application as a Windows Service or Unix Daemon * Java Application Reliability * Automatic detection and recovery of Crashes Freezes and Deadlocks * On-Demand Restarts * Standard Out-of-the Box Scripting * Flexible Cross-Platform Configuration * Ease Application Installations * Logging * Many more...See our Product Features page for a more detailed feature list: => https://wrapper.tanukisoftware.com/doc/english/product-features.htmlFor more information please visit: => https://wrapper.tanukisoftware.com/doc/english/introduction.html2. Documentation-------------------------------------------------------------------------------Please visit our website for the full documentation.Here are some ways to get you started. * Complete documentation can be found online: => https://wrapper.tanukisoftware.com/ * How to integrate the Java Service Wrapper with an Application: => https://wrapper.tanukisoftware.com/doc/english/integrate.html * Configuration Properties: => https://wrapper.tanukisoftware.com/doc/english/properties.html * HOWTOs: => https://wrapper.tanukisoftware.com/doc/english/howto.html * Javadocs for advanced users: => https://wrapper.tanukisoftware.com/doc/english/javadocs.html * Tanuki Software Ltd. Corporate site: => https://www.tanukisoftware.com/3. Installation-------------------------------------------------------------------------------If you are reading this it means you have successfully unpacked this software.The Standard and Professional Editions of the Java Service Wrapper ship witha time-limited but full-featured trial license key which allows you to runthe Wrapper as many times as you want for up to 15 minutes. This is meantfor quick no-hassle testing.You can also request a FREE 1-month trial license that allows you to run theWrapper for the validity of the license (one month) on a single server withoutthe 15-minute limit per session.Trial licenses can be obtained at the following URL: => https://wrapper.tanukisoftware.com/doc/english/requestTrial.jspPermanent licenses can be purchased at the following URL: => https://wrapper.tanukisoftware.com/doc/english/accountLicenses.jspIf you have already purchased a license you can generate and

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static PE information: certificate valid

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static file information: File size 2002192 > 1048576

Source: wrapper-windows-x86-64-3.5.59-pro.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\jenkins-agent\workspace\wrapper\wrapper-64\wrapper_prerelease_3.5.59-pro\src\c\wrapperJNI64_VC8__Win32_Release\wrapper.pdb source: wrapper.dll.0.dr
Source:	Binary string: C:\jenkins-agent\workspace\wrapper\wrapper-64\wrapper_prerelease_3.5.59-pro\src\c\wrapper64_VC8__Win32_Release\wrapper.pdb source: wrapper.exe.0.dr
Source:	Binary string: C:\jenkins-agent\workspace\wrapper\wrapper-64\wrapper_prerelease_3.5.59-pro\src\c\wrapperw32_VC8__Win32_Release\wrapperw.pdb source: wrapperw.exe.0.dr

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\AppData\Local\Temp\nst714A.tmp\LangDLL.dll			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapper.dll			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapper.exe			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapperw.exe			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\AppData\Local\Temp\nst714A.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\AppData\Local\Temp\nst714A.tmp\nsDialogs.dll			Jump to dropped file

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_de.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_es.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_ja.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-development-license-1.3.txt			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File created: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\doc\wrapper-server-license-1.3.txt			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst714A.tmp\LangDLL.dll			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\lib\wrapper.dll			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapper.exe			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\bin\wrapperw.exe			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst714A.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst714A.tmp\nsDialogs.dll			Jump to dropped file

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation			Jump to behavior

Source: revisions.txt.0.dr

Binary or memory string: Azure or Hyper-V Virtual Machines.

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro.exe

Process created: C:\Windows\SysWOW64\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Windows\SysWOW64\notepad.exe

Queries volume information: C:\Users\user\Desktop\wrapper-windows-x86-64-3.5.59-pro\README_en.txt VolumeInformation

Jump to behavior