Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
jki-dragon-release-online-setup.exe

Overview

General Information

Sample name:jki-dragon-release-online-setup.exe
Analysis ID:1632405
MD5:38b43cb797a3c3ce067dc8da05d7afa6
SHA1:99d19c496ac88c39c683a459b1fb062a3b711a6a
SHA256:0a975553b832c782606ee48e211179a0c022a3f03230cfdf2881e331707d925a
Infos:

Detection

Score:42
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Tries to delay execution (extensive OutputDebugStringW loop)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Use Short Name Path in Command Line
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w11x64_office
  • jki-dragon-release-online-setup.exe (PID: 6932 cmdline: "C:\Users\user\Desktop\jki-dragon-release-online-setup.exe" MD5: 38B43CB797A3C3CE067DC8DA05D7AFA6)
    • jki-dragon-online-installer-2024.3.0-662.exe (PID: 6176 cmdline: "C:\Users\user\Desktop\jki-dragon-release-online-setup.exe" MD5: 0203149CDAE2254D110B72B24AEA4E9C)
      • Install.exe (PID: 5456 cmdline: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Install.exe "" MD5: B51F73B4C4BF71C95BB6EE3604F2BCD4)
        • Install.exe (PID: 5968 cmdline: "C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\bin\Install.exe" install ni-package-manager ni-package-manager-upgrader ni-package-manager-released-feed --hide-completion --config="\\?\C:\Users\user\AppData\Local\Temp\nipkg_preinstall-7efa-01eb-6013-10b2\nipkg.ini" --update-feeds --force-essential --force-locked MD5: 4D70DAFFDEF1BEF2A4DC1DFD38B23D6F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Install.exe "", CommandLine: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Install.exe "", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exe, ParentCommandLine: "C:\Users\user\Desktop\jki-dragon-release-online-setup.exe", ParentImage: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe, ParentProcessId: 6176, ParentProcessName: jki-dragon-online-installer-2024.3.0-662.exe, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Install.exe "", ProcessId: 5456, ProcessName: Install.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: jki-dragon-release-online-setup.exeVirustotal: Detection: 7%Perma Link
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00158AA0 CryptAcquireContextW,CryptAcquireContextW,GetLastError,GetLastError,CryptAcquireContextW,GetLastError,CryptAcquireContextW,GetLastError,3_2_00158AA0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001A2500 GetLastError,GetTempPathW,GetLastError,GetTempPathW,GetLastError,GetFileAttributesW,GetFileAttributesW,GetLastError,GetLastError,GetFileAttributesW,GetLastError,GetLastError,CryptGenRandom,CreateFileW,GetLastError,GetLastError,GetLastError,CloseHandle,GetLastError,CryptReleaseContext,3_2_001A2500
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00158B10 __CxxThrowException@8,CryptGenRandom,GetLastError,CryptReleaseContext,3_2_00158B10
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00158B80 CryptGenRandom,GetLastError,CryptReleaseContext,3_2_00158B80
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_36a46ae2-7
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\de\NI Released License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\de\NI Released License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\es\NI Released License Agreement - Spanish.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\es\NI Released License Agreement - Spanish.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\fr\NI Released License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\fr\NI Released License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\it\NI Released License Agreement - Italian.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\it\NI Released License Agreement - Italian.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ja\NI Released License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ja\NI Released License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ko\NI Released License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ko\NI Released License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\NI Released License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\NI Released License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\zh-CN\NI Released License Agreement - Simplified Chinese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\zh-CN\NI Released License Agreement - Simplified Chinese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\de\DotNet 4.8 License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\de\DotNet 4.8 License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\DotNet 4.8 License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\DotNet 4.8 License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\fr\DotNet 4.8 License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\fr\DotNet 4.8 License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ja\DotNet 4.8 License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ja\DotNet 4.8 License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ko\DotNet 4.8 License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ko\DotNet 4.8 License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\zh-CN\DotNet 4.8 License Agreement - Simplified Chinese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\zh-CN\DotNet 4.8 License Agreement - Simplified Chinese.rtfJump to behavior
Source: jki-dragon-release-online-setup.exeStatic PE information: certificate valid
Source: jki-dragon-release-online-setup.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: class pdb.Pdb(completekey='tab', stdin=None, stdout=None, skip=None, nosigint=False, readrc=True) source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: Changed in version 3.2: ".pdbrc" can now contain commands that source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_sqlite3.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkg\objects\nipkg_client_dotnet\win32U\allproc\dotnet-4.6.2\release\NationalInstruments.PackageManagement.Core.pdb4m source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5295481780.000001B1E6A42000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: ucrtbase.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, ucrtbase.dll.1.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_msi.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: commands as if given in a ".pdbrc" file, see Debugger Commands. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: import pdb; pdb.Pdb(skip=['django.*']).set_trace() source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_tkinter.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5240076733.00007FF9CB9C1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: in the ".pdbrc" file): source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc) source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdbr source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkg\objects\nipkg_client_dotnet\win32U\allproc\dotnet-4.6.2\release\NationalInstruments.PackageManagement.Core.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5295481780.000001B1E6A42000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkg\objects\nipkg_client\win64U\x64\msvc-14.0\release\nipkgclient.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Raises an auditing event "pdb.Pdb" with no arguments. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: If a file ".pdbrc" exists in the user source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\jpn\InstallJPN.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall\win32U\i386\msvc-14.0\release\out\preinstall.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000003.00000002.5234868153.00000000001D1000.00000002.00000001.01000000.00000006.sdmp, Install.exe, 00000003.00000000.2786175205.00000000001D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\deu\InstallDEU.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC74D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\chs\InstallCHS.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7552000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\dd\NetFXDev1\binaries\x86ret\bin\i386\VSSetup\Utils\boxstub.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: will load .pdbrc files from the filesystem. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\nipkgui_install\win64U\x64\dotnet-4.6.2\release\obj\Install.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC8567000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E658C000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, ucrtbase.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\kor\InstallKOR.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5239476836.00007FF9AE81E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC74D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbr8 source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_zoneinfo.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ~/.pdbrcz source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\fra\InstallFRA.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0825C FindFirstFileExW,1_2_00007FF6DEC0825C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00154390 FindFirstFileW,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00154390
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00114470 FindFirstFileExW,FindNextFileW,GetLastError,__CxxThrowException@8,3_2_00114470
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00191A04 FindFirstFileExW,3_2_00191A04
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\bin\Jump to behavior
Source: global trafficTCP traffic: 192.168.2.24:49658 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:54239 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 07 Mar 2025 21:38:58 GMTContent-Type: application/x-gzipContent-Length: 16626Connection: keep-alivex-amz-id-2: 3PQj68UzNhk1syyk/AiFy+NSLr/HhU9SsTihANRmWyhjk2xz3nHfu3Ot9KgCPOqDqNpxMJtMmKU=x-amz-request-id: Z58VAVFQZXSGQQ7Jlast-modified: Tue, 14 Jan 2025 13:48:57 GMTetag: "39521418c8e7ef9ea6e6cae5cdb97fae"x-amz-server-side-encryption: AES256x-amz-meta-user-agent: aws-datasync/3.8.3420.0-8160a607x-amz-meta-file-atime: 1736855562376452000nsx-amz-meta-file-owner: 99x-amz-meta-file-permissions: 100664x-amz-meta-file-group: 99x-amz-meta-file-mtime: 1736755233296121200nsx-cache: Miss from cloudfrontvia: 1.1 0b2255558ecb54fb08d741c73c717f2a.cloudfront.net (CloudFront)x-amz-cf-pop: SFO53-P1x-amz-cf-id: xbNYgcPuuk0YLFNQBNRDWLRNnYBJ_A2OrBeAdgx2mLqpxXMMZB55eA==CF-Cache-Status: HITAge: 622900Expires: Mon, 07 Apr 2025 21:38:58 GMTCache-Control: public, max-age=2678400Accept-Ranges: bytesServer: cloudflareCF-RAY: 91cd3e2c5c428df5-EWRData Raw: 1f 8b 08 00 21 c8 84 67 00 03 ed 7d 6b 93 5b c5 b9 ee 77 aa f8 0f eb 5b 42 1d 8f d3 f7 0b 95 bd eb 90 98 9c 4d 9d c4 9b e0 5c aa ce 17 57 5f 6d e1 f1 8c b7 a4 c1 81 3a 1f f0 d8 10 02 24 90 6c 1c 9c 04 72 20 21 5c 92 1d 60 27 ec c4 dc 92 0f fc 14 f9 02 f1 b8 f6 5f 38 bd b4 34 d2 d2 65 a4 25 a9 35 23 cd 74 2e a0 91 de 75 eb 7e 9e b7 df a7 57 f7 fb fe f7 c7 7f 7f a0 6e ce d6 9a ce 34 b7 ea ee fe ec 62 6d c3 6e 5e 6c 9c fe 01 23 f7 de f3 f5 cd f3 17 54 b3 a6 6b eb b5 e6 e3 df 73 f5 46 6d 73 e3 fe 0c e4 3f 6c f8 f5 9a 69 36 ee cf 36 6a 6b 17 94 39 a7 ce b8 b5 f3 6a 23 fc ab 7e ef 3d 27 5c c3 d4 6b 17 9a 6d f3 87 8b 5f 33 bf 59 cf 6c ad 71 61 5d 3d 5e db 38 93 35 cf Data Ascii: !g}k[w[BM\W_m:$lr !\`'_84e%5#t.u~Wn4bmn^l#TksFms?li66jk9j#~='\km_3Ylqa]=^85
Source: global trafficHTTP traffic detected: GET /support/nipkg/products/ni-package-manager/released/Packages.gz HTTP/1.1Host: download.ni.comUser-Agent: National Instruments Package ManagerAccept: */*
Source: global trafficHTTP traffic detected: GET /support/nipkg/products/ni-package-manager/released/eula-ni-standard_25.0.0.49255-0+f103_windows_x64.nipkg HTTP/1.1Host: download.ni.comUser-Agent: National Instruments Package ManagerAccept: */*
Source: global trafficHTTP traffic detected: GET /support/nipkg/products/ni-package-manager/released/eula-ms-dotnet-4.8_25.0.0.49255-0+f103_windows_x64.nipkg HTTP/1.1Host: download.ni.comUser-Agent: National Instruments Package ManagerAccept: */*
Source: global trafficDNS traffic detected: DNS query: download.ni.com
Source: global trafficDNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: 56.163.245.4.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: windows.msn.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.cn
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue14443z
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: Install.exe, 00000004.00000002.5235231603.000001B1811D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Fonts/sourcesanspro-light.otf
Source: Install.exe, 00000004.00000002.5235231603.000001B181C9D000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5235231603.000001B1811D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Fonts/sourcesanspro-regular.otf
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://digital.ni.com/public.nsf/allkb/DF6372D57C15B20286257A4B0053DA1E?OpenDocument
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://digital.ni.com/public.nsf/allkb/DF6372D57C15B20286257A4B0053DA1E?OpenDocumentTSOFTWARE
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AE2000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AFA000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5306473252.000001B1ED2CD000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.ni.com/support/nipkg/products/ni-package-manager/released/
Source: Install.exe, 00000004.00000002.5308075294.000001B1ED319000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.ni.com/support/nipkg/products/ni-package-manager/released/eula-ms-dotnet-4.8_25.0.0.
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: Install.exe, 00000004.00000002.5310525101.000001B1ED5E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: Install.exe, 00000004.00000002.5302814957.000001B1E9900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL.
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://scripts.sil.org/OFLSerifed
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://scripts.sil.org/OFLSource
Source: Install.exe, 00000004.00000002.5302814957.000001B1E9900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLSyste
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLUppercase
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ibiblio.org/xml/examples/shakespeare/hamlet.xml)-r0
Source: Install.exe, 00000004.00000002.5308075294.000001B1ED365000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5309471627.000001B1ED42B000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com
Source: Install.exe, 00000004.00000002.5301832248.000001B1E98A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com(
Source: Install.exe, 00000004.00000002.5235231603.000001B1806DC000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5261710151.000001B190294000.00000004.00000800.00020000.00000000.sdmp, NI Released License Agreement - English.rtf.4.drString found in binary or memory: http://www.ni.com/driverinterfacesoftware
Source: NI Released License Agreement - English.rtf.4.drString found in binary or memory: http://www.ni.com/legal/export-compliance.html
Source: Install.exe, 00000004.00000002.5235231603.000001B1811D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/legal/export-compliance.html8G
Source: NI Released License Agreement - English.rtf.4.drString found in binary or memory: http://www.ni.com/pdf/legal/us/privacy.pdf
Source: Install.exe, 00000004.00000002.5235231603.000001B1806DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/legal/us/privacy.pdf8G
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895a.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895d.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895e.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895e_0112.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895e_0113.html.
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895e_0118.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895e_0129.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895f.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895f_0112.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895f_0113.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895f_0118.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895f_0129.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895g.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895h.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895h_0112.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895h_0113.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895h_0114.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895h_0118.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895h_0129.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895j.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895j_0112.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895j_0113.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895j_0114.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895j_0118.html
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311288700.000001B1EE1D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/pdf/manuals/376895j_0129.html)
Source: Install.exe, 00000004.00000002.5235231603.000001B1806DC000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5261710151.000001B190294000.00000004.00000800.00020000.00000000.sdmp, NI Released License Agreement - English.rtf.4.drString found in binary or memory: http://www.ni.com/privacy
Source: Install.exe, 00000004.00000002.5235231603.000001B1810DC000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5261710151.000001B190294000.00000004.00000800.00020000.00000000.sdmp, NI Released License Agreement - English.rtf.4.drString found in binary or memory: http://www.ni.com/privacy.
Source: Install.exe, 00000004.00000002.5235231603.000001B1811D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/privacy.8G
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.5rm
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.5rm-de
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.5rm-fr
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.5rm-ja)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.5rm-ko)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.5rm-zh-cn
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.6rm
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.6rm-de
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.6rm-fr
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.6rm-ja)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.6rm-ko)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/r/nipm20.6rm-zh-cn
Source: Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com08fdcb8abf15dda790879ff0a3af60c108fdcb8abf15dda790879ff0a3af60c1
Source: Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com08fdcb8abf15dda790879ff0a3af60c108fdcb8abf15dda790879ff0a3af60c108fdcb8abf15dda7908
Source: Install.exe, 00000004.00000002.5308075294.000001B1ED365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com119855bd04d099c13bd8
Source: Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com1b952301d2617d1358dafa7a6d2a0d53WINDOWS_7_SP1_64BIT
Source: Install.exe, 00000004.00000002.5309471627.000001B1ED42B000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.comen239b9bfa2f1a1b83124efd08e731dc6d239b9bfa2f1a1b83124efd08e731dc6deulastandardInfra
Source: Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.comen5054d08dd16800a2a20c3daa246f86ae5054d08dd16800a2a20c3daa246f86aeeulastandardInfra
Source: Install.exe, 00000004.00000002.5309471627.000001B1ED42B000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.comen8ffb4a4a372d433350a3ea798bea06738ffb4a4a372d433350a3ea798bea0673eulastandardInfra
Source: Install.exe, 00000004.00000002.5305903111.000001B1ED1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.comxd
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ocert.org/advisories/ocert-2011-003.html
Source: Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/rfc/rfc%d.txtz)https://www.python.org/dev/peps/pep-%04d/
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/rfc/rfc%d.txtz)https://www.python.org/dev/peps/pep-%04d/rQ
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespacesz.http://xml.org/sax/features/namespace-prefixesz
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningz&http://xml.org/sax/features/validationz5http://xml.org
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.python.org/entities/fragment-builder/internalz
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aiosmtpd.readthedocs.io/)
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://conduit-locator.ni.com/locator/1/en/locations
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://conduit-locator.ni.com/locator/1/en/locationsX
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/%d.%d/libraryNrR
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/%d.%d/libraryNrRc
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packages.jki.net/dragon/feeds/develop/
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5239476836.00007FF9AE81E000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75C8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmp, sqlite3.dll.1.dr, _multiprocessing.pyd.1.dr, _overlapped.pyd.1.dr, libssl-1_1.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: Install.exe, 00000004.00000002.5305903111.000001B1ED1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.c
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5309471627.000001B1ED408000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5301832248.000001B1E98A3000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5308075294.000001B1ED365000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5305903111.000001B1ED1C0000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5309471627.000001B1ED42B000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com
Source: Install.exe, 00000004.00000002.5235231603.000001B1806DC000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5261710151.000001B190294000.00000004.00000800.00020000.00000000.sdmp, NI Released License Agreement - English.rtf.4.drString found in binary or memory: https://www.ni.com/en/about-ni/legal/patents.html
Source: NI Released License Agreement - English.rtf.4.drString found in binary or memory: https://www.ni.com/en/about-ni/legal/terms-and-conditions.html
Source: Install.exe, 00000004.00000002.5235231603.000001B1811D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/en/about-ni/legal/terms-and-conditions.html8G
Source: Install.exe, 00000004.00000002.5235231603.000001B1806DC000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5261710151.000001B190294000.00000004.00000800.00020000.00000000.sdmp, NI Released License Agreement - English.rtf.4.drString found in binary or memory: https://www.ni.com/en/about-ni/legal/trademarks-and-logo-guidelines.html
Source: NI Released License Agreement - English.rtf.4.drString found in binary or memory: https://www.ni.com/en/shop/software-portfolio/deployment-and-debug-licenses-for-ni-software.html
Source: Install.exe, 00000004.00000002.5235231603.000001B1811D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/en/shop/software-portfolio/deployment-and-debug-licenses-for-ni-software.html8G
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.ni.com/r/
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm20.7rm
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm20.7rm-de
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm20.7rm-fr
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm20.7rm-ja)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm20.7rm-ko)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm20.7rm-zh-cn
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.0rm
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.0rm-de
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.0rm-fr
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.0rm-ja)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.0rm-ko)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.0rm-zh-cn
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.3rm
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.3rm-de
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.3rm-fr
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.3rm-ja)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.3rm-ko)
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipm21.3rm-zh-cn
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.ni.com/r/nipm32bitwinsupportiThe
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipmrn
Source: Install.exe, 00000004.00000002.5235231603.000001B180001000.00000004.00000800.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5311124015.000001B1EE1CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com/r/nipmrn)
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.ni.com/r/pm213manual
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.ni.com/r/pm213tr-sh
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.ni.com/r/pm213tr-sh6https://www.ni.com/r/xqke6rPhttps://www.ni.com/r/nipm32bitwinsupport
Source: Install.exe, 00000004.00000002.5305903111.000001B1ED1C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com0Y
Source: Install.exe, 00000004.00000002.5301832248.000001B1E98A3000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5309471627.000001B1ED42B000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com1c97530b996c8199e765b28124fe1e821c97530b996c8199e765b28124fe1e82
Source: Install.exe, 00000004.00000002.5308075294.000001B1ED365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com5cb303cb825ac40340682828b077a65c5cb303cb825ac40340682828b077a65c
Source: Install.exe, 00000004.00000002.5309471627.000001B1ED42B000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.com96bc89544f3f48623edb0d579daf7ae596bc89544f3f48623edb0d579daf7ae5
Source: Install.exe, 00000004.00000002.5301832248.000001B1E98A3000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5309471627.000001B1ED42B000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5302529577.000001B1E98C8000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5298237649.000001B1E8AEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.comd44521dcc9860c0f217c093348ee70a9d44521dcc9860c0f217c093348ee70a9
Source: Install.exe, 00000004.00000002.5309471627.000001B1ED408000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ni.comyes
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75BE000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.drString found in binary or memory: https://www.openssl.org/H
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5237913905.000002DB2513C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/13.0.0/ucd/DerivedCoreProperties.txt
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0011C9A0 NtdllDefWindowProc_W,3_2_0011C9A0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0011BF10 NtdllDefWindowProc_W,3_2_0011BF10
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00155220: CreateFileW,DeviceIoControl,CloseHandle,3_2_00155220
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFA9B01_2_00007FF6DEBFA9B0
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC068141_2_00007FF6DEC06814
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF2C101_2_00007FF6DEBF2C10
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF3FC01_2_00007FF6DEBF3FC0
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFFFDC1_2_00007FF6DEBFFFDC
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF63901_2_00007FF6DEBF6390
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC073441_2_00007FF6DEC07344
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC013401_2_00007FF6DEC01340
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC017741_2_00007FF6DEC01774
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0C10C1_2_00007FF6DEC0C10C
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0FD281_2_00007FF6DEC0FD28
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF21301_2_00007FF6DEBF2130
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC009281_2_00007FF6DEC00928
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC06CC41_2_00007FF6DEC06CC4
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0BC801_2_00007FF6DEC0BC80
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC00CB41_2_00007FF6DEC00CB4
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF94501_2_00007FF6DEBF9450
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF2E301_2_00007FF6DEBF2E30
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF7E301_2_00007FF6DEBF7E30
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC001C41_2_00007FF6DEC001C4
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFFDF41_2_00007FF6DEBFFDF4
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF79F01_2_00007FF6DEBF79F0
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF15A01_2_00007FF6DEBF15A0
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF8D501_2_00007FF6DEBF8D50
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC039641_2_00007FF6DEC03964
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF23001_2_00007FF6DEBF2300
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBF43201_2_00007FF6DEBF4320
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0825C1_2_00007FF6DEC0825C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeCode function: 2_2_00007FF9CB9B75082_2_00007FF9CB9B7508
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001240303_2_00124030
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001720603_2_00172060
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001781753_2_00178175
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0017A1803_2_0017A180
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001724953_2_00172495
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001605673_2_00160567
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001906793_2_00190679
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001CA6C03_2_001CA6C0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001408A63_2_001408A6
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00172AA03_2_00172AA0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001C8EB03_2_001C8EB0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00182FEF3_2_00182FEF
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001851FC3_2_001851FC
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001931F23_2_001931F2
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0012D2703_2_0012D270
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001713173_2_00171317
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0019331E3_2_0019331E
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001757433_2_00175743
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001718133_2_00171813
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0017596C3_2_0017596C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001A5AA03_2_001A5AA0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00175B953_2_00175B95
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00171C2B3_2_00171C2B
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00187FAC3_2_00187FAC
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001C5FE03_2_001C5FE0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC16F304_2_00007FF94DC16F30
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC198DD4_2_00007FF94DC198DD
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1B6A84_2_00007FF94DC1B6A8
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC3647C4_2_00007FF94DC3647C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC179934_2_00007FF94DC17993
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1CAEA4_2_00007FF94DC1CAEA
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC178584_2_00007FF94DC17858
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC357514_2_00007FF94DC35751
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: String function: 00111F60 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: String function: 0013B9C2 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: String function: 001529A4 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: String function: 00153000 appears 65 times
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: String function: 00152970 appears 176 times
Source: _overlapped.pyd.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: api-ms-win-core-handle-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: Install.resources.dll0.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: Install.exe0.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: Install.resources.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: Install.resources.dll2.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-fibers-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: Install.resources.dll3.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: Install.resources.dll1.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_msi.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_tkinter.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_zoneinfo.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5234363270.0000017AC50B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstall.resources.dllH vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC75BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametcl86.dllP vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametk86.dllP vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC809A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepreinstall.templateR vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallCHS.dllf vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallDEU.dllf vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallFRA.dllf vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallJPN.dllf vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallKOR.dllf vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstall.exeF vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNationalInstruments.PackageManagement.Core.dllH vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenipkgclient.dllr% vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstall.resources.dllH vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNDP462-KB3151802-Web.exe^ vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBoxStub.exeT vs jki-dragon-release-online-setup.exe
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5246380727.00007FF6DEC25000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInstall.resources.dllH vs jki-dragon-release-online-setup.exe
Source: classification engineClassification label: mal42.evad.winEXE@7/141@8/2
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFA9B0 GetModuleFileNameW,GetLastError,FormatMessageA,SetConsoleCtrlHandler,GetLastError,FormatMessageA,CreateDirectoryW,CreateFileW,GetShortPathNameW,GetShortPathNameW,SetFilePointer,SetFilePointer,ReadFile,SetFilePointer,ReadFile,MapAndLoad,UnMapAndLoad,CreateDirectoryW,CreateFileW,WriteFile,CloseHandle,GetCurrentProcessId,SetEnvironmentVariableA,GetCommandLineW,CreateProcessW,CloseHandle,WaitForSingleObject,GetExitCodeProcess,CloseHandle,1_2_00007FF6DEBFA9B0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00114E70 FindResourceW,SizeofResource,LoadResource,LockResource,GetLastError,__CxxThrowException@8,3_2_00114E70
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\National InstrumentsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeMutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeMutant created: \Sessions\1\BaseNamedObjects\Global\_NIInstallerGlobalSystemMutex
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ni_package_manager_install_instance_mutex
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeMutant created: \Sessions\1\BaseNamedObjects\_NIMetaInstallerMutex
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCommand line argument: kernel323_2_001195F0
Source: jki-dragon-release-online-setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `FileName`, `Language` FROM `MsiLangFile` WHERE (`MsiInstructionsKey` = $MsiInstructionsKey);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [InstalledPackage] (`InstalledPackageKey` NOT NULL, `PackageKey` NOT NULL REFERENCES `Package` DEFERRABLE INITIALLY DEFERRED, `User` NOT NULL, `DateRecorded`, `State` NOT NULL, `InstalledBy` NOT NULL, PRIMARY KEY(`InstalledPackageKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [MsiInstructionsProperty] (`MsiInstructionsPropertyKey` NOT NULL, `MsiInstructionsKey` NOT NULL REFERENCES `MsiInstructions` DEFERRABLE INITIALLY DEFERRED, `Name` NOT NULL, `Value`, `Step`, PRIMARY KEY(`MsiInstructionsPropertyKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [PackageAttribute] (`PackageKey` NOT NULL, `Attribute` NOT NULL, `Value`, PRIMARY KEY(`PackageKey` ASC, `Attribute` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `InstalledBy` FROM `InstalledPackage` WHERE (`PackageKey` = $PackageKey);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `FileKey`, `RelativePath`, `FileName` FROM `File` WHERE (`PackageKey` = $PackageKey AND `RootPathKey` = $RootPathKey);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [InstalledRootPath] ( `InstalledRootPathKey` NOT NULL, `InstalledPackageKey` NOT NULL REFERENCES `InstalledPackage` DEFERRABLE INITIALLY DEFERRED, `RootPathKey` NOT NULL REFERENCES `RootPath` DEFERRABLE INITIALLY DEFERRED, `InstalledPath` NOT NULL, PRIMARY KEY(`InstalledRootPathKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [InstalledMsi] (`InstalledMsiKey` NOT NULL, `InstalledPackageKey` NOT NULL REFERENCES `Package` DEFERRABLE INITIALLY DEFERRED, `MsiInstructionsKey` NOT NULL REFERENCES `MsiInstructions` DEFERRABLE INITIALLY DEFERRED, `ConditionResult` NOT NULL, PRIMARY KEY(`InstalledMsiKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [RootPath] (`RootPathKey` NOT NULL, `RootName` NOT NULL, `User`, `Bitness`, PRIMARY KEY(`RootPathKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: UPDATE `InstalledPackage` SET `InstalledBy` = 'WIA' WHERE `InstalledBy` = 'BadValue';
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT 1 FROM `Package` WHERE `PackageName` = ? LIMIT 1;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `PackageAttribute` (`PackageKey`, `Attribute`, `Value`) VALUES ($PackageKey, $Attribute, $Value);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `Package` (`PackageKey`, `PackageName`, `Version`, `Type`, `SubType`) VALUES ($PackageKey, $PackageName, $Version, $Type, $SubType);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `CustomActionKey`, `Step`, `Schedule`, `Invoke`, `InPackage`, `ExeName`, `Arguments`, `FormatArguments`, `Condition`, `Wait`, `IgnoreLaunchErrors`, `ReturnCodeConvention`, `HasUI` FROM `CustomAction` WHERE `PackageKey` = ? ORDER BY rowid;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `MsiLangFile` (`MsiLangFileKey`, `MsiInstructionsKey`, `FileName`, `Language`) VALUES ($MsiLangFileKey, $MsiInstructionsKey, $FileName, $Language);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `ProductName`, `ProductCode`, `ProductVersion`, `PackageCode`, `UpgradeCode` FROM `MsiDetails` WHERE (`MsiInstructionsKey` = $MsiInstructionsKey);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `InstalledPackage`.`InstalledPackageKey`, `InstalledPackage`.`PackageKey`, `Package`.`SubType`, `Package`.`PackageName`, `Package`.`Version` FROM `InstalledPackage`, `Package` WHERE `InstalledPackage`.`PackageKey` = `Package`.`PackageKey`;
Source: Install.exe, 00000004.00000002.5311124015.000001B1EE1CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT `PackageKey` FROM `InstalledP;!
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `ConditionResult` FROM `InstalledMsi` WHERE (`MsiInstructionsKey` = $MsiInstructionsKey);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `MsiDetails`.`ProductCode` FROM `InstalledPackage`, `MsiInstructions`, `MsiDetails` WHERE `MsiInstructions`.`PackageKey` = ? AND `MsiInstructions`.`PackageKey` = `InstalledPackage`.`PackageKey` AND `MsiInstructions`.`MsiInstructionsKey` = `MsiDetails`.`MsiInstructionsKey`;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `RootPathKey` FROM `RootPath` WHERE (`RootName` = $RootName AND `User` = $User and `Bitness` = $Bitness);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `CustomAction` (`CustomActionKey`, `PackageKey`, `Step`, `Schedule`, `Invoke`, `InPackage`, `ExeName`, `Arguments`, `FormatArguments`, `Condition`, `Wait`, `IgnoreLaunchErrors`, `ReturnCodeConvention`, `HasUI`) VALUES ($CustomActionKey, $PackageKey, $Step, $Schedule, $Invoke, $InPackage, $ExeName, $Arguments, $FormatArguments, $Condition, $Wait, $IgnoreLaunchErrors, $ReturnCodeConvention, $HasUI);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [File] (`FileKey` NOT NULL, `PackageKey` NOT NULL REFERENCES `Package` DEFERRABLE INITIALLY DEFERRED, `RootPathKey` NOT NULL REFERENCES `RootPath` DEFERRABLE INITIALLY DEFERRED, `RelativePath`, `FileName` NOT NULL, PRIMARY KEY(`FileKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [MsiLangFile] (`MsiLangFileKey` NOT NULL, `MsiInstructionsKey` NOT NULL REFERENCES `MsiInstructions` DEFERRABLE INITIALLY DEFERRED, `FileName` NOT NULL, `Language` NOT NULL, PRIMARY KEY(`MsiLangFileKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `InstalledMsi` (`InstalledMsiKey`, `InstalledPackageKey`, `MsiInstructionsKey`, `ConditionResult`) VALUES ($InstalledMsiKey, $InstalledPackageKey, $MsiInstructionsKey, $ConditionResult);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `MsiInstructions` (`MsiInstructionsKey`, `PackageKey`, `FileName`, `Condition`) VALUES ($MsiInstructionsKey, $PackageKey, $FileName, $Condition);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `PackageKey` FROM `InstalledPackage` WHERE (`User` IN ( ?, '' ) OR `User` IS NULL) ORDER BY rowid;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [Package] (`PackageKey` NOT NULL, `PackageName` NOT NULL, `Version` NOT NULL, `Type` NOT NULL, `Title`, `Category`, `Vendor`, `Tags`, `NIPkgSchemaVersion` NOT NULL, `FilePkgSchemaVersion` NOT NULL, `PackageBuilderName`, `PackageBuilderVersion`, PRIMARY KEY(`PackageKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [CustomAction] (`CustomActionKey` NOT NULL, `PackageKey` NOT NULL REFERENCES `Package` DEFERRABLE INITIALLY DEFERRED, `RootPathKey` NOT NULL REFERENCES `RootPath` DEFERRABLE INITIALLY DEFERRED, `RelativePath`, `FileName` NOT NULL, `Step` NOT NULL, `Schedule` NOT NULL, `Arguments`, `Wait` NOT NULL, `IgnoreErrors` NOT NULL, PRIMARY KEY(`CustomActionKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [InstalledPackage] (`InstalledPackageKey` NOT NULL, `PackageKey` NOT NULL REFERENCES `Package` DEFERRABLE INITIALLY DEFERRED, `User`, `DateInstalled`, `State` NOT NULL, PRIMARY KEY(`InstalledPackageKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `RootName`, `User`, `Bitness` FROM `RootPath` WHERE (`RootPathKey` = ?);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `InstalledPackageKey` FROM `InstalledPackage` WHERE (`PackageKey` = $PackageKey AND (`User` IN ( $User, '' ) OR `User` IS NULL));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `RootPathKey` FROM `InstalledRootPath` WHERE `InstalledPackageKey` = ?;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `MsiInstructionsProperty` (`MsiInstructionsPropertyKey`, `MsiInstructionsKey`, `Name`, `Value`, `Step`) VALUES ($MsiInstructionsPropertyKey, $MsiInstructionsKey, $Name, $Value, $Step);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `PackageKey`, `Attribute`, `Value` FROM `PackageAttribute` WHERE (`PackageKey` = ?);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `InstalledPackage` (`InstalledPackageKey`, `PackageKey`, `User`, `DateRecorded`, `State`, `InstalledBy`) VALUES ($InstalledPackageKey, $PackageKey, $User, $DateRecorded, $State, $InstalledBy);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [MsiInstructions] (`MsiInstructionsKey` NOT NULL, `PackageKey` NOT NULL REFERENCES `Package` DEFERRABLE INITIALLY DEFERRED, `FileName` NOT NULL, `Condition`, PRIMARY KEY(`MsiInstructionsKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `InstalledPackage` (`InstalledPackageKey`, `PackageKey`, `User`, `DateInstalled`, `State`) VALUES ($InstalledPackageKey, $PackageKey, $User, $DateInstalled, $State);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT 1 FROM `InstalledPackage`, `MsiInstructions`, `MsiDetails` WHERE `MsiInstructions`.`PackageKey` = `InstalledPackage`.`PackageKey` AND `MsiInstructions`.`MsiInstructionsKey` = `MsiDetails`.`MsiInstructionsKey` AND `MsiDetails`.`ProductCode` = ? LIMIT 1;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `InstalledRootPath` (`InstalledRootPathKey`, `InstalledPackageKey`, `RootPathKey`, `InstalledPath`) VALUES ($InstalledRootPathKey, $InstalledPackageKey, $RootPathKey, $InstalledPath);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `PackageKey` FROM `Package` WHERE (`PackageName` = $PackageName AND `Version` = $Version);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `CustomAction` (`CustomActionKey`, `PackageKey`, `RootPathKey`, `RelativePath`, `FileName`, `Step`, `Schedule`, `Arguments`, `Wait`, `IgnoreErrors`) VALUES ($CustomActionKey, $PackageKey, $RootPathKey, $RelativePath, $FileName, $Step, $Schedule, $Arguments, $Wait, $IgnoreErrors);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [MsiDetails] (`MsiDetailsKey` NOT NULL, `MsiInstructionsKey` NOT NULL REFERENCES `MsiInstructions` DEFERRABLE INITIALLY DEFERRED, `ProductName` NOT NULL, `ProductCode` NOT NULL, `ProductVersion` NOT NULL, `PackageCode` NOT NULL, `UpgradeCode` NOT NULL, PRIMARY KEY(`MsiDetailsKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `MsiDetails`.`ProductCode` FROM `Package`, `MsiInstructions`, `MsiDetails` WHERE `Package`.`SubType` = 'WinMIF' AND `Package`.`PackageKey` = `MsiInstructions`.`PackageKey` AND `MsiInstructions`.`MsiInstructionsKey` = `MsiDetails`.`MsiInstructionsKey`;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `RootPath` (`RootPathKey`, `RootName`, `User`, `Bitness`) VALUES ($RootPathKey, $RootName, $User, $Bitness);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `MsiDetails` (`MsiDetailsKey`, `MsiInstructionsKey`, `ProductName`, `ProductCode`, `ProductVersion`, `PackageCode`, `UpgradeCode`) VALUES ($MsiDetailsKey, $MsiInstructionsKey, $ProductName, $ProductCode, $ProductVersion, $PackageCode, $UpgradeCode);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [Package] (`PackageKey` NOT NULL, `PackageName` NOT NULL, `Version` NOT NULL, `Type` NOT NULL, `SubType` NOT NULL, PRIMARY KEY(`PackageKey` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `CustomActionKey`, `RootPathKey`, `RelativePath`, `FileName`, `Step`, `Schedule`, `Arguments`, `Wait`, `IgnoreErrors` FROM `CustomAction` WHERE `PackageKey` = ?;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `PackageKey` FROM `InstalledPackage` ORDER BY rowid;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `PackageKey`, `PackageName`, `Version`, `Type`, `SubType` FROM `Package` WHERE (`PackageName` = $PackageName AND `Version` = $Version);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `MsiInstructionsKey`, `FileName`, `Condition` FROM `MsiInstructions` WHERE (`PackageKey` = $PackageKey) ORDER BY rowid;
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `Name`, `Value`, `Step` FROM `MsiInstructionsProperty` WHERE (`MsiInstructionsKey` = $MsiInstructionsKey);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `PackageKey`, `Type`, `Title`, `Category`, `Vendor`, `Tags`, `NIPkgSchemaVersion`, `FilePkgSchemaVersion`, `PackageBuilderName`, `PackageBuilderVersion`, `User` FROM `Package` INNER JOIN `InstalledPackage` USING (`PackageKey`) WHERE (`PackageName` = $PackageName AND `Version` = $Version);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS [PackageAttribute] (`PackageKey` NOT NULL, `Attribute` NOT NULL, `Value`, PRIMARY KEY(`PackageKey` ASC, `Attribute` ASC));
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: SELECT `InstalledPackageKey` FROM `InstalledPackage` WHERE (`PackageKey` = $PackageKey);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `Package` (`PackageKey`, `PackageName`, `Version`, `Type`, `NIPkgSchemaVersion`, `FilePkgSchemaVersion`, `PackageBuilderName`, `PackageBuilderVersion`) VALUES ($PackageKey, $PackageName, $Version, $Type, $NIPkgSchemaVersion, $FilePkgSchemaVersion, $PackageBuilderName, $PackageBuilderVersion);
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: INSERT INTO `File` (`FileKey`, `PackageKey`, `RootPathKey`, `RelativePath`, `FileName`) VALUES ($FileKey, $PackageKey, $RootPathKey, $RelativePath, $FileName);
Source: jki-dragon-release-online-setup.exeVirustotal: Detection: 7%
Source: jki-dragon-release-online-setup.exeString found in binary or memory: C:\Users\user\AppData\Local\Temp\\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe
Source: Install.exeString found in binary or memory: dotnet-installer
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile read: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\jki-dragon-release-online-setup.exe "C:\Users\user\Desktop\jki-dragon-release-online-setup.exe"
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe "C:\Users\user\Desktop\jki-dragon-release-online-setup.exe"
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exe C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Install.exe ""
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exe "C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\bin\Install.exe" install ni-package-manager ni-package-manager-upgrader ni-package-manager-released-feed --hide-completion --config="\\?\C:\Users\user\AppData\Local\Temp\nipkg_preinstall-7efa-01eb-6013-10b2\nipkg.ini" --update-feeds --force-essential --force-locked
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe "C:\Users\user\Desktop\jki-dragon-release-online-setup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exe C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Install.exe ""Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exe "C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\bin\Install.exe" install ni-package-manager ni-package-manager-upgrader ni-package-manager-released-feed --hide-completion --config="\\?\C:\Users\user\AppData\Local\Temp\nipkg_preinstall-7efa-01eb-6013-10b2\nipkg.ini" --update-feeds --force-essential --force-lockedJump to behavior
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeSection loaded: python310.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: cfgmgr32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeSection loaded: servicingcommon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: vcruntime140_1_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: virtdisk.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: directxdatabasehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile written: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\nipkg.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: jki-dragon-release-online-setup.exeStatic PE information: certificate valid
Source: jki-dragon-release-online-setup.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: jki-dragon-release-online-setup.exeStatic file information: File size 16322056 > 1048576
Source: jki-dragon-release-online-setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: jki-dragon-release-online-setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: jki-dragon-release-online-setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: jki-dragon-release-online-setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: jki-dragon-release-online-setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: jki-dragon-release-online-setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: jki-dragon-release-online-setup.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: jki-dragon-release-online-setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: class pdb.Pdb(completekey='tab', stdin=None, stdout=None, skip=None, nosigint=False, readrc=True) source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: Changed in version 3.2: ".pdbrc" can now contain commands that source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_sqlite3.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkg\objects\nipkg_client_dotnet\win32U\allproc\dotnet-4.6.2\release\NationalInstruments.PackageManagement.Core.pdb4m source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5295481780.000001B1E6A42000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, _overlapped.pyd.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: ucrtbase.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, ucrtbase.dll.1.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_msi.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: commands as if given in a ".pdbrc" file, see Debugger Commands. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: import pdb; pdb.Pdb(skip=['django.*']).set_trace() source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_tkinter.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\4\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5240076733.00007FF9CB9C1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: in the ".pdbrc" file): source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc) source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdbr source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkg\objects\nipkg_client_dotnet\win32U\allproc\dotnet-4.6.2\release\NationalInstruments.PackageManagement.Core.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5295481780.000001B1E6A42000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkg\objects\nipkg_client\win64U\x64\msvc-14.0\release\nipkgclient.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000002.5329016006.00007FF9A65E5000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Raises an auditing event "pdb.Pdb" with no arguments. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
Source: Binary string: If a file ".pdbrc" exists in the user source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\jpn\InstallJPN.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall\win32U\i386\msvc-14.0\release\out\preinstall.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000003.00000002.5234868153.00000000001D1000.00000002.00000001.01000000.00000006.sdmp, Install.exe, 00000003.00000000.2786175205.00000000001D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\deu\InstallDEU.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC74D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\chs\InstallCHS.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7552000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\sqlite3.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, sqlite3.dll.1.dr
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\dd\NetFXDev1\binaries\x86ret\bin\i386\VSSetup\Utils\boxstub.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC85C1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: will load .pdbrc files from the filesystem. source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-fibers-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp, libssl-1_1.dll.1.dr
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7647000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\nipkgui_install\win64U\x64\dotnet-4.6.2\release\obj\Install.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC8567000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E658C000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, ucrtbase.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\kor\InstallKOR.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python310.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC79D8000.00000004.00000020.00020000.00000000.sdmp, jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5239476836.00007FF9AE81E000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.1.dr
Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.1.dr
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC74D1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbr8 source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.1.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_zoneinfo.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ~/.pdbrcz source: jki-dragon-online-installer-2024.3.0-662.exe, 00000002.00000002.5236581344.000002DB2459B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\dev\_r\7\nipkgui\objects\preinstall_resources\win32U\i386\msvc-14.0\fra\InstallFRA.pdb source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.1.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC7117000.00000004.00000020.00020000.00000000.sdmp
Source: jki-dragon-release-online-setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: jki-dragon-release-online-setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: jki-dragon-release-online-setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: jki-dragon-release-online-setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: jki-dragon-release-online-setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: api-ms-win-core-console-l1-1-0.dll.1.drStatic PE information: 0xE10E3442 [Thu Aug 25 10:34:42 2089 UTC]
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00167834 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00167834
Source: jki-dragon-release-online-setup.exeStatic PE information: section name: _RDATA
Source: jki-dragon-online-installer-2024.3.0-662.exe.1.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.1.drStatic PE information: section name: .00cfg
Source: python310.dll.1.drStatic PE information: section name: PyRuntim
Source: vcruntime140.dll.1.drStatic PE information: section name: _RDATA
Source: NDP462-KB3151802-Web.exe.1.drStatic PE information: section name: .boxld01
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00152939 push ecx; ret 3_2_0015294C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00153046 push ecx; ret 3_2_00153059
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1EE8B push esp; iretd 4_2_00007FF94DC1EF22
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1DDC0 push eax; iretd 4_2_00007FF94DC1DDCD
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC110A8 push ebx; iretd 4_2_00007FF94DC1135A
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1CF73 push ds; iretd 4_2_00007FF94DC1CF7C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1EF13 push esp; iretd 4_2_00007FF94DC1EF22
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1EF07 push ecx; iretd 4_2_00007FF94DC1EF12
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC16F08 pushfd ; ret 4_2_00007FF94DC39DD4
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1DA95 push es; retf 4_2_00007FF94DC1DAE3
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC32A96 push ecx; iretd 4_2_00007FF94DC32A97
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC109C1 push cs; retf 4_2_00007FF94DC109EC
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC27973 pushad ; retf 4_2_00007FF94DC27981
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC338E1 push eax; iretd 4_2_00007FF94DC338EB
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1DCB9 push ds; iretd 4_2_00007FF94DC1DCD4
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC11B64 push ds; retf 4_2_00007FF94DC11BB2
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC11B68 push ds; retf 4_2_00007FF94DC11BB2
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC11B1F push ds; retf 4_2_00007FF94DC11BB2
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1CAEA push ss; iretd 4_2_00007FF94DC1CEFA
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC1B5F8 push es; retf 4_2_00007FF94DC1DAE3
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC14530 push eax; ret 4_2_00007FF94DC1458D
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC33818 push eax; retf 4_2_00007FF94DC33819
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC11755 push ebx; retf 4_2_00007FF94DC1175A
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC152A5 push ebp; iretd 4_2_00007FF94DC152AA
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC37499 push es; retf 4_2_00007FF94DC37523
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC3844A pushad ; ret 4_2_00007FF94DC38459
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC2130F push esi; iretd 4_2_00007FF94DC2134A
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeCode function: 4_2_00007FF94DC11314 push ebx; iretd 4_2_00007FF94DC1135A

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeProcess created: "C:\Users\user\Desktop\jki-dragon-release-online-setup.exe"
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_zoneinfo.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\NationalInstruments.PackageManagement.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\de\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\tk86t.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\nipkgclient.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\ja\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallCHS.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_msi.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\ko\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallKOR.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\ucrtbase.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\tcl86t.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\fr\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallFRA.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallJPN.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\select.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\zh-CN\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallDEU.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\dotnet-installer\NDP462-KB3151802-Web.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\de\NI Released License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\de\NI Released License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\es\NI Released License Agreement - Spanish.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\es\NI Released License Agreement - Spanish.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\fr\NI Released License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\fr\NI Released License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\it\NI Released License Agreement - Italian.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\it\NI Released License Agreement - Italian.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ja\NI Released License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ja\NI Released License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ko\NI Released License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\ko\NI Released License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\NI Released License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\NI Released License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\zh-CN\NI Released License Agreement - Simplified Chinese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data\zh-CN\NI Released License Agreement - Simplified Chinese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\de\DotNet 4.8 License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\de\DotNet 4.8 License Agreement - German.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\DotNet 4.8 License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\DotNet 4.8 License Agreement - English.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\fr\DotNet 4.8 License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\fr\DotNet 4.8 License Agreement - French.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ja\DotNet 4.8 License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ja\DotNet 4.8 License Agreement - Japanese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ko\DotNet 4.8 License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\ko\DotNet 4.8 License Agreement - Korean.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\zh-CN\DotNet 4.8 License Agreement - Simplified Chinese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeFile created: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data\zh-CN\DotNet 4.8 License Agreement - Simplified Chinese.rtfJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001408A6 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_001408A6
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeSection loaded: OutputDebugStringW count: 292
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeMemory allocated: 1B1E69B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeMemory allocated: 1B1E82D0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeWindow / User API: threadDelayed 3322Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeWindow / User API: threadDelayed 6676Jump to behavior
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_zoneinfo.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\NationalInstruments.PackageManagement.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\de\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\tk86t.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\ja\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\nipkgclient.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallCHS.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_msi.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\ko\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallKOR.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\tcl86t.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\fr\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallFRA.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallJPN.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\select.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\zh-CN\Install.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\InstallDEU.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\dotnet-installer\NDP462-KB3151802-Web.exeJump to dropped file
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-66020
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeAPI coverage: 7.8 %
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe TID: 5104Thread sleep count: 3322 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe TID: 5104Thread sleep time: -3322000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe TID: 5104Thread sleep count: 6676 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exe TID: 5104Thread sleep time: -6676000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exe TID: 1256Thread sleep time: -90000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0825C FindFirstFileExW,1_2_00007FF6DEC0825C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00154390 FindFirstFileW,GetLastError,GetLastError,GetLastError,GetLastError,3_2_00154390
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00114470 FindFirstFileExW,FindNextFileW,GetLastError,__CxxThrowException@8,3_2_00114470
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00191A04 FindFirstFileExW,3_2_00191A04
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0013B42A VirtualQuery,GetSystemInfo,3_2_0013B42A
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeFile opened: C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\bin\Jump to behavior
Source: jki-dragon-release-online-setup.exe, 00000001.00000002.5235348001.0000017AC81B5000.00000004.00000020.00020000.00000000.sdmp, Install.exe, 00000004.00000000.2792632781.000001B1E63C2000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: qemuc
Source: jki-dragon-release-online-setup.exeBinary or memory string: qeMu{f
Source: ca-bundle.crt.1.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: Install.exe, 00000004.00000002.5308075294.000001B1ED319000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC043B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6DEC043B8
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00116220 ShellExecuteExW,GetLastError,__CxxThrowException@8,OutputDebugStringW,__CxxThrowException@8,WaitForSingleObject,OutputDebugStringW,GetExitCodeProcess,OutputDebugStringW,CloseHandle,3_2_00116220
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00167834 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00167834
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00183C67 mov eax, dword ptr fs:[00000030h]3_2_00183C67
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00187D24 mov eax, dword ptr fs:[00000030h]3_2_00187D24
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00187D69 mov eax, dword ptr fs:[00000030h]3_2_00187D69
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0A27C GetProcessHeap,1_2_00007FF6DEC0A27C
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC043B8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6DEC043B8
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFBCBC SetUnhandledExceptionFilter,1_2_00007FF6DEBFBCBC
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFBAD8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6DEBFBAD8
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFB260 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6DEBFB260
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeCode function: 2_2_00007FF9CB9C004C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF9CB9C004C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00152C65 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00152C65
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00152DF7 SetUnhandledExceptionFilter,3_2_00152DF7
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001531BB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_001531BB
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_00173A17 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00173A17
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exe "C:\Users\user\AppData\Local\Temp\ONEFIL~1\nipkg-online-deployment\bin\Install.exe" install ni-package-manager ni-package-manager-upgrader ni-package-manager-released-feed --hide-completion --config="\\?\C:\Users\user\AppData\Local\Temp\nipkg_preinstall-7efa-01eb-6013-10b2\nipkg.ini" --update-feeds --force-essential --force-lockedJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exe "c:\users\user\appdata\local\temp\onefil~1\nipkg-online-deployment\bin\install.exe" install ni-package-manager ni-package-manager-upgrader ni-package-manager-released-feed --hide-completion --config="\\?\c:\users\user\appdata\local\temp\nipkg_preinstall-7efa-01eb-6013-10b2\nipkg.ini" --update-feeds --force-essential --force-locked
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exe "c:\users\user\appdata\local\temp\onefil~1\nipkg-online-deployment\bin\install.exe" install ni-package-manager ni-package-manager-upgrader ni-package-manager-released-feed --hide-completion --config="\\?\c:\users\user\appdata\local\temp\nipkg_preinstall-7efa-01eb-6013-10b2\nipkg.ini" --update-feeds --force-essential --force-lockedJump to behavior
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEC0FB70 cpuid 1_2_00007FF6DEC0FB70
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,3_2_0018E42C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: EnumSystemLocalesW,3_2_0018E6D2
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: EnumSystemLocalesW,3_2_0018E71D
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: EnumSystemLocalesW,3_2_0018E7B8
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_0018E845
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetLocaleInfoW,3_2_0018EA9B
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_0018EBC3
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetLocaleInfoW,3_2_0018ECCB
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_0018ED9E
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetLocaleInfoW,3_2_001410CD
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: EnumSystemLocalesW,3_2_001871EC
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: GetLocaleInfoW,3_2_001878B7
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: ___crtGetLocaleInfoEx,3_2_00151B0A
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\NationalInstruments.PackageManagement.Core.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\raw\system-packages\Packages.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\raw\ni-package-manager-feed-1\Packages.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\Packages.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\Packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\eula-ni-standard_25.0.0.49255-0+f103_windows_x64.nipkg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-d5d4-8a12-77ca-c801\control.tar.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\Packages.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\Packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\eula-ni-standard_25.0.0.49255-0+f103_windows_x64.nipkg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\control.tar.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data.tar.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-c0e7-3118-3193-52ce\data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\eula-ms-dotnet-4.8_25.0.0.49255-0+f103_windows_x64.nipkg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-65e6-eae9-7593-1af1\control.tar.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\Packages.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\Packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\ProgramData\National Instruments\NI Package Manager\eulas\eula-ms-dotnet-4.8_25.0.0.49255-0+f103_windows_x64.nipkg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\control.tar.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data.tar.gz VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nipkg-0dc2-2ffb-d181-fa81\data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\bin\Install.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\jki-dragon-release-online-setup.exeCode function: 1_2_00007FF6DEBFA3C0 GetTempPathW,GetCommandLineW,CommandLineToArgvW,GetCurrentProcessId,GetSystemTimeAsFileTime,1_2_00007FF6DEBFA3C0
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0015E01C GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,__CxxThrowException@8,3_2_0015E01C
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\jki-dragon-online-installer-2024.3.0-662.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_0016A5B6 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,3_2_0016A5B6
Source: C:\Users\user\AppData\Local\Temp\onefile_6932_133858571257486047\nipkg-online-deployment\Install.exeCode function: 3_2_001698E0 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,3_2_001698E0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts13
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		12
Virtualization/Sandbox Evasion		LSASS Memory31
Security Software Discovery		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager12
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets4
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Obfuscated Files or Information		Cached Domain Credentials35
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.