Windows Analysis Report
Prism2Installer_5.16.0.exe

Overview

General Information

Sample name: Prism2Installer_5.16.0.exe
Analysis ID: 1540391
MD5: c68a2b8f2d38f0878728cf372b38d61d
SHA1: 7b22b800110e35298db6916fac5baae1c8fbadb8
SHA256: 8dab9b8ba64255c67d2f47c48ee6799f988412dabe61fb5cb32be8b3acbd5c6f
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Checks for available system drives (often done to infect USB drives)
Drops PE files
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Source: Prism2Installer_5.16.0.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FEB6242-809F-4FB9-8944-A78F798F1B1F}_is1 Jump to behavior
Source: Prism2Installer_5.16.0.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\PrismII\PrismII.exe File opened: z: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: x: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: v: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: t: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: r: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: p: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: n: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: l: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: j: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: h: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: f: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: b: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: y: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: w: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: u: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: s: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: q: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: o: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: m: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: k: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: i: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: g: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: e: Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File opened: c: Jump to behavior
Source: C:\PrismII\PrismII.exe File opened: a: Jump to behavior
Source: PrismII.exe, 00000006.00000001.2027335390.0000000000401000.00000020.00000001.01000000.00000008.sdmp String found in binary or memory: http://10.0.0.199
Source: PrismII.exe, 00000006.00000001.2027335390.0000000000401000.00000020.00000001.01000000.00000008.sdmp, is-M9UEN.tmp.1.dr String found in binary or memory: http://127.0.0.1&http://192.168.1.25
Source: PrismII.exe, 00000006.00000001.2027335390.0000000000401000.00000020.00000001.01000000.00000008.sdmp String found in binary or memory: http://192.168.1.25
Source: Prism2Installer_5.16.0.tmp, 00000001.00000003.2027888808.0000000005970000.00000004.00001000.00020000.00000000.sdmp, is-KO5KN.tmp.1.dr String found in binary or memory: http://www.openssl.org/support/faq.html
Source: Prism2Installer_5.16.0.tmp, 00000001.00000003.2027888808.0000000005970000.00000004.00001000.00020000.00000000.sdmp, is-KO5KN.tmp.1.dr String found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: Prism2Installer_5.16.0.exe String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: PrismII.exe, 00000006.00000000.2000811021.0000000000FA4000.00000020.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.aaon.com
Source: Prism2Installer_5.16.0.tmp, 00000001.00000003.1801585909.0000000003370000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.aaon.com/
Source: Prism2Installer_5.16.0.tmp, 00000001.00000003.2032390052.0000000000CD3000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.aaon.com/Q9
Source: PrismII.exe, 00000006.00000000.2000811021.0000000000FA4000.00000020.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.aaon.com/aaon-controls-technical-support
Source: PrismII.exe, 00000006.00000001.2027335390.0000000000401000.00000020.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.aaon.com/aaon-controls-technical-support(https://www.aaon.comT
Source: Prism2Installer_5.16.0.exe, 00000000.00000003.1797999514.00000000028A0000.00000004.00001000.00020000.00000000.sdmp, Prism2Installer_5.16.0.exe, 00000000.00000003.1798421873.000000007FB7B000.00000004.00001000.00020000.00000000.sdmp, Prism2Installer_5.16.0.tmp, 00000001.00000000.1800021829.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Prism2Installer_5.16.0.tmp.0.dr, is-JJU1I.tmp.1.dr String found in binary or memory: https://www.innosetup.com/
Source: Prism2Installer_5.16.0.exe, 00000000.00000003.1797999514.00000000028A0000.00000004.00001000.00020000.00000000.sdmp, Prism2Installer_5.16.0.exe, 00000000.00000003.1798421873.000000007FB7B000.00000004.00001000.00020000.00000000.sdmp, Prism2Installer_5.16.0.tmp, 00000001.00000000.1800021829.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Prism2Installer_5.16.0.tmp.0.dr, is-JJU1I.tmp.1.dr String found in binary or memory: https://www.remobjects.com/ps
Source: Prism2Installer_5.16.0.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-JJU1I.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Prism2Installer_5.16.0.exe, 00000000.00000003.1798421873.000000007FE2E000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs Prism2Installer_5.16.0.exe
Source: Prism2Installer_5.16.0.exe, 00000000.00000000.1796545569.00000000004B9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs Prism2Installer_5.16.0.exe
Source: Prism2Installer_5.16.0.exe, 00000000.00000003.1797999514.0000000002972000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs Prism2Installer_5.16.0.exe
Source: Prism2Installer_5.16.0.exe Binary or memory string: OriginalFileName vs Prism2Installer_5.16.0.exe
Source: Prism2Installer_5.16.0.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean2.winEXE@5/18@0/0
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prism2.lnk Jump to behavior
Source: C:\PrismII\PrismII.exe Mutant created: NULL
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe File created: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp Jump to behavior
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: Prism2Installer_5.16.0.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe File read: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe "C:\Users\user\Desktop\Prism2Installer_5.16.0.exe"
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Process created: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp "C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp" /SL5="$2043C,13061428,722432,C:\Users\user\Desktop\Prism2Installer_5.16.0.exe"
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process created: C:\PrismII\PrismII.exe "C:\PrismII\PrismII.exe"
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Process created: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp "C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp" /SL5="$2043C,13061428,722432,C:\Users\user\Desktop\Prism2Installer_5.16.0.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process created: C:\PrismII\PrismII.exe "C:\PrismII\PrismII.exe" Jump to behavior
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: msvbvm60.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: vb6zz.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: sxs.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: mpr.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\PrismII\PrismII.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Prism2.lnk.1.dr LNK file: ..\..\..\..\..\..\..\..\PrismII\PrismII.exe
Source: Prism2.lnk0.1.dr LNK file: ..\..\..\PrismII\PrismII.exe
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Automated click: Next
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FEB6242-809F-4FB9-8944-A78F798F1B1F}_is1 Jump to behavior
Source: Prism2Installer_5.16.0.exe Static file information: File size 13908305 > 1048576
Source: Prism2Installer_5.16.0.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Prism2Installer_5.16.0.exe Static PE information: section name: .didata
Source: Prism2Installer_5.16.0.tmp.0.dr Static PE information: section name: .didata
Source: is-JJU1I.tmp.1.dr Static PE information: section name: .didata
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\Users\user\AppData\Local\Temp\is-43D6P.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe File created: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\PrismII\MailSend.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\PrismII\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\PrismII\PrismII.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\PrismII\is-JJU1I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\PrismII\is-KO5KN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp File created: C:\PrismII\is-M9UEN.tmp Jump to dropped file
Source: C:\Users\user\Desktop\Prism2Installer_5.16.0.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\PrismII\PrismII.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-43D6P.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Dropped PE file which has not been started: C:\PrismII\MailSend.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Dropped PE file which has not been started: C:\PrismII\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Dropped PE file which has not been started: C:\PrismII\is-JJU1I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Dropped PE file which has not been started: C:\PrismII\is-KO5KN.tmp Jump to dropped file
Source: Prism2Installer_5.16.0.tmp, 00000001.00000003.2030717531.00000000008FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B
Source: PrismII.exe, 00000006.00000000.2022660255.0000000008EDB000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: wzuuwstwrtwrRSPKJHLKILLIKJHIHFHGFSTQgjgkolimj]`]MLJNMJPOMSROTSQTTQTSQSRPQQOOOMONL:;8886RRPVUSVVTVVTVVTVVTVVTVVTUUSSSQ<=<'('CCBFEDFFEHGFHHGEEDDDCDDCDDCDDDEEDDFD$%$...???776UWS\ffcux^oqaruastbtt_qq^qrcvzbtx]knmy
Source: PrismII.exe, 00000006.00000000.2022660255.0000000007761000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: sytlogbaS^\Lhg[mmdopfbcXspe~{srkVmhPliQkiQmjRnkSnkSolTplTkdM_SAul]siXi^KcWBe[Ii^LdXCcWB`S>^Q<[N:YM9UJ7PF5qeMuhP
Source: Prism2Installer_5.16.0.tmp, 00000001.00000003.2030717531.00000000008FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-VU0SV.tmp\Prism2Installer_5.16.0.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
No contacted IP infos