Windows Analysis Report
as-installer-7.0.2594-web.exe

Overview

General Information

Sample name: as-installer-7.0.2594-web.exe
Analysis ID: 1431891
MD5: 300f31971ebd5be2cc52e0925b8f8776
SHA1: 84d4858f76728b3809402183670b732fee418410
SHA256: bd98e452f417b03919ce232385d4d5022e1fcea9f57de86fafe934c53c117c24
Infos:

Detection

Score: 39
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

.NET source code contains potential unpacker
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_000559EA DecryptFileW,DecryptFileW, 0_2_000559EA
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00076A8B _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError, 0_2_00076A8B
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00055C08 DecryptFileW, 0_2_00055C08
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00054C6D CryptHashPublicKeyInfo,_memcmp,_memcmp,GetLastError, 0_2_00054C6D
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00054DE0 _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust, 0_2_00054DE0
Uses 32bit PE files
Source: as-installer-7.0.2594-web.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 52.92.181.152:443 -> 192.168.2.4:49733 version: TLS 1.0
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\License.rtf Jump to behavior
Source: as-installer-7.0.2594-web.exe Static PE information: certificate valid
Source: as-installer-7.0.2594-web.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller\obj\Release\Xeam.VisualInstaller.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb3 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\src\wix39\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.1.dr
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.MVVM\obj\Release\Xeam.Base.MVVM.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: $^q!costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.UI\obj\Release\Xeam.Base.UI.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: xeam.base.ui9costura.xeam.base.ui.dll.zip9costura.xeam.base.ui.pdb.zip/xeam.license.activationOcostura.xeam.license.activation.dll.zipOcostura.xeam.license.activation.pdb.zip#xeam.license.coreCcostura.xeam.license.core.dll.zipCcostura.xeam.license.core.pdb.zip3xeam.visualinstaller.dataScostura.xeam.visualinstaller.data.dll.zipScostura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: {0}.{1}!bootstrappercoreAcostura.bootstrappercore.dll.zip9system.windows.interactivityYcostura.system.windows.interactivity.dll.zip'xeam.base.documentsGcostura.xeam.base.documents.dll.zipGcostura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.Data\obj\Release\Xeam.VisualInstaller.Data.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.dr
Source: Binary string: costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: C:\src\wix39\build\ship\x86\burn.pdb source: as-installer-7.0.2594-web.exe
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
Source: Binary string: costura.xeam.base.ui.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb`\~\ p\_CorDllMainmscoree.dll source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: $^q#costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: $^q)costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: $^q'costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.DummyLicenseValidator\obj\Release\Xeam.DummyLicenseValidator.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2928811138.00000000073E2000.00000002.00000001.01000000.0000000F.sdmp, Xeam.DummyLicenseValidator.dll.1.dr
Source: Binary string: xeam.base.mvvm=costura.xeam.base.mvvm.dll.zip=costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2929697734.0000000007720000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AAE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: c:\src\wix39\build\obj\ship\x86\core\BootstrapperCore.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.dr
Source: Binary string: C:\src\wix39\build\ship\x86\mbahost.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.1.dr
Source: Binary string: costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb8 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
Source: Binary string: C:\Jenkins_MCU\workspace\as-bootstrapper\bootstrapper\vsproj\as-bootstrapper.Ui\obj\External\as-bootstrapper.Ui.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007DAF5 _memset,FindFirstFileW,FindClose, 0_2_0007DAF5
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007E632 _memset,_memset,GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 0_2_0007E632
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0005568E _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 0_2_0005568E

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll, type: DROPPED
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /atmel-studio/update-info/7.0/update-aws.xml HTTP/1.1Host: s3-us-west-2.amazonaws.comConnection: Keep-Alive
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 52.92.181.152:443 -> 192.168.2.4:49733 version: TLS 1.0
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007FFA3 InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError, 0_2_0007FFA3
Source: global traffic HTTP traffic detected: GET /atmel-studio/update-info/7.0/update-aws.xml HTTP/1.1Host: s3-us-west-2.amazonaws.comConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: s3-us-west-2.amazonaws.com
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://Laika42.License.LicenseInfoObject
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://Laika42.License.PrivateKeyFile
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://Laika42.License.PrivateKeyFilely
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics-time
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp String found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Brushes.xamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Colours.xamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.Buttons.xamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.ListView.xamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.Scrollbars.xamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Controls.xamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://defaultcontainer/Xeam.Base.UI;component/Styles/Fonts.xamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Styles/Brushes.xaml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Styles/Controls.ListView.xaml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Styles/Controls.Scrollbars.xaml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/Styles/Controls.xaml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/brushes.baml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/brushes.bamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/controls.baml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/controls.bamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/controls.listview.baml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/controls.listview.bamld
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/controls.scrollbars.baml
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://foo/bar/styles/controls.scrollbars.bamld
Source: License.rtf.1.dr String found in binary or memory: http://mvvmlight.codeplex.com/license
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mvvmlight.codeplex.com/licenseLR
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mvvmlight.codeplex.com/licenseo
Source: Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://ocsp.digicert.com0H
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://ocsp.digicert.com0I
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://ocsp.thawte.com0
Source: License.rtf.1.dr String found in binary or memory: http://opensource.org/licenses/apache2.0.php
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://opensource.org/licenses/apache2.0.phpLR
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: Xeam.VisualInstaller.dll.1.dr String found in binary or memory: http://schemas.datacontract.org/2004/07/Laika42.Base.Documents
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr String found in binary or memory: http://schemas.datacontract.org/2004/07/System
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: License.rtf.1.dr String found in binary or memory: http://sourceware.org/newlib/COPYING.NEWLIB
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr String found in binary or memory: http://test.laika42.com/update/testsetup.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp, Xeam.DummyLicenseValidator.dll.1.dr, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.SystemValidation.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://wixtoolset.org/
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.dr String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.dr String found in binary or memory: http://wixtoolset.org/news/
Source: mbapreq.thm.1.dr String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://wixtoolset.org/telemetry/v
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ww1.microchip.com/downloads/en/DeviceDoc/Getting-Started-with-Atmel-Studio7.pdf
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.arm.c
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.arm.cLR
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925535464.0000000005394000.00000004.00000800.00020000.00000000.sdmp, License.rtf.1.dr String found in binary or memory: http://www.arm.com/products/processors/cortex-m/cortex-microcontr
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925535464.0000000005394000.00000004.00000800.00020000.00000000.sdmp, License.rtf.1.dr String found in binary or memory: http://www.arm.com/products/processors/cortex-m/cortex-microcontroller-software-inte
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.arm.com/products/processors/cortex-m/cortex-microcontroller-software-interface-standard.p
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004BC2000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.atmel.com/About/privacy.aspx
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: http://www.atmel.com/About/privacy.aspx?
Source: License.rtf.1.dr String found in binary or memory: http://www.boost.org/users/license.html
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.boost.org/users/license.html:
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.boost.org/users/license.htmlLR
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.o
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.oLR
Source: License.rtf.1.dr String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: License.rtf.1.dr String found in binary or memory: http://www.gnu.org/licenses/lgpl.html
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlLR
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/lgpl.htmla
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/lgpl.htmld
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlo
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004CD2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlt
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/lgpl.htmlv
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/Bootstrapp
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr, Configuration.xml.1.dr String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd#Configuration.xml
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004646000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd$
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AccentColor
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AccentContrastColor
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AnotherInstallationRunning
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:AppSecret
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:BackupDir
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:BackupDirVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ConnectionStringVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:CreateDatabase
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Culture
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DataDir
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DataDirVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DatabaseNameVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DefaultSystemCulture
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:DetailCheck
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ExcelVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:FeatureU:Required
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Finish
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:FinishError
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:FolderValidation
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Help
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:HelpUiSequence
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:HelpUiSequence0
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:IISVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:IISVersion_Pkgmgr
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InputMaskSectionLength
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InputMaskSectionNo
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallDir
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallDirVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallMetrics
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallUiSequence
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstallWelcome
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:InstanceNameVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:IntegratedSecurityVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:;Read37_Laika42W
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:ika42.com/Bootst
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper:False:l
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Laika42.Wix.Bootstrapper;
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommand
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchCommandl
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LaunchProductEnabled
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LayoutUiSequence
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LayoutWelcome
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:License
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseAssembly
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseClassWithNamespace
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseStringVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LicenseValidation
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LogDir
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:LogDirVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:MaintenanceUiSequence
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:MaintenanceWelcome
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:NewerVersionInstalled
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:NewerVersionInstalledUiSequence
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:OleDbProvider
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:OperatingSystem
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:OutlookVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Pages
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PasswordVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelection
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PathSelection//www.laika42.com/BootstrapperConf
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:PowerPointVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Process
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Process$
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Progress
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:QueryDatabase
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Role
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Role3:DisplayName
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:RunningProcess
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SendMetricsDefault
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Sequences
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ServerNameVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowBackupDirSelection
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowDataDirSelection
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowInstallDirSelection
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowLaunchProduct
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowLicenseInfo
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowLogDirSelection
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowMachineKey
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowSendMetrics
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ShowTempDirSelection
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SqlServerConnection
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SystemRebootPending
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SystemValidation
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:SystemValidationCp
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:TempDir
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:TempDirVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:TestModeOn
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ThemeBase
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:ThemeColor
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:Transition
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UI
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UpdateAvailable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UpperCase
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UseOleDb
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:UserNameVariable
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VersionCheck
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VersionCheckt
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VisioVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:VisualStudioVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:WiXToolsetVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:WiXToolsetVersionk:Deactivated
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsd:WordVersion
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsdT
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://www.laika42.com/BootstrapperConfiguration.xsdl
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B95C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visual
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B979000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B95C000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B985000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000457F000.00000004.00000800.00020000.00000000.sdmp, Xeam.VisualInstaller.dll.1.dr, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B985000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:?Read3_VisualInstallerUpdateInf
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:er/updateinfo/1.0:DownloadUrl
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0::False:l
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B979000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Descri
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Description
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadSize
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:DownloadUrl
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Name
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:UpdateInfo
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:Version
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B979000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B95C000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004583000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933394386.000000000B981000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:VisualInstallerUpdateInfo
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931053034.000000000B6F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0:VisualInstallerUpdateInfoLocal
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.dr String found in binary or memory: http://www.laika42.com/schemas/visualinstaller/updateinfo/1.0T
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1816253996.000000000B9C7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2925535464.0000000005394000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2933918516.000000000B9AF000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.2117689583.000000000B9C7000.00000004.00000020.00020000.00000000.sdmp, License.rtf.1.dr String found in binary or memory: http://www.microchip.com
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.microchip.comLR
Source: License.rtf.1.dr String found in binary or memory: http://www.nongnu.org/avr-libc/LICENSE.txt
Source: License.rtf.1.dr String found in binary or memory: http://www.opensource.org/licenses/UoI-NCSA.php
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/UoI-NCSA.phpLR
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/UoI-NCSA.phpq
Source: License.rtf.1.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/mit-license.phpJ
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004BC2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/mit-license.phpLR
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr String found in binary or memory: http://www.wixtoolset.org
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr String found in binary or memory: http://www.xeam-solutions.com/products/visual-installer.html
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr String found in binary or memory: http://www.xeam-solutions.com/products/visual-installer.htmlQXeam.VisualInstaller.Bootstrapper.l42pv
Source: License.rtf.1.dr String found in binary or memory: https://dotnetzip.codeplex.com/license
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dotnetzip.codeplex.com/licenseLR
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.c
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.cLR
Source: License.rtf.1.dr String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/blob/master/LICENSE.md
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/blob/master/LICENSE.mdLR
Source: Xeam.VisualInstaller.dll.1.dr String found in binary or memory: https://imr.xeam-solutions.com/receiver.aspx
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006CD7000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1674630526.0000000006C81000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006C80000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926996083.0000000006F30000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926705623.0000000006D59000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.00000000055F9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://markusw.visualstudio.com/DefaultCollection
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: https://microchipsupport.force.com/s/article/Atmel-Studio-intallation-error-specified-account-exists
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-The-older-version-o
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-There-is-a-problem-
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: https://microchipsupport.force.com/s/global-search/Atmel%20Studio%207%20Installer
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://raw.gith
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://raw.githLR
Source: License.rtf.1.dr String found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSE
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSE=
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSELR
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000468D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://raw.githubusercontent.com/cefsharp/CefSharp/master/LICENSEQX
Source: License.rtf.1.dr String found in binary or memory: https://raw.githubusercontent.com/cefsharp/cef-binary/master/LICENSE.txt
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1751161694.0000000004D43000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://raw.githubusercontent.com/cefsharp/cef-binary/master/LICENSE.txtLR
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.am
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazo
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E18000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, AS_20240425230623.log.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.7z
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.7z9
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.7zN
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/armtoolchain-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.000000000457F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/asf-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.7z
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.7zd
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.msi4z
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/atmelstudio-7.0.2594.msible=
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32packs-7.0.2594.7z
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32packs-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32packs-7.0.2594.msi_SAMPACKS
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.7z
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.7zXzN
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avr32toolchain-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrpacks-7.0.2594.7z
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrpacks-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrpacks-7.0.2594.msiq
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrq
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrtoolchain-7.0.2594.7z
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/avrtoolchain-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-atmel-installer-x64-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-atmel-installer-x86
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-atmel-installer-x86-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-libusb0-installer-x64-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-libusb0-installer-x86-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-mplabcomm-installer-7.0.2594.exe
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-segger-installer-x64-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-segger-installer-x86-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/driver-winusb-installer-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/sampacks-7.0.2594.7z
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/sampacks-7.0.2594.msi
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/7.0.2594/sampacks-7.0I
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/VS14-KB3095681-14.0.23317.0.exe
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/dotnetfx-4.0.30319.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1734101362.000000000B7D5000.00000004.00000020.00020000.00000000.sdmp, AS_20240425230623.log.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/update-info/7.0/update-aws.xml
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/vcredist_x86-10.0.30319.01.exe
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/visual-studio-isolated-shell-14.0.23107.10.exe
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.00000000043B4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669432979.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1669351781.0000000000ED3000.00000004.00000020.00020000.00000000.sdmp, BootstrapperApplicationData.xml.1.dr String found in binary or memory: https://s3-us-west-2.amazonaws.com/atmel-studio/xc8-installer-v2.36-win.x64.exe
Source: as-installer-7.0.2594-web.exe String found in binary or memory: https://www.digicert.com/CPS0
Source: as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.microchip.com
Source: as-installer-7.0.2594-web.exe, 00000000.00000003.1664372039.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2919535839.0000000000E68000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000003.1664653285.0000000000E77000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000000.00000002.2921369508.00000000033F0000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2923056448.0000000003300000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.microchip.com/mplab/avr-support/atmel-studio-7
Source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr String found in binary or memory: https://www.microchip.com/mplab/compilers?utm_source=StudioXC8&utm_medium=Install&utm_campaign=Studi
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.microchip.comZ
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Detected potential crypto function
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00073072 0_2_00073072
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00074A4A 0_2_00074A4A
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006C250 0_2_0006C250
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00061273 0_2_00061273
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006A2AB 0_2_0006A2AB
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00072B00 0_2_00072B00
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006ABB7 0_2_0006ABB7
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_000673CA 0_2_000673CA
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006B421 0_2_0006B421
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007545B 0_2_0007545B
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007054A 0_2_0007054A
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00051DAD 0_2_00051DAD
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_000735E4 0_2_000735E4
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_000456A4 0_2_000456A4
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006A79F 0_2_0006A79F
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00046FAF 0_2_00046FAF
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006AFEC 0_2_0006AFEC
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0658B2D5 1_2_0658B2D5
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_065882E3 1_2_065882E3
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0658A01A 1_2_0658A01A
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0658781F 1_2_0658781F
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_069F5923 1_2_069F5923
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0742D962 1_2_0742D962
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07428A9A 1_2_07428A9A
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07428429 1_2_07428429
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07424236 1_2_07424236
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB0D414 1_2_6CB0D414
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB05419 1_2_6CB05419
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB0C930 1_2_6CB0C930
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB0CEA2 1_2_6CB0CEA2
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB0E681 1_2_6CB0E681
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB0EEEF 1_2_6CB0EEEF
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB09FB1 1_2_6CB09FB1
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_04326238 1_2_04326238
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_04329820 1_2_04329820
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0432AA9F 1_2_0432AA9F
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_073FA2D0 1_2_073FA2D0
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07490F33 1_2_07490F33
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0742E0D1 1_2_0742E0D1
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_065846B0 1_2_065846B0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: String function: 00076473 appears 484 times
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: String function: 0007C9A2 appears 74 times
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: String function: 00077258 appears 655 times
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: String function: 0007A845 appears 51 times
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: String function: 00077731 appears 34 times
Sample file is different than original file name gathered from version info
Source: as-installer-7.0.2594-web.exe Binary or memory string: OriginalFilename vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameXeam.Base.MVVM.dll< vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameXeam.License.Core.dllD vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSystem.Windows.Interactivity.dll\ vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928838570.00000000073E4000.00000002.00000001.01000000.0000000F.sdmp Binary or memory string: OriginalFilenameXeam.DummyLicenseValidator.dllX vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameXeam.Base.UI.dll< vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929697734.0000000007720000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameSystem.Windows.Interactivity.dll\ vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1674480224.0000000006D35000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMsMpLics.dllj% vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006B70000.00000002.00000001.01000000.0000000A.sdmp Binary or memory string: OriginalFilenameXeam.VisualInstaller.dlld! vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2936601384.000000006CB19000.00000002.00000001.01000000.00000006.sdmp Binary or memory string: OriginalFilenamembahost.dll\ vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameXeam.Base.Documents.dll< vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameXeam.Base.UI.dll< vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926431928.00000000069FE000.00000002.00000001.01000000.0000000B.sdmp Binary or memory string: OriginalFilenameXeam.VisualInstaller.Data.dllT vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: OriginalFilenameBootstrapperCore.dll\ vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929250273.000000000747E000.00000002.00000001.01000000.00000010.sdmp Binary or memory string: OriginalFilenameXeam.VisualInstaller.SystemValidation.dlll& vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameXeam.Base.UI.dll< vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1674361218.0000000006D1C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMsMpLics.dllj% vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1724692427.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2919737117.0000000000EFA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929137519.0000000007460000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: OriginalFilenameas-bootstrapper.Ui.dllR vs as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AAE000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSystem.Windows.Interactivity.dll\ vs as-installer-7.0.2594-web.exe
Uses 32bit PE files
Source: as-installer-7.0.2594-web.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Xeam.VisualInstaller.dll.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Xeam.VisualInstaller.dll.1.dr, Payload.cs Suspicious method names: .Payload.IncrementDownloadAttemptsAndChangeDownloadMethod
Source: Xeam.VisualInstaller.dll.1.dr, Payload.cs Suspicious method names: .Payload.ParseProtocolFromUrl
Source: Xeam.VisualInstaller.dll.1.dr, Payload.cs Suspicious method names: .Payload.SetWinINet
Source: Xeam.VisualInstaller.dll.1.dr, Payload.cs Suspicious method names: .Payload.SetDownloadUrl
Source: Xeam.VisualInstaller.dll.1.dr, Payload.cs Suspicious method names: .Payload.SetBits
Source: Xeam.VisualInstaller.dll.1.dr, Package.cs Suspicious method names: .Package.GetPayloadByIdAddIfNotFound
Source: Xeam.VisualInstaller.dll.1.dr, Package.cs Suspicious method names: .Package.GetPayloadById
Source: classification engine Classification label: sus39.troj.evad.winEXE@3/44@1/1
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007A89B FormatMessageW,GetLastError,LocalFree, 0_2_0007A89B
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00041248 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 0_2_00041248
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007C6FF GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess, 0_2_0007C6FF
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00061C75 ChangeServiceConfigW,GetLastError, 0_2_00061C75
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Mutant created: NULL
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\ Jump to behavior
Source: as-installer-7.0.2594-web.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: as-installer-7.0.2594-web.exe String found in binary or memory: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: as-installer-7.0.2594-web.exe String found in binary or memory: icenseInfo>true</ShowLicenseInfo> </InstallWelcome> <LayoutWelcome> <ShowLicenseInfo>false</ShowLicenseInfo> </LayoutWelcome> <Finish> <ShowLaunchProduct>true</ShowLaunchProduct> <LaunchProductEnabled>
Source: as-installer-7.0.2594-web.exe String found in binary or memory: rue</LaunchProductEnabled> <LaunchCommand>[INSTALLDIR]\Product.exe</LaunchCommand> </Finish> <SqlServerConnection> <ConnectionStringVariable>SQLCONNECTIONSTRING</ConnectionStringVariable> <QueryDatabase>true</Qu
Source: as-installer-7.0.2594-web.exe String found in binary or memory: r/> </InstallUiSequence> <!-- Layout/Administrative image sequence--> <LayoutUiSequence> <LayoutWelcome/> <!-- additional pages go here --> <Progress/> <Finish/> <FinishError/> </LayoutUiSequence>
Source: as-installer-7.0.2594-web.exe String found in binary or memory: Color>#ffffffff</AccentContrastColor>--> <Transition>LeftSlide</Transition> <Pages> <InstallWelcome> <InstallDirVariable>INSTALLDIR</InstallDirVariable> <ShowInstallDirSelection>true</ShowInstallDirSelection> <Show
Source: as-installer-7.0.2594-web.exe String found in binary or memory: ilable/>--> <InstallWelcome /> <!--<SystemValidation />--> <!--<LicenseValidation/>--> <!--<SqlServerConnection/>--> <!--<PathSelection/>--> <Progress/> <Finish/> <FinishError/> </InstallUiSequence>
Source: as-installer-7.0.2594-web.exe String found in binary or memory: ttp://www.xeam-solutions.com/products/visual-installer.html
Source: as-installer-7.0.2594-web.exe String found in binary or memory: /LicenseValidation> <PathSelection> <InstallDirVariable>INSTALLDIR</InstallDirVariable> <DataDirVariable>DATADIR</DataDirVariable> <BackupDirVariable>BACKUPDIR</BackupDirVariable> <LogDirVariable>LOGDIR</LogDirVaria
Source: as-installer-7.0.2594-web.exe String found in binary or memory: <LaunchCommand>[INSTALLDIR]\Product.exe</LaunchCommand> </Finish> <!-- sql server connection is not available in light version --> <SqlServerConnection> <ConnectionStringVariable>SQLCONNECTIONSTRING</ConnectionStringVaria
Source: as-installer-7.0.2594-web.exe String found in binary or memory: S</Culture> <ThemeColor>Xeam</ThemeColor> <Pages> <InstallWelcome> <InstallDirVariable>INSTALLDIR</InstallDirVariable> <ShowInstallDirSelection>true</ShowInstallDirSelection> <ShowLicenseInfo>true</ShowLicenseInfo>
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://www.xeam-solutions.com/products/visual-installer.html
Source: as-installer-7.0.2594-web.exe String found in binary or memory: </InstallWelcome> <LayoutWelcome> <ShowLicenseInfo>true</ShowLicenseInfo> </LayoutWelcome> <Finish> <ShowLaunchProduct>true</ShowLaunchProduct> <LaunchProductEnabled>true</LaunchProductEnabled>
Source: as-installer-7.0.2594-web.exe String found in binary or memory: </InstallWelcome> <LayoutWelcome> <ShowLicenseInfo>true</ShowLicenseInfo> </LayoutWelcome> <Finish> <ShowLaunchProduct>true</ShowLaunchProduct> <LaunchProductEnabled>true</LaunchProductEnabled>
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics-time
Source: as-installer-7.0.2594-web.exe String found in binary or memory: /as-bootstrapper.Ui;component/integratedpages/installnotepage.xaml
Source: as-installer-7.0.2594-web.exe String found in binary or memory: http://atmel-studio-metrics.s3-website-us-west-2.amazonaws.com/v2.0/installer-send-metrics
Source: as-installer-7.0.2594-web.exe String found in binary or memory: as-installer-
Source: as-installer-7.0.2594-web.exe String found in binary or memory: integratedpages/installwelcomepage.baml
Source: as-installer-7.0.2594-web.exe String found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-The-older-version-of-Product-Name-cannot-be-remov
Source: as-installer-7.0.2594-web.exe String found in binary or memory: integratedpages/installnotepage.baml
Source: as-installer-7.0.2594-web.exe String found in binary or memory: https://microchipsupport.force.com/s/article/Fix-Atmel-Studio-installation-error-There-is-a-problem-with-this-Windows-Installer-pa
Source: as-installer-7.0.2594-web.exe String found in binary or memory: /as-bootstrapper.Ui;component/integratedpages/installwelcomepage.xaml
Source: as-installer-7.0.2594-web.exe String found in binary or memory: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe
Source: as-installer-7.0.2594-web.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: as-installer-7.0.2594-web.exe String found in binary or memory: <UDWixBundleLayoutDirectoryFailed to initialize engine state.Failed to initialize COM.Failed to initialize Cryputil.Failed to initialize Regutil.Failed to initialize Wiutil.Failed to initialize XML util.engine.cppFailed to get OS info.3.9.1006.0Failed to initialize core.Failed to run per-user mode.Failed to run per-machine mode.Failed to run embedded mode.Failed to run RunOnce mode.Invalid run mode.txt_FailedSetupFailed to initialize engine section.Failed to open log.Failed to initialize internal cache functionality.Failed to create pipes to connect to elevated parent process.Failed to connect to elevated parent process.Failed to check global conditionsFailed to create the message window.Failed to query registration.Failed to set action variables.Failed to set registration variables.Failed to set layout directory variable to value provided from command-line.Failed while running Failed to create implicit elevated connection name and secret.Failed to launch unelevated process.Failed to connect to unelevated process.Failed to allocate thread local storage for logging.Failed to set elevated pipe into thread local storage for logging.Failed to pump messages from parent process.Failed to connect to parent of embedded process.Failed to run bootstrapper application embedded.Unable to get resume command line from the registryFailed to get current process path.Failed to re-launch bundle process after RunOnce: %lsFailed to create engine for UX.Failed to load UX.Failed to start bootstrapper application.Unexpected return value from message pump.Failed to get process token.SeShutdownPrivilegeFailed to get shutdown privilege LUID.Failed to adjust token to add shutdown privileges.Failed to schedule restart.
Source: as-installer-7.0.2594-web.exe String found in binary or memory: 2020 Microchip Technology, Inc.d<OriginalFilenameas-installer-7.0.2594-web.exeD"ProductNameMicrochip Studio8
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File read: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe"
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process created: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe" -burn.unelevated BurnPipe.{D84EEA79-1F13-4715-8116-E5DD7E6F96FB} {86C0AC07-21D7-4C0B-B966-E37DDFE95ADA} 7504
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process created: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe "C:\Users\user\Desktop\as-installer-7.0.2594-web.exe" -burn.unelevated BurnPipe.{D84EEA79-1F13-4715-8116-E5DD7E6F96FB} {86C0AC07-21D7-4C0B-B966-E37DDFE95ADA} 7504 Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: spp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: feclient.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msvcp140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: msctfui.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: d3dcompiler_47.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: as-installer-7.0.2594-web.exe Static PE information: certificate valid
Source: as-installer-7.0.2594-web.exe Static file information: File size 2333360 > 1048576
Source: as-installer-7.0.2594-web.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: as-installer-7.0.2594-web.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: as-installer-7.0.2594-web.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: as-installer-7.0.2594-web.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: as-installer-7.0.2594-web.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: as-installer-7.0.2594-web.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: as-installer-7.0.2594-web.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: as-installer-7.0.2594-web.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller\obj\Release\Xeam.VisualInstaller.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb3 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: C:\src\wix39\build\ship\x86\WixStdBA.pdb source: mbapreq.dll.1.dr
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.MVVM\obj\Release\Xeam.Base.MVVM.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926350236.00000000069E0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: $^q!costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.UI\obj\Release\Xeam.Base.UI.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.000000000547C000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1677195768.0000000005385000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926910393.0000000006EC0000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: xeam.base.ui9costura.xeam.base.ui.dll.zip9costura.xeam.base.ui.pdb.zip/xeam.license.activationOcostura.xeam.license.activation.dll.zipOcostura.xeam.license.activation.pdb.zip#xeam.license.coreCcostura.xeam.license.core.dll.zipCcostura.xeam.license.core.pdb.zip3xeam.visualinstaller.dataScostura.xeam.visualinstaller.data.dll.zipScostura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: {0}.{1}!bootstrappercoreAcostura.bootstrappercore.dll.zip9system.windows.interactivityYcostura.system.windows.interactivity.dll.zip'xeam.base.documentsGcostura.xeam.base.documents.dll.zipGcostura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.Data\obj\Release\Xeam.VisualInstaller.Data.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926404073.00000000069F2000.00000002.00000001.01000000.0000000B.sdmp, Xeam.VisualInstaller.Data.dll.1.dr
Source: Binary string: costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: C:\src\wix39\build\ship\x86\burn.pdb source: as-installer-7.0.2594-web.exe
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
Source: Binary string: costura.xeam.base.ui.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: costura.xeam.license.core.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: c:\a\src\laika42\License\Rel_v1\Laika42.License.Core\obj\Release\Xeam.License.Core.pdb`\~\ p\_CorDllMainmscoree.dll source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928422701.0000000007150000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: $^q#costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: $^q)costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: costura.xeam.base.documents.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: $^q'costura.xeam.license.activation.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2924449346.0000000004351000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.DummyLicenseValidator\obj\Release\Xeam.DummyLicenseValidator.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2928811138.00000000073E2000.00000002.00000001.01000000.0000000F.sdmp, Xeam.DummyLicenseValidator.dll.1.dr
Source: Binary string: xeam.base.mvvm=costura.xeam.base.mvvm.dll.zip=costura.xeam.base.mvvm.pdb.zip source: as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AD4000.00000004.00000800.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000002.2929697734.0000000007720000.00000004.08000000.00040000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1710499288.0000000004AAE000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\a\src\laika42\base\Rel\v2\Laika42.Base.Documents\obj\Release\Xeam.Base.Documents.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2928452541.0000000007160000.00000004.08000000.00040000.00000000.sdmp
Source: Binary string: c:\src\wix39\build\obj\ship\x86\core\BootstrapperCore.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2925900121.0000000006582000.00000002.00000001.01000000.00000009.sdmp, BootstrapperCore.dll.1.dr
Source: Binary string: C:\src\wix39\build\ship\x86\mbahost.pdb source: as-installer-7.0.2594-web.exe, 00000001.00000002.2936538754.000000006CB10000.00000002.00000001.01000000.00000006.sdmp, mbahost.dll.1.dr
Source: Binary string: costura.xeam.visualinstaller.data.pdb.zip source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2926491474.0000000006A82000.00000002.00000001.01000000.0000000A.sdmp, Xeam.VisualInstaller.dll.1.dr
Source: Binary string: d:\a\src\laika42\BootstrapperEx\Rel_v3\Laika42.VisualInstaller.SystemValidation\obj\Release\Xeam.VisualInstaller.SystemValidation.pdb8 source: as-installer-7.0.2594-web.exe, 00000001.00000002.2929220264.0000000007472000.00000002.00000001.01000000.00000010.sdmp, Xeam.VisualInstaller.SystemValidation.dll.1.dr
Source: Binary string: C:\Jenkins_MCU\workspace\as-bootstrapper\bootstrapper\vsproj\as-bootstrapper.Ui\obj\External\as-bootstrapper.Ui.pdb source: as-installer-7.0.2594-web.exe, as-installer-7.0.2594-web.exe, 00000001.00000002.2929054360.0000000007422000.00000002.00000001.01000000.0000000D.sdmp, as-bootstrapper.Ui.dll.1.dr
Source: as-installer-7.0.2594-web.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: as-installer-7.0.2594-web.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: as-installer-7.0.2594-web.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: as-installer-7.0.2594-web.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: as-installer-7.0.2594-web.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: Xeam.VisualInstaller.dll.1.dr, AssemblyLoader.cs .Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
Yara detected Costura Assembly Loader
Source: Yara match File source: Process Memory Space: as-installer-7.0.2594-web.exe PID: 7524, type: MEMORYSTR
PE file contains sections with non-standard names
Source: as-installer-7.0.2594-web.exe Static PE information: section name: .wixburn
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006D235 push ecx; ret 0_2_0006D248
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0658ADED push cs; iretd 1_2_0658AFB8
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0658750D push cs; ret 1_2_06587510
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_06A85428 push D00A0000h; retn 0000h 1_2_06A8543C
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_06A853EC push D00A0000h; retn 0000h 1_2_06A85400
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_06A8A6E0 push D00A0000h; retf 1_2_06A8A6EC
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_06A8A6A4 push D00A0000h; retf 1_2_06A8A6B0
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_06A8A79C push D00A0000h; iretd 1_2_06A8A7A8
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0742D962 pushfd ; retf 1_2_0742D971
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0742DD7B push es; ret 1_2_0742DD7E
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB06295 push ecx; ret 1_2_6CB062A8
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0432C348 push es; ret 1_2_0432C7BF
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0432DB1A push es; ret 1_2_0432DFEF
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_043287F9 push 8BD08B6Dh; iretd 1_2_043287FE
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_04327240 push es; ret 1_2_043271F6
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_04328896 push 8BD08B6Dh; iretd 1_2_0432889B
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_073FEB1F pushad ; retf 1_2_073FEB39
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07493432 push esp; retf 1_2_074933F1
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_074933E2 push esp; retf 1_2_074933F1
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07492F43 pushfd ; iretd 1_2_07492F59
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07492F1A pushad ; iretd 1_2_07492F29
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_07497ED6 push 98074A74h; ret 1_2_07497EED
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_0D86A211 push cs; ret 1_2_0D86A224
Source: as-bootstrapper.Ui.dll.1.dr Static PE information: section name: .text entropy: 6.9819931849185375
Source: Xeam.VisualInstaller.dll.1.dr Static PE information: section name: .text entropy: 7.714424216601625
Drops PE files
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File created: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\License.rtf Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006C250 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_0006C250
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Memory allocated: 32E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Memory allocated: 4350000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Memory allocated: 6350000 memory reserve | memory write watch Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Window / User API: threadDelayed 1618 Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Window / User API: threadDelayed 457 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dll Jump to dropped file
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll Jump to dropped file
Found evaded block containing many API calls
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Evaded block: after key decision
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Evaded block: after key decision
Found evasive API chain checking for process token information
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00076EEC GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00076F87h 0_2_00076EEC
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00076EEC GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00076F80h 0_2_00076EEC
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File Volume queried: \Device\CdRom0\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe File Volume queried: \Device\CdRom0\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007DAF5 _memset,FindFirstFileW,FindClose, 0_2_0007DAF5
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007E632 _memset,_memset,GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 0_2_0007E632
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0005568E _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 0_2_0005568E
Source: as-installer-7.0.2594-web.exe, 00000001.00000002.2931365701.000000000B743000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.2080142318.000000000B743000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1726808051.000000000B743000.00000004.00000020.00020000.00000000.sdmp, as-installer-7.0.2594-web.exe, 00000001.00000003.1843926962.000000000B743000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_000701F5 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 0_2_000701F5
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_000701F5 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 0_2_000701F5
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00077883 GetProcessHeap,RtlAllocateHeap, 0_2_00077883
Enables debug privileges
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006D158 SetUnhandledExceptionFilter, 0_2_0006D158
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006D189 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0006D189
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 1_2_6CB0611B SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_6CB0611B
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00079513 _memset,_memset,_memset,_memset,_memset,_memset,InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree, 0_2_00079513
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007D116 AllocateAndInitializeSid,CheckTokenMembership, 0_2_0007D116
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0006D5E4 cpuid 0_2_0006D5E4
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: \Device\CdRom0\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: \Device\CdRom0\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbapreq.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\as-bootstrapper.Ui.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\BootstrapperCore.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\mbahost.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.DummyLicenseValidator.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{d92df7bb-bc43-4267-a5fe-1ba3bdf1a813}\.ba1\Xeam.VisualInstaller.SystemValidation.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00050F94 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree, 0_2_00050F94
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_0007F978 GetSystemTimeAsFileTime,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle, 0_2_0007F978
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00042C05 GetUserNameW,GetLastError, 0_2_00042C05
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_000824CF GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime, 0_2_000824CF
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Code function: 0_2_00041BFB _memset,_memset,CoInitializeEx,GetModuleHandleW,GetVersionExW,GetLastError,CoUninitialize, 0_2_00041BFB
Source: C:\Users\user\Desktop\as-installer-7.0.2594-web.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431891 Sample: as-installer-7.0.2594-web.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 39 21 s3-us-west-2.amazonaws.com 2->21 25 .NET source code contains potential unpacker 2->25 27 Yara detected Costura Assembly Loader 2->27 29 Yara detected Generic Downloader 2->29 7 as-installer-7.0.2594-web.exe 2->7         started        signatures3 process4 process5 9 as-installer-7.0.2594-web.exe 17 75 7->9         started        dnsIp6 23 s3-us-west-2.amazonaws.com 52.92.181.152, 443, 49733 AMAZON-02US United States 9->23 13 C:\Users\user\...\Xeam.VisualInstaller.dll, PE32 9->13 dropped 15 C:\Users\user\AppData\Local\...\mbapreq.dll, PE32 9->15 dropped 17 C:\Users\user\AppData\Local\...\mbahost.dll, PE32 9->17 dropped 19 5 other files (none is malicious) 9->19 dropped file7
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
52.92.181.152
 s3-us-west-2.amazonaws.com United States
16509 AMAZON-02US false

Contacted Domains

Name IP Active
s3-us-west-2.amazonaws.com 52.92.181.152 true