Windows Analysis Report
pf-setup-en.exe

ID:	1562231
Product:	CloudBasic
Start time:	11:32:00
Start date:	25.11.2024
Sample:	pf-setup-en.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	a00d7a76edf06b1b0376c49a429c61fc
SHA1:	2f8608b7760be958200e77631cb777a66d479d21
SHA256:	d3ef92dff42514142428c4e20012bb399a38a415abfe6f4ddc18f91ed16b2a12
Filetype:	Win32 Executable (generic) a (10002005/4) 92.16%

Name	Type	MD5	SHA1	SHA256
C:\Program Files (x86)\PhotoFiltre\License.txt	ASCII text, with CRLF line terminators	1F3543A91D5DAD6831511825855BFE2D	A54A5128E864B3990961B060D5928F7F88E07DD9	2A35474C4B3DEA3BA4585C6CB4E1A74C1ABD3B2676D1766052372749F09E33EE
C:\Program Files (x86)\PhotoFiltre\Masks\Brush.gif	GIF image data, version 89a, 200 x 240	5E57BCF89566AA9E04F3657AD4A6D83F	CB8A3E1639B7C0CBC8BA1C15341DF941E620C1C0	41773D653CF53199775A8543FF1F53C55B13D014EB95FA9DE7AA8DE8BD0E02C0
C:\Program Files (x86)\PhotoFiltre\Masks\Bubbles.gif	GIF image data, version 89a, 200 x 250	A75DFCE2AA9E5F36A4353D39ED88E090	A2E12903BE553E409976C2B917D7B76DE984723B	D02FF850B41D474F7DC56EF49B7645E63F4E17203E39D13DC20531125C56E9A5
C:\Program Files (x86)\PhotoFiltre\Masks\Camera.gif	GIF image data, version 89a, 200 x 250	0F7ECD4A0F14CE95505E0040842FAE82	EA875FB1DAAFB01E835A93E0F45AB4F94A02FE44	6712524CAAF4639A373700FF2CA8BB3476C3DDE377871E39868F2F4C8CD88D30
C:\Program Files (x86)\PhotoFiltre\Masks\Chaos.gif	GIF image data, version 89a, 200 x 250	ED768D0A76EFAEA4080B68879DEC36C4	EAA0908247891FC1463A6CD320F4F3235AAAF745	FE4D47C8BC0E82A23ED1241D5D83F349645EF6611B888D910CCCFD076EB7A05E
C:\Program Files (x86)\PhotoFiltre\Masks\Diffuse.gif	GIF image data, version 89a, 200 x 250	62C7996F27163CE683B7400B0B5DB0FA	82FFB0B40E87ABBB46E2C8C73D25F5A616FB5979	187C95CD68A558FE45F8563D2AD342E85E411C38B16B01711ED697A3146BDBC6
C:\Program Files (x86)\PhotoFiltre\Masks\Dilution.gif	GIF image data, version 89a, 200 x 250	7B2D184D3F6600959EC767F12D5CD203	19D38EB4DAB10D89BEBB343A4C2D049978A8E3EF	BF67C17BA482E6B978558039B9FA673677F90D934368270F0B67D1ED99A19F7F
C:\Program Files (x86)\PhotoFiltre\Masks\Ellipse.gif	GIF image data, version 89a, 200 x 250	EEB089108A5AC5F796E0F62042DA21F6	CD77A7EE4D8DCBA3C73A8168780881FC46B2E95E	17E05299546E479CE1F8FF3E73BE6FB7ED7815EF04B66E7B0E92D1D835FCC859
C:\Program Files (x86)\PhotoFiltre\Masks\Flame.gif	GIF image data, version 89a, 200 x 240	BC47EC0615AA35448159A7E4708A9286	99C57D993B5C29FEF4A5FC8E752D417DD76B52D8	DA32A872E8601B045E18B9738A5E0375DB63A01310DFC8FB0C08B37151E7E551
C:\Program Files (x86)\PhotoFiltre\Masks\Fog.gif	GIF image data, version 89a, 200 x 250	9DBA6F40ABC17F2E5ED2A959531D009E	5C3965791AB0557038A65551812F762664841CD0	74B4974BBBB195BD894E3F8A0A6C1A66C37B2E172F70174D278FCF243CD83893
C:\Program Files (x86)\PhotoFiltre\Masks\Ink.gif	GIF image data, version 89a, 200 x 250	F5AEC6FC40B5575AE0C37319D78ED265	689551ED0FB5EF2CC6B9D666527221FFACBF0A43	E9B71270103B58B953050637B07442F2DC5C30CE71F1B183ED9043FF3C359AB9
C:\Program Files (x86)\PhotoFiltre\Masks\Keyhole.gif	GIF image data, version 89a, 200 x 250	B164D7AEFB6020F67C8A94F518D0DD5B	EE400D1C897950B4BAE01FBCD91338C46C6AA0E0	68824AB6E2FBE15FE40FC9E1B8B737E1369A21C52164F402209BE395A0834CD3
C:\Program Files (x86)\PhotoFiltre\Masks\Lines.gif	GIF image data, version 89a, 200 x 250	63C3C776B66BEEA5032B9563BE583662	44710E57C3027AB0C67B38EF42BD23C6826767AD	6F5DA7A859BE97C4B7188341E9CF0A3627A5B50B0E385185D5B3411FFB83AAB6
C:\Program Files (x86)\PhotoFiltre\Masks\Pastels.gif	GIF image data, version 89a, 200 x 250	49B21AA78C012ABF53CDCEC6CED0E8A1	1CF26308F3133EAFB923A27F32F6B065FD076967	A3B7B64A852528235796822F529F0969CCE498957F88C3D2E44C9E107A45811F
C:\Program Files (x86)\PhotoFiltre\Masks\Slide.gif	GIF image data, version 89a, 203 x 250	92130A5774E168C9F365CEF8260365DB	FCF520419F3D985B1D19458F7D662CA0ADCA3499	DD774C3905AA45D1258DF89AB7019DC46F433CA3F8F4592B9D71286DD76FB50E
C:\Program Files (x86)\PhotoFiltre\Masks\Snowflake.gif	GIF image data, version 89a, 200 x 250	168604D28F3D7359AE93FB7A414B9B1A	1402B9DA6AF4ECD490F598EF5D408459ED25D32B	F80D6C56D905D2474DC9FF2B7CBD0E1C204DBA2E7819812A5EDBE6B5B9F14273
C:\Program Files (x86)\PhotoFiltre\Masks\Sponge.gif	GIF image data, version 89a, 200 x 250	C4ABAE588256B48CE04BB05A82DC5BA3	73D67D34D285FDCC0AFB68B42B5FC466A835C605	7AE70765DD7153AAA565D3E14B3FAB8053DA1DE898EEEAF1CE0FCA18274BA0AE
C:\Program Files (x86)\PhotoFiltre\Masks\Spray.gif	GIF image data, version 89a, 200 x 250	CCBE330D80DC48D3F98E599BBF43D8D3	9878BF9EF8E5EEE5DC9AA2A372DA57FB9D4C703D	C5FFDBBD849F6FC8AF708B4746AD0914E683075BDB3678F1FE013CE33C02DF35
C:\Program Files (x86)\PhotoFiltre\Masks\Star.gif	GIF image data, version 89a, 200 x 250	272F1D9F48F3736B22427EBA3D2CB269	84552CC3626E3DC370E03CD99F9F00CD7D6B732E	63AEF4B0450AB0169F7682C0C2E74DBC595140F7C72FE0C30E881231E2E30269
C:\Program Files (x86)\PhotoFiltre\Masks\Sun.gif	GIF image data, version 89a, 200 x 250	F6B273B302BA18801C6DFF09EED98831	1E9D177F8292C7FDFB8F03DBDDD6F9FFD81217E3	1948FE9AF84DE48585A2595B9DAF0B5340A90BE6992E7C8F1359F12528E4390A
C:\Program Files (x86)\PhotoFiltre\Masks\Torn.gif	GIF image data, version 89a, 200 x 250	D2AFD4D3B1D55D947D7BF16DD22CC86B	1983248091EA09841026D400626E0B856F0D8483	536C17A2A93C4F0769C62ECCDC8363A42209468C0C83CFD07533F8BEB263053C
C:\Program Files (x86)\PhotoFiltre\Masks\Twirl.gif	GIF image data, version 89a, 200 x 250	D143190847724275FE0B501168E267B4	DE4E0FA79CE5F4E6292F26CB13A17387C06969D8	36369973749059C6276353A55802D57D090F71E5123401C711C8017869192A0A
C:\Program Files (x86)\PhotoFiltre\Masks\Watercolor.gif	GIF image data, version 89a, 200 x 250	990678929C59EB2054C13576E0F92DD7	38C47F95969A5D26CD31A0D8EA4749A58342345A	D5B8C6674DED1E52396FAAD3A9F59101F925B245829159AE2D464E29D3B543F9
C:\Program Files (x86)\PhotoFiltre\Masks\Wet.gif	GIF image data, version 89a, 200 x 250	079970D805064F6BD754913F0E37D3AE	AA03583121E80C2D4847A8D5A184149A580B8355	174E1D24D82644FFAA68C3B39820C9EA8212C4CC4CFEA935799E89AFB840A399
C:\Program Files (x86)\PhotoFiltre\Patterns\Canvas01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	42CF51A3E3FBA65AE560641E26E08030	92D21475474D774E8DFE73BD8779087FF1207868	D5ADD335B0B423163893DDC09AE775EB6EE327194E0E2A2FC5404969659D221D
C:\Program Files (x86)\PhotoFiltre\Patterns\Canvas02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	1BAF1FEA2D5A5C343C0BC3AE5AD04E81	216F2006741A380BE8556984B9DF5746DF4DCACB	B75D43CD2C9B9FC654FD91724DC30021BC594E77F45A2350C66EDC9E01567ACE
C:\Program Files (x86)\PhotoFiltre\Patterns\Canvas03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	EBF8CACB634CF65D9FAA84F60EE9904E	240F2AA42D722D4926BB75F0CF52D97CDF205171	239B530F0387FEE35BE9BEAF9DDFC48039E418EA6DEA3B454FC4199ABD93AACA
C:\Program Files (x86)\PhotoFiltre\Patterns\Color01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	FD15C184B6E46CA2C17A14686D5FA4A5	F12315EAC57C7D3ADDD0CD330FBC8FFE401BE896	9AE5630AE79763477DAB7FEE75E91B27DEE829EB6B17A749A5A954C8BE3C5991
C:\Program Files (x86)\PhotoFiltre\Patterns\Color02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	39C5FFDC6ED17BCCEB23D95EDBA8C394	6403D9489D42266EFDF26EDD8861FBAE96E026A7	A5FF53A9EC061A8DB17A6B6BB2C1BB40B92D5B653B2695B7D5DF09C50944D063
C:\Program Files (x86)\PhotoFiltre\Patterns\Color03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 128x128, components 3	421923D165C6C9BC2D9F9C46F370F348	CD4092EE60E9F4308A8E07A31DB35B1ACC455549	A270883F1063545D4D2609CAFF53BBB6D9883671D54C5000E454ED0E2380B654
C:\Program Files (x86)\PhotoFiltre\Patterns\Fabric01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	C29C33921315A7A314100BD05F7CE952	06004CCDBD6E9446441938BA33279B40CE8F16FA	C23286AC4C4BFB4013D7D008B7618BB759400A90C46E60B5C0F3685802A16013
C:\Program Files (x86)\PhotoFiltre\Patterns\Fabric02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	74A5C4F898ECCDAD218C338EB268B7A5	915CAC8A25F1B8B89D80D093EF882D79C7CF0D89	D997366DA8B39F4DFF1F1C90988891C76A9BEF708FCAEA94C7C1DB25E3BD379E
C:\Program Files (x86)\PhotoFiltre\Patterns\Fabric03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	24993953508AFB10E3E18392EEEDCEBE	0A1E5CAB9AEDE7CBFCB35E6C99F77C3D342CA14A	8EC93EB57E2D29B8B7D4B545064BF3E0090FFF4A3C56786A8718A745D640C2FD
C:\Program Files (x86)\PhotoFiltre\Patterns\Marble01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	CD5FFEEA5332CB22977AFE232FC3B776	E117089B6F0A77E6514EF4BC5C8AFC2F62606839	2F65ABEC962C6CDD839FF6D4A56362809D19B7BE023E3282667ED56B9C02FEDE
C:\Program Files (x86)\PhotoFiltre\Patterns\Marble02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	F2D61F992034014D28780F443DC72DAF	4C63BCFD6238D8D85F2874B6C91C3A517A500D7B	9C5513B54E2F88BAE3A6E597AC4752A7DA5D2F9A26EC2AD8E132D62BA6467F77
C:\Program Files (x86)\PhotoFiltre\Patterns\Marble03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	AF97514081CB6E08BF4ABA198F8C2BF7	38E73118F0FA2584F96C1CEBBF29614DB8B37C90	79944EAE8C19429E3286B8BA62B2AB7050895B8CD8D6F51316F153898E4E72B5
C:\Program Files (x86)\PhotoFiltre\Patterns\Metal01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	D01190E6AB15749FCAE035031BE5EF88	95A913F7D6CB4C83B895F3B231528EAFCD020AA4	2AE79A0E374FCF6E8BBEDC99FD662AFE96A80696146BED5C5CC240A75E64AA89
C:\Program Files (x86)\PhotoFiltre\Patterns\Metal02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	374153CE99359F3D822D02E57FE4FBE1	16EBCDB0D1B6BD009ED6DC9F60A33C6E1AB24CB9	3F58CA5DC5ECE8F1267AA4A2EE3F3DEA18DE484FD5E8EA5EC12AC0DA2F3E58B0
C:\Program Files (x86)\PhotoFiltre\Patterns\Metal03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	CFD95F64E0F270D057AEB26A9B3BC356	B1E6386323672F092C041652AB31A02B212F091F	717E8E6CB889236D60F53A120BC987D4887FF6BE82DEAE8D06C7C98C7A308EA2
C:\Program Files (x86)\PhotoFiltre\Patterns\Nature01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	CA73B80C0493A8E52E035478E7CEE48B	6CAC7D655BB0CEEA3EDC4660665FB47A95B80B31	46B549F53FE5CDC59893B417E07F911780B18615F66BC5EC2947B543A5B689F7
C:\Program Files (x86)\PhotoFiltre\Patterns\Nature02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	A6491C29E34CE2FAEBF3E6C5D3678149	209CE9531D13310719BC686A26F03ABF973D1E66	B68255687B9921977B48A716EFB1AD062A3C600B3B314234018F884265527EA9
C:\Program Files (x86)\PhotoFiltre\Patterns\Nature03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	CDD1A8A0AB0E6ED16D5623E948602714	77F6B3E67A13F1D67938EFE0897DCE354DAAAAA5	93CEB384BC849D0866FF14AE44B7FEB57DE13CDAF9102C2C2A97D74692144012
C:\Program Files (x86)\PhotoFiltre\Patterns\Paper01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	DCD89E56E27ED7E481E20E858AF66B3A	79CAC712AAE218E06A7DC5B52CA6363347B7F353	3F9D275E049C656517F9E8070A7269E88A7E014D705EAADFB83D76D00A78909D
C:\Program Files (x86)\PhotoFiltre\Patterns\Paper02.jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 200x200, components 3	22E1A3C55F0CEA48B967FA880C46B53D	3BE4564D026A68AD210091885402679601B114FF	EF14A1EE15DF9FF50BEEEB890EA26E6DA35764E7CDC1111CFD1CB76AE4ABF1ED
C:\Program Files (x86)\PhotoFiltre\Patterns\Paper03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	AFDE616E71383D63DC1B5B9587293F17	918F7334B509D0FB2F4B07CD443342B40D1A2922	C9A4E221D7AC505020DBA9CC2CE0B0697AB8F83C29540D24D173B9914A4680A4
C:\Program Files (x86)\PhotoFiltre\Patterns\Sandstone01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	210F0A9F5ACB814C90A8E326BCB21123	4824010FA6533088220FDF89228A9121A44A6553	5AE994010C923505C1340D09BCC7AC586D3C606A4B8C59ABCCE4C3B8A4B0B579
C:\Program Files (x86)\PhotoFiltre\Patterns\Sandstone02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	A0774E3DCF6E607101FCAF41B928A8A7	880C0B3084257A6F38C7A4C9413B608DEEBF9BE5	DEAC85C0F1AA17B5F0401A5C89D89BED58E9766E05C5C53497083A90FC8AA5BE
C:\Program Files (x86)\PhotoFiltre\Patterns\Sandstone03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	6A4642287A13F4A03715010E030453A2	FD36FE7F9391F1075D61FBB2164BFBE5DC1FE8D0	66345AA614352B14BB025DA46A88DA705D9999EAE4FC9399E0D11D2803102374
C:\Program Files (x86)\PhotoFiltre\Patterns\Scanlines01.gif	GIF image data, version 87a, 200 x 200	853624EA3D1D57D0129C4834F5F0812A	CB83E3E955AF8D71E40220E339BBC8DAD0A998C2	207087A4F0FD65A3F1F48ACE2757AF161E2936ED7CB5DE0FD4A225F44032C18A
C:\Program Files (x86)\PhotoFiltre\Patterns\Scanlines02.gif	GIF image data, version 87a, 200 x 200	27C8DDFEEBC9B0EC1A9CACD311B5F869	F219FE842F41A9C4769421FECA39596BFB41E5DC	182B1B945E0F889C10D211BD4E04EE45DF9276746B19D45075DF1A202721D235
C:\Program Files (x86)\PhotoFiltre\Patterns\Scanlines03.gif	GIF image data, version 87a, 200 x 200	EC6435AFD52BF8B18F91839636132073	141FD614D0C8B79E7CE09AEA8AA0A6AE269B81F3	A1933370F5DF2D91673635FEF32C6BB490FA0B3B2547CF76FAEF2BBBB0B6E235
C:\Program Files (x86)\PhotoFiltre\Patterns\Wall01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	24761AC0CED9ACA943777C1A8A472894	E664E9AB5A85BBD54ECE0125113258878FB4C5A9	315E241E8B9802A449965D7E71BF4AF8112B981C79ABAFCBF0450743482F2918
C:\Program Files (x86)\PhotoFiltre\Patterns\Wall02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	3DC4A9A02A29B2EE362C25C6C4A4A8DD	DCA627D368B5A71C9A4540706BACB6AB40651AA7	4258A70727A1B3EDBFC1172EDE507A40D0C725C28D5BAE3866342B3D1E9DE4F1
C:\Program Files (x86)\PhotoFiltre\Patterns\Wall03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	0AF39B541D6560B033BC54E7D2AEB62E	B2C6CFD74A498788F67FAF20901252E96D8BE5AF	A8CF5CF4D782B1A64AE134370DAED73F5ADB4A3B55775212AD6CE291E4DF73F1
C:\Program Files (x86)\PhotoFiltre\Patterns\Wood01.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	3683F7E561639CD779D5CC67E84D48EA	961AC9F94B5ADE96BFFBD968B3D088DE85FCE7C3	FDB943A61C79CFEAA96D1B479337439D699DAD07A4212037F98E0DCE01D17420
C:\Program Files (x86)\PhotoFiltre\Patterns\Wood02.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	B5A624C7EDFB82E55AB647C80495B6BF	22F1495D1762B47AC9FD7166FCE0F2A397EC97A1	0193FC44E889F712403A718E0DC226B5DBC08E701C9AA139307D2A3F1E198D43
C:\Program Files (x86)\PhotoFiltre\Patterns\Wood03.jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3	B27A89440007AD2B3B53908061E0FDCA	2B8151DA8C1B650B927155DE308E7DA9269C22F8	C1B14C50B3409C7D2E269DD81E5DDD581E89855E8AB850954BF176DCF1240CD0
C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	PE32 executable (GUI) Intel 80386, for MS Windows	F549FEA1507C1FE8788E13AE1888C4FC	02E6A56AB3BC513FA1A3720CEE60EDF5F7D52D78	6D8C5431368C4C821D910571FEA7E26DE3C3B64E48729E711519BA5DCC726863
C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.htm	HTML document, ASCII text, with CRLF line terminators	9DEC885AA9FD43D2D2F864FE52314602	AD7BD617ED1D66EAC3ECA8F189FB76BC7B48B3B5	508D8B68AFDC0E0093D95F34BCB7CC9CB959BC024775430EE2AA19B16E254502
C:\Program Files (x86)\PhotoFiltre\PhotoMasque.htm	HTML document, ASCII text, with CRLF line terminators	384B69F73288123000C0F38F8D05A8CF	BE8CDB4F69270C53C68E37EBAB431D7E07012300	7A7B4128926B2ECCBB852F79509994708A3B7C63714E333348DC9DB71428846F
C:\Program Files (x86)\PhotoFiltre\Plugins\Read-me.txt	ASCII text, with CRLF line terminators	F37C5D9500356D18F72F600327C47F69	85A3F8B82922A344537FF7EF98A96838ED221185	E9903E53FC553FAE896D0EF7B9A82643184999CE29BE5A26B488D6A24603D8E8
C:\Program Files (x86)\PhotoFiltre\Selections\Arrow01.pfs	ASCII text, with CRLF line terminators	9FBDE031B5F667B733110960D8112522	B3FDECB83739DA6840B7BB6FC9EB1106385F0CB1	25DBF871BD0B5B45016DE6915699BCA2DE44B2D1BEBAADFF6B59845FEA35B7BB
C:\Program Files (x86)\PhotoFiltre\Selections\Arrow02.pfs	ASCII text, with CRLF line terminators	27C0CBA7EBDC409F766793545B8ABCD6	9DFF862B249CC454672D7919E3AD8847F11F828B	F010C7788DF09D9DA01310009B343709820CDCE69226567B2AE7780BCE7DECEC
C:\Program Files (x86)\PhotoFiltre\Selections\Arrow03.pfs	ASCII text, with CRLF line terminators	5BE4AA0E079396ED5F6F4464EA2D1745	1C7D03B4A52D6159CDCC06911A57AEBE858B669E	9324C10DA8C9BC8D64060672E32CDB39D4C08F5901CF7D7C0BFDBFB2872E6FDC
C:\Program Files (x86)\PhotoFiltre\Selections\Balloon01.pfs	ASCII text, with CRLF line terminators	2950DB631ED8D9E2C90961406E68F493	7C3C9F8C867C825476D3B05350F408D007BE0231	5B0D45DD01E27FC0858AF89D50F214B4E43920965E17FCE8A732BA0FCA11CB96
C:\Program Files (x86)\PhotoFiltre\Selections\Balloon02.pfs	ASCII text, with CRLF line terminators	614E2DB079C6783CB161575F592148E3	F6AF70074919B18FFC7656A6307C73CDA5CF048C	DCC528592BF47B930FECFAF8AA74E8EC226C8CAB6AAC06BC9C40D99D9CF2CB15
C:\Program Files (x86)\PhotoFiltre\Selections\Cross.pfs	ASCII text, with CRLF line terminators	4D929D09A4ECDB7E4B6409C47C1C7521	427B7CD7A0ECF4C5469619A81D41DC72027E0324	9A5E8C0EED04E0CA1E6B976992723B6921D151E91730507CE45A8A2BDE6EEF23
C:\Program Files (x86)\PhotoFiltre\Selections\Hexagon.pfs	ASCII text, with CRLF line terminators	DC063872CDDCE91E6B76817EF0E2AF76	F7E25C97D3BA71D248B86697CB29A86A5392F8DA	083261A0F65209A8972237C5DBD77CD7ED403828B755306CF0D51BF3D5D627B9
C:\Program Files (x86)\PhotoFiltre\Selections\RightAngledTriangle.pfs	ASCII text, with CRLF line terminators	068BA72D126171FEA84B681731C479C1	EB2577A06C5CCE41226E1705FB6591C3BA929502	AFB382AF6B2CD1FC4936F1BAF857F1BA6FB4A82AD8F4FA5E244E0D9149E0E616
C:\Program Files (x86)\PhotoFiltre\Selections\Star01.pfs	ASCII text, with CRLF line terminators	6766D10864B19B9CD18742682434FA73	546FD6CA0454E75A04110172F3F0E773661C74FA	7604F989AA0EB891A309819F1C72DE765F9F9EBC5D954B9217C594E2A7B6D95F
C:\Program Files (x86)\PhotoFiltre\Selections\Star02.pfs	ASCII text, with CRLF line terminators	B607F9C5911DF1C861795DBC733C7761	13E274EBC416C1AB3E5A0E8ACCBE48D49DE00798	6020F336B1ADB75641B9CAFB79545B58CD01C1BAFDD71607FFE8715A9A67B3B0
C:\Program Files (x86)\PhotoFiltre\TranslationEN.plg	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	D391ED200B86FB3455854E7CD00C3F8A	5B5DC28C9EEFA295A34812E7F2B4F0A8ACDD60D8	44C22916472D7D6858529CAEA34CE3B3741A5E5FCF16AB6EB1F13280D25503A5
C:\Program Files (x86)\PhotoFiltre\Uninst.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	3C322338017F881919A8437A583D8E2A	100826FED399B2B5B3A3C9C795A7B20264017F2D	0BAF87B037446E4E42B1CB827D2C62D2C041804CFD09FEC34DE70D1867F50F73
C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	PE32 executable (GUI) Intel 80386, for MS Windows	8F9B5F4F87207BE1CF810DDC95124F92	F5CEC54C9AAC59167BA95EC8077438BE381FBA3D	4501E3F8F41966D403E76D3B1D04525098F0B6D41B65741A8351F3B0D3E4397E
C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	0DC0CC7A6D9DB685BF05A7E5F3EA4781	5D8B6268EEEC9D8D904BC9D988A4B588B392213F	8E287326F1CDD5EF2DCD7A72537C68CBE4299CEB1F820707C5820F3AA6D8206C
C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\StartMenu.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4E96F412A8CC653053D5D918DF6B0836	A3C7D59043FEECB1603874B27C23D4166B341F2D	E4A54BFC327986A89165BDEF361069810AAA985C3ABECD442C786725FABAF977
C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\ioSpecial.ini	Generic INItialization configuration [Field 1]	A1188153329B9BD408FCC1921B17BE21	DE04E2C10BB500CA7D99FEC9C90981AB3E6F03C2	623F25E96F51AC8EB948D6BA8CF27E10BAC53F59B1022B851618932DC56B4D35
C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\modern-wizard.bmp	PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 2834 x 2834 px/m, cbSize 154542, bits offset 54	BA85017593F85BCFE2C6E8881169952C	B40087A92C7D7802561CF717EE13F8C29430AAC8	C5F344EF5CBB39E358A9FE9DC5BDA0D1C0A005524FE8EFD30FA4B7BEAF339F97
C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\nsDialogs.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	AB73C0C2A23F913EABDC4CB24B75CBAD	6569D2863D54C88DCF57C843FC310F6D9571A41E	3D0060C5C9400A487DBEFE4AC132DD96B07D3A4BA3BADAB46A7410A667C93457
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre Information.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Nov 12 08:41:08 2009, mtime=Mon Nov 25 09:33:16 2024, atime=Thu Nov 12 08:41:08 2009, length=31567, window=hide	6B1282F1057F46FDC6C7CA344EF589EB	957F7BEC114072E006EFEAE520FE249778C801C5	5B1B52AD1B68F17C08B27F017AE0DABEA23A2BE7E2DFABD458684BBDD2ADBD3E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Jun 29 12:47:42 2010, mtime=Mon Nov 25 09:33:16 2024, atime=Tue Jun 29 12:47:42 2010, length=2823168, window=hide	8250DF19BF6D197289E78AE595117C36	38A66AE2C0EEE07D6EB09F39D5D32A3183B83AC1	40FA02297B6F68F714FFAFEF13441B409C7E1427EDB2ACD7624FD1B4B680A06B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoMasque Information.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Oct 1 17:09:48 2006, mtime=Mon Nov 25 09:33:16 2024, atime=Sun Oct 1 17:09:48 2006, length=7270, window=hide	E27BF14F0647B30A5F7311716ADBEAAD	41ACFBB2EA07AC61FE0DD36A6134D776A29DD887	6D0101FF7706F4CB34A69185DB95AC50CDDEE31416A81DBC16C28816DFF67536
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\Uninstall PhotoFiltre.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Nov 25 09:33:21 2024, mtime=Mon Nov 25 09:33:22 2024, atime=Mon Nov 25 09:33:22 2024, length=85657, window=hide	CF36F8FA644BBBFD599B12CD3095B627	5D616C0DAEB2DA3DD45461BCB544243ED10DFFD1	3606B4F5FD18D7008008F5C22E3790FE5392D1883953179DCE06425C7FDE31C8
C:\Users\user\Desktop\PhotoFiltre.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Jun 29 12:47:42 2010, mtime=Mon Nov 25 09:33:22 2024, atime=Tue Jun 29 12:47:42 2010, length=2823168, window=hide	F882AC721169D66C9D81089B3F50E828	DC117D4DFC55DF4D9CA8EDDA4D98EF1953A4B59B	55338AC7D75CA250D7DBB939DEA406CB633F7A993FEC30D2D9AA42A3CDBE43D5

AV Detection

Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe

ReversingLabs: Detection: 18%

Source: pf-setup-en.exe

ReversingLabs: Detection: 22%

Compliance

Source: pf-setup-en.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\pf-setup-en.exe

Window detected: < &Back&Next >CancelNSIS (c) - PhotoFiltre (c) - Antonio Da Cruz NSIS (c) - PhotoFiltre (c) - Antonio Da CruzLicense AgreementPlease review the license terms before installing PhotoFiltre.Press Page Down to see the rest of the agreement.PhotoFiltre End User License AgreementThe PhotoFiltre programme is supplied 'as is'. The user runs PhotoFiltreat his or her own risk without warranty or guarantee on the part of the author. The author is under no obligation to correct bugs or other insuffiencies in the programme.The author is not responsable for any damages suffered by the user resulting from the use or distribution of the programme.In the same way the author is not responsable for any loss of revenueor profit or of any loss of (records or) information or for direct or indirect damage which which may occur from the use of the programme nor for the reason that the programme may be inoperable and this nonobstantthe fact that the author may have been advised of the possibility of such damage.PhotoFiltre is supplied free of charge for private or educative use. Any commercial or professional use requires a registered copy of the programme.The use of the PhotoFiltre programme implies the acceptance by the user of the terms of this license agreement.If you accept the terms of the agreement select the first option below. You must accept the agreement to install PhotoFiltre. Click Next to continue.I &accept the terms of the License AgreementI &do not accept the terms of the License Agreement

Source: C:\Users\user\Desktop\pf-setup-en.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoFiltre

Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe

File created: C:\Program Files (x86)\PhotoFiltre\License.txt

Jump to behavior

Source:

Binary string: C:\hudson\jobs\Installchecker\workspace\build\installchecker\Release\AskInstallChecker.pdb source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.dr

Spreading

Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows			Jump to behavior

Networking

Source: Joe Sandbox View

IP Address: 34.117.224.112 34.117.224.112

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 34.117.224.112:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid= HTTP/1.1User-Agent: AskInstallCheckerHost: img.apnanalytics.com

Source: global traffic	DNS traffic detected: DNS query: websearch.ask.com
Source: global traffic	DNS traffic detected: DNS query: img.apnanalytics.com

Source: pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtml
Source: pf-setup-en.exe, 00000000.00000003.2009189543.000000000077B000.00000004.00000020.00020000.00000000.sdmp, pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlhttp://sp.ask.com/en/docs/about/privacy.shtmlopen
Source: pf-setup-en.exe, 00000000.00000003.2009189543.000000000077B000.00000004.00000020.00020000.00000000.sdmp, pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtmlopen
Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.dr	String found in binary or memory: http://forum.photofiltre.com
Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.dr	String found in binary or memory: http://forum.photofiltre.comopen
Source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.dr	String found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=%s&encb=%s&chk=
Source: AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=
Source: AskInstallChecker.exe, 00000001.00000002.1722179302.000000000133C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=L
Source: AskInstallChecker.exe, 00000001.00000002.1722179302.000000000133C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://img.apnanalytics.com/images/nocache/apn/tr.gif?ev=eichk&cb=&encb=&chk=invbr&ts=6pYIy&guid=O
Source: pf-setup-en.exe, Uninst.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: pf-setup-en.exe, Uninst.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: pf-setup-en.exe, 00000000.00000003.1700236279.0000000002806000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sp.ask.com/en/docs/about/privacy.shtml
Source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe.0.dr	String found in binary or memory: http://sp.ask.com/en/docs/about/terms_of_service.shtml0
Source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.dr	String found in binary or memory: http://websearch.ask.com/preinstall?client=ic&tb=%s&r=0&ipid=%s&npid=%s&iev=%d&ielu=%d&fflu=%d&iv=%s
Source: AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://websearch.ask.com/preinstall?client=ic&tb=PTF&r=0&ipid=&npid=PTF&iev=9&ielu=0&fflu=0&iv=&nv=1
Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2008220430.0000000000627000.00000002.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.dr	String found in binary or memory: http://www.photofiltre.com
Source: pf-setup-en.exe, 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, PhotoFiltre.exe, 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, PhotoFiltre.exe.0.dr	String found in binary or memory: http://www.photofiltre.comopenU
Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: AskInstallChecker.exe, 00000001.00000002.1722407972.0000000002F80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219

System Summary

Source: pf-setup-en.exe, 00000000.00000003.1927038130.0000000002A9F000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamePhotoFiltre.exe8 vs pf-setup-en.exe

Source: pf-setup-en.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: sus30.spyw.winEXE@5/84@2/1

Source: C:\Users\user\Desktop\pf-setup-en.exe

File created: C:\Program Files (x86)\PhotoFiltre

Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre

Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe

File created: C:\Users\user\AppData\Local\Temp\nsmFF90.tmp

Jump to behavior

Source: Yara match	File source: 00000006.00000000.2007940063.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1927038130.000000000280E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe, type: DROPPED

Source: pf-setup-en.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: pf-setup-en.exe

ReversingLabs: Detection: 22%

Source: C:\Users\user\Desktop\pf-setup-en.exe

File read: C:\Users\user\Desktop\pf-setup-en.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\pf-setup-en.exe "C:\Users\user\Desktop\pf-setup-en.exe"
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe "C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe" PTF
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process created: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe "C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe"
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe "C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe" PTF			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process created: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe "C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe"			Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: acgenral.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: msacm32.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: shfolder.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: riched20.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: usp10.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: msls31.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: linkinfo.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: ntshrui.dll			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Section loaded: cscapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: acgenral.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: msacm32.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: msxml3.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: acgenral.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: msacm32.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: dwmapi.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: winmmbase.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: msvfw32.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Section loaded: wintypes.dll			Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: PhotoFiltre.lnk.0.dr	LNK file: ..\..\..\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe
Source: PhotoFiltre.lnk0.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe
Source: PhotoFiltre Information.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\PhotoFiltre.htm
Source: PhotoMasque Information.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\PhotoMasque.htm
Source: Uninstall PhotoFiltre.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\PhotoFiltre\Uninst.exe

Source: C:\Users\user\Desktop\pf-setup-en.exe

File written: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\ioSpecial.ini

Jump to behavior

Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe	Automated click: Next >
Source: C:\Users\user\Desktop\pf-setup-en.exe	Automated click: I accept the terms of the License Agreement
Source: C:\Users\user\Desktop\pf-setup-en.exe	Automated click: Next >
Source: C:\Users\user\Desktop\pf-setup-en.exe	Automated click: Next >
Source: C:\Users\user\Desktop\pf-setup-en.exe	Automated click: Next >
Source: C:\Users\user\Desktop\pf-setup-en.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\pf-setup-en.exe

Window detected: < &Back&Next >CancelNSIS (c) - PhotoFiltre (c) - Antonio Da Cruz NSIS (c) - PhotoFiltre (c) - Antonio Da CruzLicense AgreementPlease review the license terms before installing PhotoFiltre.Press Page Down to see the rest of the agreement.PhotoFiltre End User License AgreementThe PhotoFiltre programme is supplied 'as is'. The user runs PhotoFiltreat his or her own risk without warranty or guarantee on the part of the author. The author is under no obligation to correct bugs or other insuffiencies in the programme.The author is not responsable for any damages suffered by the user resulting from the use or distribution of the programme.In the same way the author is not responsable for any loss of revenueor profit or of any loss of (records or) information or for direct or indirect damage which which may occur from the use of the programme nor for the reason that the programme may be inoperable and this nonobstantthe fact that the author may have been advised of the possibility of such damage.PhotoFiltre is supplied free of charge for private or educative use. Any commercial or professional use requires a registered copy of the programme.The use of the PhotoFiltre programme implies the acceptance by the user of the terms of this license agreement.If you accept the terms of the agreement select the first option below. You must accept the agreement to install PhotoFiltre. Click Next to continue.I &accept the terms of the License AgreementI &do not accept the terms of the License Agreement

Source: C:\Users\user\Desktop\pf-setup-en.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoFiltre

Jump to behavior

Source: pf-setup-en.exe

Static file information: File size 4118294 > 1048576

Source:

Binary string: C:\hudson\jobs\Installchecker\workspace\build\installchecker\Release\AskInstallChecker.pdb source: pf-setup-en.exe, 00000000.00000003.1722833420.000000000280E000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000000.1701570231.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe, 00000001.00000002.1721993807.00000000005E3000.00000002.00000001.01000000.00000004.sdmp, AskInstallChecker.exe.0.dr

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\StartMenu.dll			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\nsDialogs.dll			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Program Files (x86)\PhotoFiltre\TranslationEN.plg			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dll			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Program Files (x86)\PhotoFiltre\Uninst.exe			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe			Jump to dropped file

Source: C:\Users\user\Desktop\pf-setup-en.exe

File created: C:\Program Files (x86)\PhotoFiltre\TranslationEN.plg

Jump to dropped file

Source: C:\Users\user\Desktop\pf-setup-en.exe

File created: C:\Program Files (x86)\PhotoFiltre\License.txt

Jump to behavior

Boot Survival

Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre.lnk			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoFiltre Information.lnk			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\PhotoMasque Information.lnk			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre\Uninstall PhotoFiltre.lnk			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\pf-setup-en.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\StartMenu.dll			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\nsDialogs.dll			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PhotoFiltre\TranslationEN.plg			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\InstallOptions.dll			Jump to dropped file
Source: C:\Users\user\Desktop\pf-setup-en.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PhotoFiltre\Uninst.exe			Jump to dropped file

Source: C:\Users\user\Desktop\pf-setup-en.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File Volume queried: C:\Program Files (x86) FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows			Jump to behavior

Source: AskInstallChecker.exe, 00000001.00000002.1722179302.0000000001377000.00000004.00000020.00020000.00000000.sdmp, AskInstallChecker.exe, 00000001.00000002.1722179302.00000000012FC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\pf-setup-en.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\pf-setup-en.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Stealing of Sensitive Information

Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nshFFC0.tmp\AskInstallChecker.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini			Jump to behavior