Windows Analysis Report
Predios.exe

ID:	1427676
Product:	CloudBasic
Start time:	23:36:55
Start date:	17.04.2024
Sample:	Predios.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b3f39d9d07c9ab215c5e204e7d1d46e8
SHA1:	9a3122ff03254992c5a0b3d34ac181316a217268
SHA256:	5e868e8eb5b82146457dc9381d68fb603e267c1ade4ba4ee5517be6afc70e33d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	B3FD01873BD5FD163AB465779271C58F	E1FF9981A09AB025D69AC891BFC931A776294D4D	985EB55ECB750DA812876B8569D5F1999A30A24BCC54F9BAB4D3FC44DFEDB931
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\coree103.rra	ASCII text, with CRLF line terminators	62D5F9827D867EB3E4AB9E6B338348A1	828E72F9C845B1C0865BADAEF40D63FB36447293	5214789C08EE573E904990DCD29E9E03AAF5CF12E86FAE368005FD8F4E371BD5
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rra	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	003A6C011AAC993BCDE8C860988CE49B	6D39D650DFA5DED45C4E0CB17B986893061104A7	590BE865DDF8C8D0431D8F92AA3948CC3C1685FD0649D607776B81CD1E267D0A
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rra	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	377765FD4DE3912C0F814EE9F182FEDA	A0AB6A28F4BA057D5EAE5C223420EB599CD4D3B1	8EFCBD8752D8BBFD7EE559502D1AA28134C9BF391BF7FC5CE6FDFD4473599AFB
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rra	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8F02B204853939F8AEFE6B07B283BE9A	C161B9374E67D5FA3066EA03FC861CC0023EB3CC	32C6AD91DC66BC12E1273B1E13EB7A15D6E8F63B93447909CA2163DD21B22998
C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\temp.000	PE32 executable (GUI) Intel 80386, for MS Windows	B3FD01873BD5FD163AB465779271C58F	E1FF9981A09AB025D69AC891BFC931A776294D4D	985EB55ECB750DA812876B8569D5F1999A30A24BCC54F9BAB4D3FC44DFEDB931
C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rra	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B2F7E6DC7E4AAE3147FBFC74A2DDB365	716301112706E93F85977D79F0E8F18F17FB32A7	4F77A9018B6B0D41151366E9ACAB3397416D114FC895703DEB82B20F40116AD1
C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B2F7E6DC7E4AAE3147FBFC74A2DDB365	716301112706E93F85977D79F0E8F18F17FB32A7	4F77A9018B6B0D41151366E9ACAB3397416D114FC895703DEB82B20F40116AD1
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\corecomp.ini (copy)	ASCII text, with CRLF line terminators	62D5F9827D867EB3E4AB9E6B338348A1	828E72F9C845B1C0865BADAEF40D63FB36447293	5214789C08EE573E904990DCD29E9E03AAF5CF12E86FAE368005FD8F4E371BD5
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	003A6C011AAC993BCDE8C860988CE49B	6D39D650DFA5DED45C4E0CB17B986893061104A7	590BE865DDF8C8D0431D8F92AA3948CC3C1685FD0649D607776B81CD1E267D0A
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	377765FD4DE3912C0F814EE9F182FEDA	A0AB6A28F4BA057D5EAE5C223420EB599CD4D3B1	8EFCBD8752D8BBFD7EE559502D1AA28134C9BF391BF7FC5CE6FDFD4473599AFB
C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8F02B204853939F8AEFE6B07B283BE9A	C161B9374E67D5FA3066EA03FC861CC0023EB3CC	32C6AD91DC66BC12E1273B1E13EB7A15D6E8F63B93447909CA2163DD21B22998
C:\Users\user\AppData\Local\Temp\e0d4.rra	Composite Document File V2 Document, Cannot read section info	34AAA1BBB28D5A358D3D827AD504CCC1	717A1619CF1AAFA0834786A5AAAA1304BA5607B5	70A75179F8A94D05A0BD3EFA2BC266147D24A1370904C475635FEF01F5BE683D
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	6911BC3432DFAF16063F6C2AF5EB4B52	94E77684FE200B189061207B5FD042BB22D2F37D	AD22C57908918F70864634B2580CB57237DBD1031F6F7A662F7644CFE0B57528
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.ini	ASCII text, with CRLF line terminators	95B31317E41FAFC647C70C6F23BDDAC0	81AAB27354D9561C7D235B7E8CF1F5FB53E38315	6B99F3FD8ABB32A2FB387933CB4CF95130BD3003E27C403101CD6226C60C8C44
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.cab	InstallShield CAB	4A35FC4935297C7CDA6566D71CFC9E4C	0CEB120F545F78A9888B23B1D2F97E70726B69DB	E6C7DAF57879819C4CBA9ADFC29EAEC3713A3DC76D65E7F5AB10CDDE5393B323
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.hdr	InstallShield CAB	DBF63E458853A706AD60BEAC003F9A1F	918CC70E4EAF6DB17D51AC6C9359D9413C6FE635	E3F68550DC43306BE0FE88B32075B6F912C8CB1E81BF8B71694DB11B3A45612F
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data2.cab	InstallShield CAB	4D69A93F67A37BBCBC6CB315EB609904	90A6AC21288819F1DCCD4416EB9421FBD105F096	0B7DC11787D740AC9A4726DECA0461F0D350ECFB0CC58F6AC8C93BD22D3AD77D
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\ikernel.ex_	MS Compress archive data, SZDD variant, original size: 614532 bytes	93B63F516482715A784BBEC3A0BF5F3A	2478FECA446576C33E96E708256D4C6C33E3FA68	FBF95719B956B548B947436E29FEB18BB884E01F75AE31B05C030EBD76605249
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\layout.bin	data	5C3E186FE4E2247287C107D5ADF72B1A	B57A9F2DACA31CDA6DA7BBA1175CD2ABFB9FFA94	A7226831DCC5D687A8EB8DBA47018E179175BD946C1656602F662D1F4ED08418
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk2\data3.cab	InstallShield CAB	D1C10E9B61D9D2BDD5E0177C2C6AB68B	295D41CE4E4BFB1F68819ADAF91CC38CFEF56E06	CB37783B7830266FF1CD287EF9D7DFED2719B5E5D1FF60852A67D0A146F8ACA1
C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\pftw1.pkg	Microsoft Cabinet archive data, many, 1981877 bytes, 9 files, at 0x2c +A "\Disk1\data1.cab" +A "\Disk1\data1.hdr", ID 12345, number 1, 68 datablocks, 0x1 compression	5C69717B1F67908EF24BE331972B1342	CD62B66008CED88F8003ADA49B3236EBEB1F4D61	5C96EC94B2CE9D39739739388B88B84014498E098A145D7DEFB852E4C68160EE
C:\Users\user\AppData\Local\Temp\plfDD4A.tmp	Generic INItialization configuration [Dialog1001]	F114A12FB837065496A1F030DCAD1C16	D0A3EE8558BD737AAD090864E3FB2FDFD3721A4A	94F9FDB98A32C1218F00EA894DCB1EA6D9B430709C0A3987CD9667B24FCCDC10
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\Licee345.rra	ISO-8859 text, with CRLF line terminators	031CC0CE2867DB66202B974F99164DB1	85ADDF830C494EE2006B8669079CB0E6D126754B	707CB7AB4AF9214BC61F39117B389D24E3B17802592C573F93AFFE11D89AF230
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\License.txt (copy)	ISO-8859 text, with CRLF line terminators	031CC0CE2867DB66202B974F99164DB1	85ADDF830C494EE2006B8669079CB0E6D126754B	707CB7AB4AF9214BC61F39117B389D24E3B17802592C573F93AFFE11D89AF230
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rra	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	CD67B128E6C3B33B1A8F03D10CAD60C6	1B60D6DF046810078DA8B301761D1B095A2F90D8	60633F136A0198FA67AD23F06F84585E23B9FA55B80AF8F4ADA5829B7B07B20E
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRes.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	CD67B128E6C3B33B1A8F03D10CAD60C6	1B60D6DF046810078DA8B301761D1B095A2F90D8	60633F136A0198FA67AD23F06F84585E23B9FA55B80AF8F4ADA5829B7B07B20E
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\defae393.rra	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c	0ABAFE3F69D053494405061DE2629C82	E414B6F1E9EB416B9895012D24110B844F9F56D1	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\default.pal (copy)	RIFF (little-endian) data, palette, 1168 bytes, data size 1028, 256 entries, extra bytes 0x6f66666c	0ABAFE3F69D053494405061DE2629C82	E414B6F1E9EB416B9895012D24110B844F9F56D1	8075162DB275EB52F5D691B15FC0D970CB007F5BECE33CE5DB509EDF51C1F020
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrt.dll (copy)	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	13B70633DF1BF63E19FE4A74A53B8896	F542F67CC15002F76F3AB9230297CCCA2461C009	7F852B5EE852AE2870D63DB4D9CAC454E08E93104D18BF5C9EFC068D85C35147
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rra	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	13B70633DF1BF63E19FE4A74A53B8896	F542F67CC15002F76F3AB9230297CCCA2461C009	7F852B5EE852AE2870D63DB4D9CAC454E08E93104D18BF5C9EFC068D85C35147
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\setue335.rra	data	25923E26470310A22807864DAE449C25	FC9B78727D65EE153DD12A815DD5A14400738E93	58475E1F61AB5F54B4035EAFF5FD99CD268C293850ADFC3CF10BB0DA81B3DE37
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\setup.inx (copy)	data	25923E26470310A22807864DAE449C25	FC9B78727D65EE153DD12A815DD5A14400738E93	58475E1F61AB5F54B4035EAFF5FD99CD268C293850ADFC3CF10BB0DA81B3DE37
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\value.shl (copy)	Generic INItialization configuration [Data]	F3511841C616791B64CB56F3B7CAAFFC	A5F8DF46DD3E30437E678404D3D1A449A101352A	D528EDC175551BAF480A6F7C9D4EF03369DD472274DEC4D4319642ED8BD34B2C
C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\value374.rra	Generic INItialization configuration [Data]	F3511841C616791B64CB56F3B7CAAFFC	A5F8DF46DD3E30437E678404D3D1A449A101352A	D528EDC175551BAF480A6F7C9D4EF03369DD472274DEC4D4319642ED8BD34B2C

Compliance

Source: Predios.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Spreading

Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.cab
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\

System Summary

Source: Predios.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: clean3.winEXE@10/23@0/0

Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe

File created: C:\Program Files (x86)\Common Files\InstallShield\

Source: C:\Users\user\Desktop\Predios.exe

File created: C:\Users\user\AppData\Local\Temp\plfDD4A.tmp

Source: Predios.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe

File read: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.ini

Source: C:\Users\user\Desktop\Predios.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\Predios.exe

File read: C:\Users\user\Desktop\Predios.exe

Source: unknown	Process created: C:\Users\user\Desktop\Predios.exe "C:\Users\user\Desktop\Predios.exe"
Source: C:\Users\user\Desktop\Predios.exe	Process created: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe "C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer
Source: unknown	Process created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe C:\PROGRA~2\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe -Embedding
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /REGSERVER
Source: C:\Users\user\Desktop\Predios.exe	Process created: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe "C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe" -RegServer
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /REGSERVER
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /UNREGSERVER
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe "C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe" /UNREGSERVER

Source: C:\Users\user\Desktop\Predios.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: acgenral.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: winmm.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: samcli.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: msacm32.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: aclayers.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: sfc.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: lz32.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: riched32.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: riched20.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: usp10.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\Predios.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: acspecfc.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: ddraw.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: dciman32.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: textshaping.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acspecfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: mpr.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ddraw.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dwmapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dxgi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: dciman32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: acgenral.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: samcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: aclayers.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sfc_os.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: sxs.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Section loaded: winhttp.dll

Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Source: C:\Users\user\Desktop\Predios.exe

File written: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.ini

Source: C:\Users\user\Desktop\Predios.exe

File opened: C:\Windows\SysWOW64\RICHED32.DLL

Source: Predios.exe

Static file information: File size 2150764 > 1048576

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\Predios.exe	File created: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rra			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\temp.000			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rra			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\temp.000			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	File created: C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rra			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Predios.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\Setup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objee180.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\isrte383.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\IScript\iscre1be.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{F4D57F79-B12B-4748-8D22-FEB5B3CF9A9D}\_IsRe3a3.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctore132.rra			Jump to dropped file
Source: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iusee18f.rra			Jump to dropped file

Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\Predios.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\AppData\Local\Temp\pftDD9A~tmp\Disk1\data1.cab
Source: C:\Users\user\Desktop\Predios.exe	File opened: C:\Users\user\