Click to jump to signature section
Source: DiStem-0.9.10.exe | Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: DiStem-0.9.10.exe | Static PE information: certificate valid |
Source: DiStem-0.9.10.exe | Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: | Binary string: wininet.pdb source: DiStem-0.9.10.exe, 00000000.00000003.1324795841.0000000009432000.00000004.00000020.00020000.00000000.sdmp, shiAA8C.tmp.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb source: DiStem-0.9.10.exe, ExternalUICleaner.dll.0.dr, DiStem-0.9.10.msi.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\custact\x86\InstallTrial.pdb2 source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, TrialBinaryComponent.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\custact\x86\ExternalUICleaner.pdb7 source: DiStem-0.9.10.exe, ExternalUICleaner.dll.0.dr, DiStem-0.9.10.msi.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr |
Source: | Binary string: wininet.pdbUGP source: DiStem-0.9.10.exe, 00000000.00000003.1324795841.0000000009432000.00000004.00000020.00020000.00000000.sdmp, shiAA8C.tmp.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\custact\x86\InstallTrial.pdb source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, TrialBinaryComponent.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: DiStem-0.9.10.exe, lzmaextractor.dll.0.dr, DiStem-0.9.10.msi.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: DiStem-0.9.10.exe, MSIACD7.tmp.0.dr, MSIB037.tmp.0.dr, MSIB076.tmp.0.dr, MSIAC78.tmp.0.dr, DiStem-0.9.10.msi.0.dr, MSIABF8.tmp.0.dr, MSIAB79.tmp.0.dr, MSIAD94.tmp.0.dr, MSIAD45.tmp.0.dr, MSIB007.tmp.0.dr, MSIAC48.tmp.0.dr, MSIABD8.tmp.0.dr, MSIAB0A.tmp.0.dr, MSIADC4.tmp.0.dr, MSIAC28.tmp.0.dr |
Source: | Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: DiStem-0.9.10.exe, DiStem-0.9.10.aiui.0.dr |
Source: | Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr |
Source: C:\Windows\System32\msiexec.exe | File opened: z: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: x: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: v: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: t: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: r: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: p: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: n: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: l: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: j: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: h: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: f: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: b: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: y: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: w: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: u: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: s: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: q: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: o: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: m: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: k: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: i: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: g: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: e: | Jump to behavior |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | File opened: c: | Jump to behavior |
Source: C:\Windows\System32\msiexec.exe | File opened: a: | Jump to behavior |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A6E460 FindFirstFileW,GetLastError,FindClose, | 0_2_00A6E460 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A94060 FindFirstFileW,FindClose, | 0_2_00A94060 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A502F0 FindFirstFileW,FindNextFileW,FindClose, | 0_2_00A502F0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AA45D0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, | 0_2_00AA45D0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00954AD0 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,PathIsUNCW, | 0_2_00954AD0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AA4A50 FindFirstFileW,FindClose, | 0_2_00AA4A50 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A7CD70 FindFirstFileW,FindClose,FindClose, | 0_2_00A7CD70 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AB9950 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,FindNextFileW,FindClose, | 0_2_00AB9950 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A6DB30 FindFirstFileW,FindFirstFileW,FindClose,FindClose, | 0_2_00A6DB30 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A99ED0 FindFirstFileW,FindClose,CloseHandle,CloseHandle, | 0_2_00A99ED0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AA3220 GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection, | 0_2_00AA3220 |
Source: shiAA8C.tmp.0.dr | String found in binary or memory: http://.css |
Source: shiAA8C.tmp.0.dr | String found in binary or memory: http://.jpg |
Source: DiStem-0.9.10.exe, 00000000.00000002.2542527874.0000000004F7C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/ |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: DiStem-0.9.10.exe, 00000000.00000002.2542527874.0000000004F7C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrusT |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: DiStem-0.9.10.exe, 00000000.00000002.2542527874.0000000004F7C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssur8 |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: shiAA8C.tmp.0.dr | String found in binary or memory: http://html4/loose.dtd |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://ocsp.digicert.com0 |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://ocsp.digicert.com0A |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://ocsp.digicert.com0X |
Source: DiStem-0.9.10.exe | String found in binary or memory: http://schemas.micr |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr, DiRoots.CustomActions.0.dr, DiStem-0.9.10.aiui.0.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: DiStem-0.9.10.exe, 00000000.00000002.2542527874.0000000004F56000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.github.com/repos/DiRoots-Limited/DiRoots.DiStem.Releases/releases |
Source: DiStem-0.9.10.exe, 00000000.00000003.1319898874.0000000004F98000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://api.github.com/repos/DiRoots-Limited/DiRoots.DiStem.Releases/releasesPbw |
Source: DiStem-0.9.10.exe, 00000000.00000002.2542527874.0000000004F7C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://diroots.com/contact-us/ |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr | String found in binary or memory: https://diroots.com/privacy-policy/ |
Source: DiStem-0.9.10.exe, 00000000.00000002.2545254998.000000000A6AA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://diroots.com/privacy-policy/0 |
Source: DiStem-0.9.10.exe, DiStem-0.9.10.msi.0.dr | String found in binary or memory: https://diroots.com/terms-and-conditions |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A4A060 SendMessageW,GetParent,GetWindowRect,GetParent,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,MapWindowPoints,FillRect,DeleteDC,SendMessageW,SendMessageW, | 0_2_00A4A060 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A28250 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,GetSysColor, | 0_2_00A28250 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00958FC0 KillTimer,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection, | 0_2_00958FC0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00ABBB50 NtdllDefWindowProc_W, | 0_2_00ABBB50 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00948480 NtdllDefWindowProc_W,GetSysColor, | 0_2_00948480 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A06490 NtdllDefWindowProc_W, | 0_2_00A06490 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00952590 NtdllDefWindowProc_W, | 0_2_00952590 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0094A680 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow, | 0_2_0094A680 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00952700 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W, | 0_2_00952700 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0095E9B0 NtdllDefWindowProc_W, | 0_2_0095E9B0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0096CD10 NtdllDefWindowProc_W, | 0_2_0096CD10 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0094AE70 NtdllDefWindowProc_W, | 0_2_0094AE70 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0094B4D0 NtdllDefWindowProc_W, | 0_2_0094B4D0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_009B1610 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W, | 0_2_009B1610 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00947600 GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,NtdllDefWindowProc_W,GetWindowTextLengthW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W, | 0_2_00947600 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00947DD0 SysFreeString,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,GetWindowTextLengthW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,SysFreeString, | 0_2_00947DD0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A76690 | 0_2_00A76690 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A849E0 | 0_2_00A849E0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A88A70 | 0_2_00A88A70 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AD0BB0 | 0_2_00AD0BB0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00ACD210 | 0_2_00ACD210 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AB3260 | 0_2_00AB3260 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00931490 | 0_2_00931490 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0095F640 | 0_2_0095F640 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00ADA260 | 0_2_00ADA260 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A744A0 | 0_2_00A744A0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00B5E48F | 0_2_00B5E48F |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0096E420 | 0_2_0096E420 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00966500 | 0_2_00966500 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00B4C680 | 0_2_00B4C680 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00962673 | 0_2_00962673 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00B1E8B0 | 0_2_00B1E8B0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00B548A3 | 0_2_00B548A3 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A4A8C0 | 0_2_00A4A8C0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00972A20 | 0_2_00972A20 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_009B4B20 | 0_2_009B4B20 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00B44C9E | 0_2_00B44C9E |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00952C40 | 0_2_00952C40 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00964D40 | 0_2_00964D40 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0095AFE0 | 0_2_0095AFE0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0095F0D0 | 0_2_0095F0D0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AD1020 | 0_2_00AD1020 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00B4502C | 0_2_00B4502C |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00933480 | 0_2_00933480 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00B254D0 | 0_2_00B254D0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AC9620 | 0_2_00AC9620 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0096F660 | 0_2_0096F660 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00ADD850 | 0_2_00ADD850 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00937AA0 | 0_2_00937AA0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00ABDCF0 | 0_2_00ABDCF0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AD1DC0 | 0_2_00AD1DC0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0095FEA0 | 0_2_0095FEA0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A99ED0 | 0_2_00A99ED0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: String function: 00939300 appears 120 times | |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: String function: 009387D0 appears 58 times | |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: String function: 0093A840 appears 57 times | |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: String function: 00954AD0 appears 35 times | |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: String function: 0093AE80 appears 66 times | |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFileName vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000002.2544999209.000000000A61A000.00000002.00000001.00040000.00000024.sdmp | Binary or memory string: OriginalFilenameDiRoots.CustomActions.dllL vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000002.2544999209.000000000A61A000.00000002.00000001.00040000.00000024.sdmp | Binary or memory string: OriginalFilenameSfxCA.dll\ vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000002.2545254998.000000000A6F2000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameAICustAct.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000002.2544999209.000000000A370000.00000002.00000001.00040000.00000024.sdmp | Binary or memory string: OriginalFilenamelzmaextractor.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000002.2544999209.000000000A370000.00000002.00000001.00040000.00000024.sdmp | Binary or memory string: OriginalFilenameAICustAct.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000002.2544999209.000000000A370000.00000002.00000001.00040000.00000024.sdmp | Binary or memory string: OriginalFilenamePrereq.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000002.2544999209.000000000A370000.00000002.00000001.00040000.00000024.sdmp | Binary or memory string: OriginalFilenameExternalUICleaner.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe, 00000000.00000003.1324795841.0000000009432000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamewininet.dllD vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFileNameDiStem-0.9.10.aiui. vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFilenamelzmaextractor.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFilenameAICustAct.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFilenamePrereq.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFilenameExternalUICleaner.dllF vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFilenameDiRoots.CustomActions.dllL vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Binary or memory string: OriginalFilenameSfxCA.dll\ vs DiStem-0.9.10.exe |
Source: DiStem-0.9.10.exe | Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
Source: shiAA8C.tmp.0.dr | Binary string: \Device\NameResTrk\RecordNrtCloneOpenPacket |
Source: classification engine | Classification label: clean8.winEXE@4/100@0/0 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00A71850 FormatMessageW,GetLastError, | 0_2_00A71850 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_00AA5A20 GetDiskFreeSpaceExW, | 0_2_00AA5A20 |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Code function: 0_2_0093A700 LoadResource,LockResource,SizeofResource, | 0_2_0093A700 |
Source: DiStem-0.9.10.exe | Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\DiStem-0.9.10.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers | Jump to behavior |
Source: DiStem-0.9.10.exe, 00000000.00000002.2542527874.0000000004F7C000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: SELECT `FileName`,`Version`,`State`,`File`.`Attributes`,`TempAttributes`,`File`,`FileSize`,`Language`,`Sequence`,`Directory_`,`Installed`,`Action`,`Component` FROM `File`,`Component` WHERE `Component`=`Component_` AND `Component_`=? AND `Directory_`=?;So |
Source: DiStem-0.9.10.exe | String found in binary or memory: ComboBoxListBoxListViewINSERT INTO `` (`Property`, `Order`, `Value`, `Text`,`Binary_`) VALUES (?,?,?,?,?) TEMPORARY` (`Property`, `Order`, `Value`, `Text`) VALUES (?,?,?,?) TEMPORARYSELECT * FROM `%s` WHERE `Property`='%s' AND `Value`='%s'SELECT * FROM `%s` WHERE `Property`='%s'EditSELECT `Message` FROM `Error` WHERE `Error` = %sSELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmpALLUSERS = 1ALLUSERS = 2MSIINSTALLPERUSER = 1AI_PACKAGE_TYPE = "x64"AI_PACKAGE_TYPE = "Intel64"SELECT * FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'SELECT `Attributes` FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'$=3WS_BORDERWS_CAPTIONWS_CHILDWS_CHILDWINDOWWS_CLIPCHILDRENWS_CLIPSIBLINGSWS_DISABLEDWS_DLGFRAMEWS_GROUPWS_HSCROLLWS_ICONICWS_SIZEBOXWS_SYSMENUWS_TABSTOPWS_THICKFRAMEWS_VISIBLEWS_VSCROLLWS_MAXIMIZEBOXWS_MAXIMIZEWS_MINIMIZEBOXWS_MINIMIZEWS_OVERLAPPEDWINDOWWS_OVERLAPPEDWS_POPUPWINDOWWS_POPUPWS_TILEDWINDOWWS_TILEDWS_EX_ACCEPTFILESWS_EX_APPWINDOWWS_EX_CLIENTEDGEWS_EX_CONTEXTHELPWS_EX_CONTROLPARENTWS_EX_DLGMODALFRAMEWS_EX_LEFTWS_EX_LEFTSCROLLBARWS_EX_LTRREADINGWS_EX_MDICHILDWS_EX_NOPARENTNOTIFYWS_EX_OVERLAPPEDWINDOWWS_EX_PALETTEWINDOWWS_EX_RTLREADINGWS_EX_STATICEDGEWS_EX_TOOLWINDOWWS_EX_TOPMOSTWS_EX_TRANSPARENTWS_EX_WINDOWEDGEWS_EX_RIGHTSCROLLBARWS_EX_RIGHTWS_EX_LAYEREDWS_EX_NOACTIVATEWS_EX_NOINHERITLAYOUTWS_EX_LAYOUTRTLWS_EX_COMPOSITEDWS_EXAI_TRIAL_MESSAGE_BODYAI_MSM_TRIAL_MESSAGE_BODYAI_APP_FILEAI_README_FILEAI_APP_ARGSAI_RUN_AS_ADMINMsiLogFileLocation[ProgramFilesFolder][LocalAppDataFolder]Programs\[ProgramFiles64Folder][CommonFilesFolder][LocalAppDataFolder]Programs\Common\[CommonFiles64Folder][WindowsFolder][LocalAppDataFolder][SystemFolder][WindowsVolume][ProgramMenuFolder][DesktopFolder][StartupFolder][TemplateFolder][AdminToolsFolder][AI_UserProgramFiles][WindowsVolume]Program Files (x86)\[AI_ProgramFiles][WindowsVolume]Program Files\MIGRATEFindRelatedProductsMigrateFeatureStatesAI_SETMIXINSTLOCATIONAI_RESTORE_LOCATIONSELECT `ActionProperty` FROM `Upgrade``Action`='SET_APPDIR' OR `Action`='SET_SHORTCUTDIR'SET_APPDIRSET_SHORTCUTDIRSHORTCUTDIRProgramMenuFolderAI_SH_INITEDBrowseDlgCancelDlgDiskCostDlgExitDialogMsiRMFilesInUseOutOfDiskDlgOutOfRbDiskDlgDialog_Control_(`Control_` = 'Next' OR `Control_` = 'Install') AND `Event` = 'EndDialog' AND `Argument` = 'Return'ControlEventAI_INSTALLPERUSER = "0"ALLUSERSVersionMsi >= "5.0"2MSIINSTALLPERUSERAI_NEWINSTProductLanguageAI_INTANCE_LOCATIONAI_UPGRADEValuePropertyNoLanguageVe |