Windows Analysis Report
FlowTracker_Setup.exe

Overview

General Information

Sample name: FlowTracker_Setup.exe
Analysis ID: 1546436
MD5: e103387250c2f8330978838bd5b6365f
SHA1: f441f01bf13e1498a2d8b5dbb3de4ae52c43227d
SHA256: cc43b037bdb72a60d29e0ac7be83e1dbabc472bfd8555b5ae90736ea10da02a3
Infos:

Detection

Score: 6
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sigma detected: Suspicious Msiexec Execute Arbitrary DLL
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: FlowTracker_Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Windows\SysWOW64\msiexec.exe Window detected: I &do not accept the license agreementI &accept the license agreement&Next >< &Back&ResetCancelSonTek/YSI Software License AgreementNotice to Registered User: By downloading and/or installing any software created by SonTek/YSI the registered user must accept all the terms and conditions of this agreement. This software program is licensed by SonTek/YSI for use only on the terms set forth herein.Scope of Use: The registered user has the right to use this software on any computer or network for internal use only. This means that the software may be used by the registered user's employees or those of its subsidiaries or parent company and in the performance of consulting or research for third parties who have engaged the registered user as an employee or independent contractor. The registered user may not sell license sublicense rent or make the software available for use by third parties. Nor may the registered user makeavailable to third parties the System Serial Number and software License number entered during the software installation and registration process.Limit of Liability: SonTek/YSI makes no warranty express or implied with respect to this software its quality performance merchantability or fitness for a particular purpose. In no event shall SonTek/YSI be liable for direct indirect special or consequential damages. The software is distributed "as is" and the user assumes the entire risk of its performance and suitability to the user's purpose.In relation to the software which the registered user is entitled to use the registered user shall not decompile disassemble or otherwise reverse engineer the software. Further the registered user may not alter or modify the software without the direct written consent of SonTek/YSI.The software should not be used as the exclusive determinant of any experiment or hypotheses. Where life is involved results obtained with the software should be examined carefully before any conclusions are made. SonTek/YSI takes no responsibility for any inconvenience loss of time property or product damage personal damage or any other incidental or consequential damages resulting from the use of this software.Copyright: This software is owned by SonTek/YSI and is protected by United States copyright law and international treaty provisions. All rights are reserved.You must agree with the license agreement below to proceed.top16License AgreementWise Installation Wizard
Source: C:\Windows\SysWOW64\msiexec.exe Window detected: I &do not accept the license agreementI &accept the license agreement&Next >< &Back&ResetCancelSonTek/YSI Software License AgreementNotice to Registered User: By downloading and/or installing any software created by SonTek/YSI the registered user must accept all the terms and conditions of this agreement. This software program is licensed by SonTek/YSI for use only on the terms set forth herein.Scope of Use: The registered user has the right to use this software on any computer or network for internal use only. This means that the software may be used by the registered user's employees or those of its subsidiaries or parent company and in the performance of consulting or research for third parties who have engaged the registered user as an employee or independent contractor. The registered user may not sell license sublicense rent or make the software available for use by third parties. Nor may the registered user makeavailable to third parties the System Serial Number and software License number entered during the software installation and registration process.Limit of Liability: SonTek/YSI makes no warranty express or implied with respect to this software its quality performance merchantability or fitness for a particular purpose. In no event shall SonTek/YSI be liable for direct indirect special or consequential damages. The software is distributed "as is" and the user assumes the entire risk of its performance and suitability to the user's purpose.In relation to the software which the registered user is entitled to use the registered user shall not decompile disassemble or otherwise reverse engineer the software. Further the registered user may not alter or modify the software without the direct written consent of SonTek/YSI.The software should not be used as the exclusive determinant of any experiment or hypotheses. Where life is involved results obtained with the software should be examined carefully before any conclusions are made. SonTek/YSI takes no responsibility for any inconvenience loss of time property or product damage personal damage or any other incidental or consequential damages resulting from the use of this software.Copyright: This software is owned by SonTek/YSI and is protected by United States copyright law and international treaty provisions. All rights are reserved.You must agree with the license agreement below to proceed.top16License AgreementWise Installation Wizard
Source: C:\Windows\System32\msiexec.exe File opened: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcr80.dll Jump to behavior
Source: Binary string: msvcr80.i386.pdb source: msvcr80.dll.2.dr
Source: Binary string: msvcm80.i386.pdb source: msvcm80.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonDataUI.pdb source: SonDataUI.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonDataBrowser.pdb source: SonDataBrowser.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonScriptLib.pdb source: SonScriptLib.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\Base.pdb source: Base.dll.2.dr
Source: Binary string: h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb source: FlowTracker_Setup.exe, WIS1DC4B5CF7D8A44A99CDFF7A5DD359A38_2_30.MSI.0.dr, MSIAB0F.tmp.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonCommunications.pdb( source: SonCommunications.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\Base.pdb source: Base.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonCommunications.pdb source: SonCommunications.dll.2.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49730
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49736
Source: FlowTrackerExport.exe, 0000001D.00000002.1940091480.0000000002530000.00000004.00000001.01000000.00000008.sdmp String found in binary or memory: http://premier.intel.com/
Source: FlowTracker Users Manual.English.pdf.2.dr, FlowTracker Users Manual.Spanish.pdf.2.dr String found in binary or memory: http://www.sontek.com/)
Source: FlowTracker Release Notes (FWv3.1 SWv2.10).pdf.2.dr String found in binary or memory: http://www.sontek.com/product/fw/ftfw.htm)/S/URI
Source: FlowTracker Release Notes (FWv3.1 SWv2.10).pdf.2.dr String found in binary or memory: http://www.sontek.com/product/sw/flowtracker/flowtracker.htm)/S/URI
Source: FlowTracker Release Notes (FWv3.1 SWv2.10).pdf.2.dr String found in binary or memory: http://www.sontek.com/product/sw/sonutils/sonutils.htm)/S/URI
Source: FlowTracker Release Notes (FWv3.7 SWv2.30).pdf.2.dr String found in binary or memory: http://www.sontek.com/software.html)
Too many similar processes found
Source: msiexec.exe Process created: 48
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5aa756.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIAB0F.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{1DC4B5CF-7D8A-44A9-9CDF-F7A5DD359A38} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIACD5.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\atl71.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msvcr71.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msvcp71.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipps20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsa6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsw7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippspx.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippscw7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsi7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsct7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippscpx.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsca6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsri7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippst7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrw7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrt7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsci7.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrpx.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsra6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippsc20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\libguide40.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippsr20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.manifest Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcr80.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcp80.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcm80.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916257.0 Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916257.0\8.0.50727.762.policy Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916257.0\8.0.50727.762.cat Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1DC4B5CF-7D8A-44A9-9CDF-F7A5DD359A38} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1DC4B5CF-7D8A-44A9-9CDF-F7A5DD359A38}\IconA6B7F1401.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5aa758.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\5aa758.msi Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIAB0F.tmp Jump to behavior
Detected potential crypto function
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0041C040 29_2_0041C040
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0046B97B 29_2_0046B97B
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_004239D0 29_2_004239D0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_004111A4 29_2_004111A4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0045E2F5 29_2_0045E2F5
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_004113C3 29_2_004113C3
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0046B437 29_2_0046B437
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00410C80 29_2_00410C80
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00429540 29_2_00429540
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00411571 29_2_00411571
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00464D19 29_2_00464D19
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0046C5B7 29_2_0046C5B7
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0046D60C 29_2_0046D60C
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0046DEC1 29_2_0046DEC1
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00417E80 29_2_00417E80
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0046BEBF 29_2_0046BEBF
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_004247D0 29_2_004247D0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_004257D0 29_2_004257D0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023E220C 29_2_023E220C
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02412238 29_2_02412238
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024CC2C8 29_2_024CC2C8
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024A42F0 29_2_024A42F0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023D02D0 29_2_023D02D0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0246A2B0 29_2_0246A2B0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0243A3C0 29_2_0243A3C0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024003FC 29_2_024003FC
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02436047 29_2_02436047
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02498050 29_2_02498050
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0249A060 29_2_0249A060
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024BE010 29_2_024BE010
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0243E0F0 29_2_0243E0F0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024560F0 29_2_024560F0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02400170 29_2_02400170
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023B2140 29_2_023B2140
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0240C1C0 29_2_0240C1C0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023EA1A8 29_2_023EA1A8
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02370610 29_2_02370610
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0249C670 29_2_0249C670
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02368664 29_2_02368664
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0235A660 29_2_0235A660
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024B86F0 29_2_024B86F0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0236A6D0 29_2_0236A6D0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023E27B4 29_2_023E27B4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023E67B4 29_2_023E67B4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024007CC 29_2_024007CC
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024B8786 29_2_024B8786
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023D07C4 29_2_023D07C4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0240C460 29_2_0240C460
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02478470 29_2_02478470
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024A44E0 29_2_024A44E0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023B4490 29_2_023B4490
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024144FC 29_2_024144FC
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024A24A0 29_2_024A24A0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023F4510 29_2_023F4510
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0241C570 29_2_0241C570
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0238E500 29_2_0238E500
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0240E508 29_2_0240E508
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02384554 29_2_02384554
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_022F65C4 29_2_022F65C4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0243A5B0 29_2_0243A5B0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0234E5CC 29_2_0234E5CC
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02494AC0 29_2_02494AC0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023DAAF4 29_2_023DAAF4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02472AA0 29_2_02472AA0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024A0AA0 29_2_024A0AA0
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_023B4B78 29_2_023B4B78
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_02494BE0 29_2_02494BE0
Found potential string decryption / allocating functions
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: String function: 00402A70 appears 215 times
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: String function: 024C88C9 appears 87 times
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: String function: 0045C79C appears 34 times
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: String function: 00459400 appears 65 times
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: String function: 004101C0 appears 101 times
PE file contains more sections than normal
Source: ippsi7.dll.2.dr Static PE information: Number of sections : 35 > 10
PE file does not import any functions
Source: IconA6B7F1401.exe.2.dr Static PE information: No import functions for PE file found
Uses 32bit PE files
Source: FlowTracker_Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: clean6.winEXE@51/206@0/0
Source: FlowTracker Users Manual.Spanish.pdf.2.dr Initial sample: mailto:sales@sontek.com
Source: FlowTracker Release Notes (FWv3.1 SWv2.10).pdf.2.dr Initial sample: http://www.sontek.com/product/fw/ftfw.htm
Source: FlowTracker Release Notes (FWv3.1 SWv2.10).pdf.2.dr Initial sample: http://www.sontek.com/product/sw/flowtracker/flowtracker.htm
Source: FlowTracker Users Manual.Spanish.pdf.2.dr Initial sample: mailto:support@sontek.com
Source: FlowTracker Users Manual.Spanish.pdf.2.dr Initial sample: http://www.sontek.com/
Source: FlowTracker Release Notes (FWv3.1 SWv2.10).pdf.2.dr Initial sample: http://www.sontek.com/product/sw/sonutils/sonutils.htm
Source: FlowTracker Release Notes (FWv3.7 SWv2.30).pdf.2.dr Initial sample: http://www.sontek.com/software.html
Source: FlowTracker Users Manual.Spanish.pdf.2.dr Initial sample: mailto:inquiry@sontek.com
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00415860 CoCreateInstance,OleRun,_com_util::ConvertStringToBSTR,_com_util::ConvertStringToBSTR,VariantClear,VariantClear,VariantClear,VariantClear,SysStringLen,GetFileAttributesA,CreateDirectoryA,GetLastError,InterlockedDecrement,SysFreeString, 29_2_00415860
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00401250 LoadResource,LockResource,SizeofResource, 29_2_00401250
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe File created: C:\Program Files (x86)\Common Files\Wise Installation Wizard Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI7931.tmp Jump to behavior
Source: FlowTracker_Setup.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: FlowTracker_Setup.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe File read: C:\Users\user\Desktop\FlowTracker_Setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\FlowTracker_Setup.exe "C:\Users\user\Desktop\FlowTracker_Setup.exe"
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS1DC4B5CF7D8A44A99CDFF7A5DD359A38_2_30.MSI" WISE_SETUP_EXE_PATH="C:\Users\user\Desktop\FlowTracker_Setup.exe"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 721A14B488BA2239A99405E88BE13886 C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 401F6D3C4DBC37D117E40A823546F8D4
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDrvLib.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonUsb.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScriptLib.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Communications.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScript.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Graphics.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataControls.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataLib.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonData.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Base.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUtils.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataExport.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDTP.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\YsiPlatform.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUI.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDiag.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataUI.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\UI.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataProcessing.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataBrowser.dll"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe "C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe" /RegServer
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS1DC4B5CF7D8A44A99CDFF7A5DD359A38_2_30.MSI" WISE_SETUP_EXE_PATH="C:\Users\user\Desktop\FlowTracker_Setup.exe" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 721A14B488BA2239A99405E88BE13886 C Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 401F6D3C4DBC37D117E40A823546F8D4 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDrvLib.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonUsb.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScriptLib.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Communications.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScript.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Graphics.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataControls.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataLib.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonData.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Base.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUtils.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataExport.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDTP.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\YsiPlatform.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUI.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDiag.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScript.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataUI.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\UI.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataProcessing.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataBrowser.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe "C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe" /RegServer Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ipps20.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: libguide40.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Section loaded: ipps20.dll Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Section loaded: libguide40.dll Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File written: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Drivers2\drivers2.ini Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: I accept the license agreement
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: OK
Source: C:\Windows\SysWOW64\msiexec.exe Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\msiexec.exe Window detected: I &do not accept the license agreementI &accept the license agreement&Next >< &Back&ResetCancelSonTek/YSI Software License AgreementNotice to Registered User: By downloading and/or installing any software created by SonTek/YSI the registered user must accept all the terms and conditions of this agreement. This software program is licensed by SonTek/YSI for use only on the terms set forth herein.Scope of Use: The registered user has the right to use this software on any computer or network for internal use only. This means that the software may be used by the registered user's employees or those of its subsidiaries or parent company and in the performance of consulting or research for third parties who have engaged the registered user as an employee or independent contractor. The registered user may not sell license sublicense rent or make the software available for use by third parties. Nor may the registered user makeavailable to third parties the System Serial Number and software License number entered during the software installation and registration process.Limit of Liability: SonTek/YSI makes no warranty express or implied with respect to this software its quality performance merchantability or fitness for a particular purpose. In no event shall SonTek/YSI be liable for direct indirect special or consequential damages. The software is distributed "as is" and the user assumes the entire risk of its performance and suitability to the user's purpose.In relation to the software which the registered user is entitled to use the registered user shall not decompile disassemble or otherwise reverse engineer the software. Further the registered user may not alter or modify the software without the direct written consent of SonTek/YSI.The software should not be used as the exclusive determinant of any experiment or hypotheses. Where life is involved results obtained with the software should be examined carefully before any conclusions are made. SonTek/YSI takes no responsibility for any inconvenience loss of time property or product damage personal damage or any other incidental or consequential damages resulting from the use of this software.Copyright: This software is owned by SonTek/YSI and is protected by United States copyright law and international treaty provisions. All rights are reserved.You must agree with the license agreement below to proceed.top16License AgreementWise Installation Wizard
Source: C:\Windows\SysWOW64\msiexec.exe Window detected: I &do not accept the license agreementI &accept the license agreement&Next >< &Back&ResetCancelSonTek/YSI Software License AgreementNotice to Registered User: By downloading and/or installing any software created by SonTek/YSI the registered user must accept all the terms and conditions of this agreement. This software program is licensed by SonTek/YSI for use only on the terms set forth herein.Scope of Use: The registered user has the right to use this software on any computer or network for internal use only. This means that the software may be used by the registered user's employees or those of its subsidiaries or parent company and in the performance of consulting or research for third parties who have engaged the registered user as an employee or independent contractor. The registered user may not sell license sublicense rent or make the software available for use by third parties. Nor may the registered user makeavailable to third parties the System Serial Number and software License number entered during the software installation and registration process.Limit of Liability: SonTek/YSI makes no warranty express or implied with respect to this software its quality performance merchantability or fitness for a particular purpose. In no event shall SonTek/YSI be liable for direct indirect special or consequential damages. The software is distributed "as is" and the user assumes the entire risk of its performance and suitability to the user's purpose.In relation to the software which the registered user is entitled to use the registered user shall not decompile disassemble or otherwise reverse engineer the software. Further the registered user may not alter or modify the software without the direct written consent of SonTek/YSI.The software should not be used as the exclusive determinant of any experiment or hypotheses. Where life is involved results obtained with the software should be examined carefully before any conclusions are made. SonTek/YSI takes no responsibility for any inconvenience loss of time property or product damage personal damage or any other incidental or consequential damages resulting from the use of this software.Copyright: This software is owned by SonTek/YSI and is protected by United States copyright law and international treaty provisions. All rights are reserved.You must agree with the license agreement below to proceed.top16License AgreementWise Installation Wizard
Source: FlowTracker_Setup.exe Static file information: File size 26464768 > 1048576
Source: C:\Windows\System32\msiexec.exe File opened: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcr80.dll Jump to behavior
Source: FlowTracker_Setup.exe Static PE information: Raw size of .WISE is bigger than: 0x100000 < 0x1930e00
Source: Binary string: msvcr80.i386.pdb source: msvcr80.dll.2.dr
Source: Binary string: msvcm80.i386.pdb source: msvcm80.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonDataUI.pdb source: SonDataUI.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonDataBrowser.pdb source: SonDataBrowser.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonScriptLib.pdb source: SonScriptLib.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\Base.pdb source: Base.dll.2.dr
Source: Binary string: h:\nt.obj.x86fre\base\wcp\tools\msmcustomaction\objfre\i386\msmcustomaction.pdb source: FlowTracker_Setup.exe, WIS1DC4B5CF7D8A44A99CDFF7A5DD359A38_2_30.MSI.0.dr, MSIAB0F.tmp.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonCommunications.pdb( source: SonCommunications.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\Base.pdb source: Base.dll.2.dr
Source: Binary string: C:\SonDev\WinDev\Components2\Bin\Release\SonCommunications.pdb source: SonCommunications.dll.2.dr
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_004679F0 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, 29_2_004679F0
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .rdata
PE file contains sections with non-standard names
Source: FlowTracker_Setup.exe Static PE information: section name: .WISE
Source: ippcore.dll.2.dr Static PE information: section name: .data1
Source: ipps20.dll.2.dr Static PE information: section name: .data1
Source: ippsa6.dll.2.dr Static PE information: section name: .data1
Source: ippsw7.dll.2.dr Static PE information: section name: .data1
Source: ippspx.dll.2.dr Static PE information: section name: .data1
Source: ippscw7.dll.2.dr Static PE information: section name: .data1
Source: ippscw7.dll.2.dr Static PE information: section name: CONST1
Source: ippsi7.dll.2.dr Static PE information: section name: ps10lgin
Source: ippsi7.dll.2.dr Static PE information: section name: psexpflt
Source: ippsi7.dll.2.dr Static PE information: section name: psexpflt
Source: ippsi7.dll.2.dr Static PE information: section name: psexpdbl
Source: ippsi7.dll.2.dr Static PE information: section name: KaiserSh
Source: ippsi7.dll.2.dr Static PE information: section name: Kaiserfl
Source: ippsi7.dll.2.dr Static PE information: section name: Kaiserdb
Source: ippsi7.dll.2.dr Static PE information: section name: psln32ss
Source: ippsi7.dll.2.dr Static PE information: section name: magsquar
Source: ippsi7.dll.2.dr Static PE information: section name: MiniMax
Source: ippsi7.dll.2.dr Static PE information: section name: MiniMaxI
Source: ippsi7.dll.2.dr Static PE information: section name: Norm32fc
Source: ippsi7.dll.2.dr Static PE information: section name: Norm64fc
Source: ippsi7.dll.2.dr Static PE information: section name: advnrmlz
Source: ippsi7.dll.2.dr Static PE information: section name: phaseshf
Source: ippsi7.dll.2.dr Static PE information: section name: phaseshf
Source: ippsi7.dll.2.dr Static PE information: section name: phasesho
Source: ippsi7.dll.2.dr Static PE information: section name: phasesho
Source: ippsi7.dll.2.dr Static PE information: section name: phaseflt
Source: ippsi7.dll.2.dr Static PE information: section name: phaseflt
Source: ippsi7.dll.2.dr Static PE information: section name: phaseint
Source: ippsi7.dll.2.dr Static PE information: section name: phasedbl
Source: ippsi7.dll.2.dr Static PE information: section name: phasedbl
Source: ippsi7.dll.2.dr Static PE information: section name: psplr2cr
Source: ippsi7.dll.2.dr Static PE information: section name: psplr2cr
Source: ippsi7.dll.2.dr Static PE information: section name: .srdata
Source: ippsi7.dll.2.dr Static PE information: section name: .sdata1
Source: ippsi7.dll.2.dr Static PE information: section name: .data1
Source: ippsct7.dll.2.dr Static PE information: section name: .data1
Source: ippsct7.dll.2.dr Static PE information: section name: CONST1
Source: ippscpx.dll.2.dr Static PE information: section name: .data1
Source: ippsca6.dll.2.dr Static PE information: section name: .data1
Source: ippsca6.dll.2.dr Static PE information: section name: CONST1
Source: ippsri7.dll.2.dr Static PE information: section name: .srdata
Source: ippsri7.dll.2.dr Static PE information: section name: .sdata1
Source: ippsri7.dll.2.dr Static PE information: section name: .data1
Source: ippst7.dll.2.dr Static PE information: section name: .data1
Source: ippsrw7.dll.2.dr Static PE information: section name: .data1
Source: ippsrw7.dll.2.dr Static PE information: section name: _DATA1
Source: ippsrw7.dll.2.dr Static PE information: section name: _DATA2
Source: ippsrt7.dll.2.dr Static PE information: section name: .data1
Source: ippsrt7.dll.2.dr Static PE information: section name: _DATA1
Source: ippsrt7.dll.2.dr Static PE information: section name: _DATA2
Source: ippsci7.dll.2.dr Static PE information: section name: .srdata
Source: ippsci7.dll.2.dr Static PE information: section name: .sdata1
Source: ippsci7.dll.2.dr Static PE information: section name: .data1
Source: ippsrpx.dll.2.dr Static PE information: section name: .data1
Source: ippsra6.dll.2.dr Static PE information: section name: .data1
Source: ippsra6.dll.2.dr Static PE information: section name: _DATA1
Source: ippsc20.dll.2.dr Static PE information: section name: .data1
Source: libguide40.dll.2.dr Static PE information: section name: .data1
Source: ippsr20.dll.2.dr Static PE information: section name: .data1
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0045C7E1 push ecx; ret 29_2_0045C7F4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024C8470 push eax; ret 29_2_024C849E
Drops PE files
Source: C:\Windows\SysWOW64\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI7931.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Base.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataProcessing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\MultiLanguage2\MultiLanguage.Dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippspx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDrvLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsci7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippcore.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippst7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataControls.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippsr20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonData.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipps20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrpx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\UI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrt7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msvcr71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataUI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDTP.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\atl71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsi7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsri7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\libguide40.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippsc20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcm80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\SonTek\FlowTracker\GDIPlus.Dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsca6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Drivers2\SontekDrivers.Dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcp80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScriptLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommunications.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScript.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUtils.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\YsiPlatform.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Communications.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msvcp71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataBrowser.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1DC4B5CF-7D8A-44A9-9CDF-F7A5DD359A38}\IconA6B7F1401.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsa6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsra6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIAB0F.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippscpx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Graphics.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataExport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsct7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippscw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDiag.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcr80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonUsb.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippspx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsci7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcp80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippcore.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippst7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippsr20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipps20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrpx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msvcp71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{1DC4B5CF-7D8A-44A9-9CDF-F7A5DD359A38}\IconA6B7F1401.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrt7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsa6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\msvcr71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIAB0F.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsra6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippscpx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsrw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\atl71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsct7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsi7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsri7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\libguide40.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippscw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ippsc20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcr80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcm80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\SysWOW64\ipp20\ippsca6.dll Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sontek Software Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sontek Software\FlowTracker Manual.lnk Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sontek Software\FlowTracker.lnk Jump to behavior
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\SysWOW64\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI7931.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Base.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataProcessing.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\MultiLanguage2\MultiLanguage.Dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippspx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDrvLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsci7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ippcore.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippst7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataControls.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ippsr20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonData.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsrpx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\UI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsrt7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataUI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcr71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsrw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDTP.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\atl71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsi7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsri7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUI.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ippsc20.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcm80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\SonTek\FlowTracker\GDIPlus.Dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsca6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Drivers2\SontekDrivers.Dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcp80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScriptLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommunications.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScript.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUtils.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\YsiPlatform.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Communications.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\msvcp71.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataBrowser.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\{1DC4B5CF-7D8A-44A9-9CDF-F7A5DD359A38}\IconA6B7F1401.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsa6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsra6.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIAB0F.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippscpx.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Graphics.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataExport.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippsct7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\ipp20\ippscw7.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDiag.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\WinSxS\InstallTemp\20241031170916085.0\msvcr80.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonUsb.dll Jump to dropped file
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Found large amount of non-executed APIs
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe API coverage: 1.5 %
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0045AAE1 VirtualQuery,GetSystemInfo,GetModuleHandleW,GetProcAddress,VirtualAlloc,VirtualProtect, 29_2_0045AAE1
Source: FlowTrackerExport.exe, 0000001D.00000002.1939263130.0000000000491000.00000008.00000001.01000000.00000005.sdmp, FlowTrackerExport.exe, 0000001D.00000000.1938096761.0000000000490000.00000008.00000001.01000000.00000005.sdmp, Base.dll.2.dr, FlowTrackerExport.exe.2.dr, SonCommunications.dll.2.dr, SonScriptLib.dll.2.dr, SonDataUI.dll.2.dr, SonDataBrowser.dll.2.dr Binary or memory string: .?AVCRegistryVirtualMachine@ATL@@
Source: FlowTrackerExport.exe, 0000001D.00000002.1939263130.0000000000491000.00000008.00000001.01000000.00000005.sdmp, FlowTrackerExport.exe, 0000001D.00000000.1938096761.0000000000490000.00000008.00000001.01000000.00000005.sdmp, FlowTrackerExport.exe.2.dr Binary or memory string: G.?AVCRegistryVirtualMachine@ATL@@L
Source: SonDataBrowser.dll.2.dr Binary or memory string: .?AVCRegistryVirtualMachine@ATL@@4
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00459EDC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 29_2_00459EDC
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0045AAE1 VirtualProtect ?,-00000001,00000104,? 29_2_0045AAE1
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_004679F0 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer, 29_2_004679F0
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00458D6A IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree, 29_2_00458D6A
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0045F65B __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 29_2_0045F65B
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00459EDC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 29_2_00459EDC
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_00459F5B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 29_2_00459F5B
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\FlowTracker_Setup.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS1DC4B5CF7D8A44A99CDFF7A5DD359A38_2_30.MSI" WISE_SETUP_EXE_PATH="C:\Users\user\Desktop\FlowTracker_Setup.exe" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDrvLib.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonUsb.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScriptLib.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Communications.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScript.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Graphics.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataControls.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataLib.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonData.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\Base.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUtils.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataExport.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDTP.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\YsiPlatform.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonCommUI.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDiag.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonScript.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataUI.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\UI.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataProcessing.dll" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\SonTek Shared\SonTek Components 2\SonDataBrowser.dll" Jump to behavior
Contains functionality to query locales information (e.g. system language)
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: GetLocaleInfoA, 29_2_00467D5A
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\SysWOW64\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_0046711C GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 29_2_0046711C
Source: C:\Program Files (x86)\SonTek\FlowTracker\FlowTrackerExport.exe Code function: 29_2_024C84FF GetVersion,GetCommandLineA, 29_2_024C84FF
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1546436 Sample: FlowTracker_Setup.exe Startdate: 31/10/2024 Architecture: WINDOWS Score: 6 5 msiexec.exe 501 243 2->5         started        8 FlowTracker_Setup.exe 6 2->8         started        file3 23 C:\Windows\WinSxS\InstallTemp\...\msvcr80.dll, PE32 5->23 dropped 25 C:\Windows\WinSxS\InstallTemp\...\msvcp80.dll, PE32 5->25 dropped 27 C:\Windows\WinSxS\InstallTemp\...\msvcm80.dll, PE32 5->27 dropped 29 50 other files (none is malicious) 5->29 dropped 10 msiexec.exe 409 5->10         started        12 FlowTrackerExport.exe 109 5->12         started        14 msiexec.exe 282 1 5->14         started        19 21 other processes 5->19 16 msiexec.exe 11 8->16         started        process4 file5 21 C:\Users\user\AppData\Local\...\MSI7931.tmp, PE32 16->21 dropped
No contacted IP infos