Windows Analysis Report
2.9.9.2_Setup.exe

Overview

General Information

Sample name: 2.9.9.2_Setup.exe
Analysis ID: 1427882
MD5: f0e6780d07064d41ccb45735ec99d408
SHA1: a1d5e7b83fc245df856c305424181ab507a16774
SHA256: 62a024f2e153387c5f17a96c6c0e1f586c4ba5d8bf60f0da1b689fad92b4a89f
Infos:

Detection

Score: 4
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Uses 32bit PE files
Source: 2.9.9.2_Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Use of StagePlotPro software is governed by the following terms. Please read this license agreement carefully. If you accept these terms click the Agree button below. If you do not accept these terms click the Don't Agree button and please remove this software from your computer.Trial-wareStagePlotPro is distributed as trial-ware. You may use StagePlotPro in trial mode for up to 30 days from the time you first use it. After this trial period is over you may purchase a user license and will be provided a registration key to enable unlimited use to the current version of StagePlotPro. If you purchase a license you agree to abide by the following terms:Definitions"You" "your" and "the user" refers to the purchaser of StagePlotPro software."Software" refers to all codes techniques software tools formats designs concepts methods ideas and documentation associated with the computer program StagePlotPro from Divertisma. "Software" expressly includes the source code and object code compiled and uncompiled used in StagePlotPro and any of its updates and upgrades on any form of computer readable media whatever including floppy disks hard disks tape drives and the like."Documentation" refers to printed instructional and reference material that is bundled or sold with StagePlotPro from Divertisma."Author" refers to the author of this software Divertisma.Copyright/Proprietary ProtectionOwnership of and interest in this software and its documentation shall remain with the author. This software is owned by the author and contains valuable and proprietary information of the author. If you violate any part of this agreement your right to use this software terminates automatically. In the event of termination of this agreement you must destroy all copies of this software and derivatives of this software in your possession and cease distributing the same.License GrantThis software is being licensed to you as provided by the terms of this agreement. You may:1. Use this software for one person.2. Make one backup copy of this software for purposes of protecting your master file.3. Use this software on a second computer provided that only one person uses this software and that you do not use this software on both computers at the same time.4. Use your registration key with this software running within the platform(s) for which you purchase a license: Apple Computer's Macintosh OS X or the Microsoft Windows operating system or both.License RestrictionsYou may not:1. Distribute this software.2. Create any derivative works from this software for distribution or for any other purpose.3. Reverse engineer disassemble decompile or otherwise attempt to discover the logic or source code to this software.4. Alter the software in any manner.Disclaimer of WarrantyIn using
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Use of StagePlotPro software is governed by the following terms. Please read this license agreement carefully. If you accept these terms click the Agree button below. If you do not accept these terms click the Don't Agree button and please remove this software from your computer.Trial-wareStagePlotPro is distributed as trial-ware. You may use StagePlotPro in trial mode for up to 30 days from the time you first use it. After this trial period is over you may purchase a user license and will be provided a registration key to enable unlimited use to the current version of StagePlotPro. If you purchase a license you agree to abide by the following terms:Definitions"You" "your" and "the user" refers to the purchaser of StagePlotPro software."Software" refers to all codes techniques software tools formats designs concepts methods ideas and documentation associated with the computer program StagePlotPro from Divertisma. "Software" expressly includes the source code and object code compiled and uncompiled used in StagePlotPro and any of its updates and upgrades on any form of computer readable media whatever including floppy disks hard disks tape drives and the like."Documentation" refers to printed instructional and reference material that is bundled or sold with StagePlotPro from Divertisma."Author" refers to the author of this software Divertisma.Copyright/Proprietary ProtectionOwnership of and interest in this software and its documentation shall remain with the author. This software is owned by the author and contains valuable and proprietary information of the author. If you violate any part of this agreement your right to use this software terminates automatically. In the event of termination of this agreement you must destroy all copies of this software and derivatives of this software in your possession and cease distributing the same.License GrantThis software is being licensed to you as provided by the terms of this agreement. You may:1. Use this software for one person.2. Make one backup copy of this software for purposes of protecting your master file.3. Use this software on a second computer provided that only one person uses this software and that you do not use this software on both computers at the same time.4. Use your registration key with this software running within the platform(s) for which you purchase a license: Apple Computer's Macintosh OS X or the Microsoft Windows operating system or both.License RestrictionsYou may not:1. Distribute this software.2. Create any derivative works from this software for distribution or for any other purpose.3. Reverse engineer disassemble decompile or otherwise attempt to discover the logic or source code to this software.4. Alter the software in any manner.Disclaimer of WarrantyIn using
Source: 2.9.9.2_Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\GUIStubWin32.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000000.2244496350.0000000000C7C000.00000002.00000001.01000000.00000008.sdmp, StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2952382327.0000000000C7C000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: vcruntime140.i386.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965463316.000000006F861000.00000020.00000001.01000000.0000000A.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965463316.000000006F861000.00000020.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\Internet Encodings.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965855403.000000006F934000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: msvcp140.i386.pdbGCTL source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965634395.000000006F881000.00000020.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\Appearance Pak.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965285604.000000006F834000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\Appearance Pak.pdbAA source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965285604.000000006F834000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: msvcp140.i386.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965634395.000000006F881000.00000020.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\XojoGUIFramework64.pdb source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.00000000062C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\XojoGUIFramework32.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2962437458.000000006BA16000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C744A3 FindFirstFileExA, 6_2_00C744A3
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2957422423.000000000403B000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://%s:%d%sGET20901-GITv2.9.0-69-gc0a8dd120901texttextnoenccommentstring
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1713542011.0000000002510000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.exe, 00000000.00000003.2261541977.0000000002181000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.1717982274.0000000003420000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.2251687445.000000000373B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://counter-strike.com.ua/
Source: is-RLRM1.tmp.1.dr String found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
Source: is-RLRM1.tmp.1.dr String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
Source: is-RLRM1.tmp.1.dr String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: is-RLRM1.tmp.1.dr String found in binary or memory: http://crl.globalsign.net/root.crl0
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2957422423.000000000403B000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://medical.nema.org/
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.thawte.com0
Source: is-RLRM1.tmp.1.dr String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
Source: is-RLRM1.tmp.1.dr String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
Source: is-RLRM1.tmp.1.dr String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: is-92PP5.tmp.1.dr String found in binary or memory: http://www.GraphicsMagick.org/
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2957422423.0000000003F98000.00000002.00000001.01000000.00000010.sdmp, is-92PP5.tmp.1.dr String found in binary or memory: http://www.GraphicsMagick.org/..
Source: is-92PP5.tmp.1.dr String found in binary or memory: http://www.GraphicsMagick.org/www/Copyright.html
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1713542011.0000000002510000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.exe, 00000000.00000003.2261541977.0000000002181000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.1717982274.0000000003420000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.2251687445.000000000373B000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dk-soft.org/
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.dynaforms.com
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1713542011.0000000002510000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.exe, 00000000.00000003.2261541977.0000000002181000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.1717982274.0000000003420000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.2253978403.00000000023F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.haysoft.org%1-k
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1714986335.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.exe, 00000000.00000003.1714399970.0000000002650000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000000.1716198512.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.innosetup.com/
Source: 2.9.9.2_Setup.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-92PP5.tmp.1.dr String found in binary or memory: http://www.libpng.org/
Source: is-92PP5.tmp.1.dr String found in binary or memory: http://www.libpng.org/pub/mng/
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2960460218.00000000103B0000.00000002.00000001.01000000.0000000E.sdmp String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: StagePlotPro_2.9.9.2_Win.exe, StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2955638210.0000000003A2E000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: http://www.openssl.org/support/faq.html
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2955638210.0000000003A2E000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: http://www.openssl.org/support/faq.html....................
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1714986335.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.exe, 00000000.00000003.1714399970.0000000002650000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000000.1716198512.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/ps
Source: is-92PP5.tmp.1.dr String found in binary or memory: http://www.smtpe.org/
Source: 2.9.9.2_Setup.exe, 00000000.00000003.2261541977.0000000002256000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.2253978403.00000000024F6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.stageplot.com/
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1713542011.0000000002510000.00000004.00001000.00020000.00000000.sdmp, 2.9.9.2_Setup.tmp, 00000001.00000003.1717982274.0000000003420000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.stageplot.com/2http://www.stageplot.com/2http://www.stageplot.com/
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2953480545.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.stageplot.com/DocFiles/StagePlotProDocs.html
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2253978403.00000000024F6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.stageplot.com/aiO
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2957422423.000000000403B000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.wvware.com/
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2957422423.000000000403B000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.wvware.com/libwmf:
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2957422423.000000000403B000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.wvware.com/m:
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.xojo.com
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2953480545.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://order.shareit.com/cart/add?vendorid=200282096&PRODUCT
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2953480545.0000000002C1A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://stageplot-license.com/api/licenses/validate
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.000000000660D000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: is-RLRM1.tmp.1.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: is-RLRM1.tmp.1.dr String found in binary or memory: https://www.globalsign.com/repository/03
Source: is-RLRM1.tmp.1.dr String found in binary or memory: https://www.globalsign.com/repository/06
Detected potential crypto function
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71000 6_2_00C71000
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C79EA5 6_2_00C79EA5
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D03B0 6_2_039D03B0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039983C0 6_2_039983C0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039DA3C0 6_2_039DA3C0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039743FB 6_2_039743FB
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03966310 6_2_03966310
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8320 6_2_039D8320
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D0290 6_2_039D0290
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A102F0 6_2_03A102F0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A162D0 6_2_03A162D0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039742E0 6_2_039742E0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_0398C200 6_2_0398C200
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D6220 6_2_039D6220
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D2250 6_2_039D2250
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A101A0 6_2_03A101A0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_0395C1D0 6_2_0395C1D0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039981D0 6_2_039981D0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039F81E0 6_2_039F81E0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_0399A130 6_2_0399A130
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03974150 6_2_03974150
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A1A0B0 6_2_03A1A0B0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039DA0A0 6_2_039DA0A0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_0399C0C0 6_2_0399C0C0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D0010 6_2_039D0010
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D2030 6_2_039D2030
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03990020 6_2_03990020
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8060 6_2_039D8060
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A0E7A0 6_2_03A0E7A0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03974790 6_2_03974790
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A167A9 6_2_03A167A9
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039787A0 6_2_039787A0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A14770 6_2_03A14770
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A006E0 6_2_03A006E0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D86E6 6_2_039D86E6
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D4630 6_2_039D4630
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8678 6_2_039D8678
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8676 6_2_039D8676
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D85D0 6_2_039D85D0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039985C0 6_2_039985C0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_0395E4D0 6_2_0395E4D0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D04D0 6_2_039D04D0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03990450 6_2_03990450
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03956440 6_2_03956440
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A20BC5 6_2_03A20BC5
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D4B10 6_2_039D4B10
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8B60 6_2_039D8B60
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A10AA0 6_2_03A10AA0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039C8AA0 6_2_039C8AA0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A2CAC5 6_2_03A2CAC5
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03974AE8 6_2_03974AE8
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03990A10 6_2_03990A10
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D09B0 6_2_039D09B0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8948 6_2_039D8948
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8946 6_2_039D8946
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D2970 6_2_039D2970
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D88A0 6_2_039D88A0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A2A824 6_2_03A2A824
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A10F80 6_2_03A10F80
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8FF0 6_2_039D8FF0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D2FE0 6_2_039D2FE0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_0399AF10 6_2_0399AF10
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039DAE90 6_2_039DAE90
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D0EB0 6_2_039D0EB0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03990E40 6_2_03990E40
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A10E40 6_2_03A10E40
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03990E69 6_2_03990E69
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D8DA0 6_2_039D8DA0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039D4DD0 6_2_039D4DD0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039DED10 6_2_039DED10
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A2AD68 6_2_03A2AD68
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039C8D40 6_2_039C8D40
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03974CEE 6_2_03974CEE
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03990C10 6_2_03990C10
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A013F0 6_2_03A013F0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_039993F0 6_2_039993F0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A2B2AC 6_2_03A2B2AC
Found potential string decryption / allocating functions
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 03A17EF0 appears 420 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 039BF8E0 appears 32 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 0399AD40 appears 108 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 039AB9A0 appears 64 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 03951230 appears 89 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 03954680 appears 69 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 0399ACE0 appears 37 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 03A20184 appears 34 times
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: String function: 0398AD50 appears 135 times
PE file contains executable resources (Code or Archives)
Source: 2.9.9.2_Setup.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: 2.9.9.2_Setup.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-SSUJJ.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-SSUJJ.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Sample file is different than original file name gathered from version info
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1714986335.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs 2.9.9.2_Setup.exe
Source: 2.9.9.2_Setup.exe, 00000000.00000003.1714399970.0000000002650000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs 2.9.9.2_Setup.exe
Source: 2.9.9.2_Setup.exe, 00000000.00000000.1713175232.00000000004B8000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs 2.9.9.2_Setup.exe
Source: 2.9.9.2_Setup.exe, 00000000.00000003.2261541977.0000000002238000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamekernel32j% vs 2.9.9.2_Setup.exe
Source: 2.9.9.2_Setup.exe Binary or memory string: OriginalFileName vs 2.9.9.2_Setup.exe
Uses 32bit PE files
Source: 2.9.9.2_Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: clean4.winEXE@5/1540@0/0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71000 FindResourceW,LoadResource,LockResource,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,SetDllDirectoryW,SetDllDirectoryW,LoadLibraryW,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,LoadLibraryW,GetProcAddress, 6_2_00C71000
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe File created: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: 2.9.9.2_Setup.exe String found in binary or memory: /LOADINF="filename"
Source: 2.9.9.2_Setup.exe String found in binary or memory: /aDD5s(
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe File read: C:\Users\user\Desktop\2.9.9.2_Setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\2.9.9.2_Setup.exe "C:\Users\user\Desktop\2.9.9.2_Setup.exe"
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp "C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp" /SL5="$2044E,46868961,721408,C:\Users\user\Desktop\2.9.9.2_Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe "C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe"
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp "C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp" /SL5="$2044E,46868961,721408,C:\Users\user\Desktop\2.9.9.2_Setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe "C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe" Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: xojoguiframework32.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: sensapi.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: prntvpt.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: StagePlotPro.lnk.1.dr LNK file: ..\..\..\..\..\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Window found: window name: TSelectLanguageForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Use of StagePlotPro software is governed by the following terms. Please read this license agreement carefully. If you accept these terms click the Agree button below. If you do not accept these terms click the Don't Agree button and please remove this software from your computer.Trial-wareStagePlotPro is distributed as trial-ware. You may use StagePlotPro in trial mode for up to 30 days from the time you first use it. After this trial period is over you may purchase a user license and will be provided a registration key to enable unlimited use to the current version of StagePlotPro. If you purchase a license you agree to abide by the following terms:Definitions"You" "your" and "the user" refers to the purchaser of StagePlotPro software."Software" refers to all codes techniques software tools formats designs concepts methods ideas and documentation associated with the computer program StagePlotPro from Divertisma. "Software" expressly includes the source code and object code compiled and uncompiled used in StagePlotPro and any of its updates and upgrades on any form of computer readable media whatever including floppy disks hard disks tape drives and the like."Documentation" refers to printed instructional and reference material that is bundled or sold with StagePlotPro from Divertisma."Author" refers to the author of this software Divertisma.Copyright/Proprietary ProtectionOwnership of and interest in this software and its documentation shall remain with the author. This software is owned by the author and contains valuable and proprietary information of the author. If you violate any part of this agreement your right to use this software terminates automatically. In the event of termination of this agreement you must destroy all copies of this software and derivatives of this software in your possession and cease distributing the same.License GrantThis software is being licensed to you as provided by the terms of this agreement. You may:1. Use this software for one person.2. Make one backup copy of this software for purposes of protecting your master file.3. Use this software on a second computer provided that only one person uses this software and that you do not use this software on both computers at the same time.4. Use your registration key with this software running within the platform(s) for which you purchase a license: Apple Computer's Macintosh OS X or the Microsoft Windows operating system or both.License RestrictionsYou may not:1. Distribute this software.2. Create any derivative works from this software for distribution or for any other purpose.3. Reverse engineer disassemble decompile or otherwise attempt to discover the logic or source code to this software.4. Alter the software in any manner.Disclaimer of WarrantyIn using
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Use of StagePlotPro software is governed by the following terms. Please read this license agreement carefully. If you accept these terms click the Agree button below. If you do not accept these terms click the Don't Agree button and please remove this software from your computer.Trial-wareStagePlotPro is distributed as trial-ware. You may use StagePlotPro in trial mode for up to 30 days from the time you first use it. After this trial period is over you may purchase a user license and will be provided a registration key to enable unlimited use to the current version of StagePlotPro. If you purchase a license you agree to abide by the following terms:Definitions"You" "your" and "the user" refers to the purchaser of StagePlotPro software."Software" refers to all codes techniques software tools formats designs concepts methods ideas and documentation associated with the computer program StagePlotPro from Divertisma. "Software" expressly includes the source code and object code compiled and uncompiled used in StagePlotPro and any of its updates and upgrades on any form of computer readable media whatever including floppy disks hard disks tape drives and the like."Documentation" refers to printed instructional and reference material that is bundled or sold with StagePlotPro from Divertisma."Author" refers to the author of this software Divertisma.Copyright/Proprietary ProtectionOwnership of and interest in this software and its documentation shall remain with the author. This software is owned by the author and contains valuable and proprietary information of the author. If you violate any part of this agreement your right to use this software terminates automatically. In the event of termination of this agreement you must destroy all copies of this software and derivatives of this software in your possession and cease distributing the same.License GrantThis software is being licensed to you as provided by the terms of this agreement. You may:1. Use this software for one person.2. Make one backup copy of this software for purposes of protecting your master file.3. Use this software on a second computer provided that only one person uses this software and that you do not use this software on both computers at the same time.4. Use your registration key with this software running within the platform(s) for which you purchase a license: Apple Computer's Macintosh OS X or the Microsoft Windows operating system or both.License RestrictionsYou may not:1. Distribute this software.2. Create any derivative works from this software for distribution or for any other purpose.3. Reverse engineer disassemble decompile or otherwise attempt to discover the logic or source code to this software.4. Alter the software in any manner.Disclaimer of WarrantyIn using
Source: 2.9.9.2_Setup.exe Static file information: File size 47720059 > 1048576
Source: 2.9.9.2_Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\GUIStubWin32.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000000.2244496350.0000000000C7C000.00000002.00000001.01000000.00000008.sdmp, StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2952382327.0000000000C7C000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: vcruntime140.i386.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965463316.000000006F861000.00000020.00000001.01000000.0000000A.sdmp
Source: Binary string: vcruntime140.i386.pdbGCTL source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965463316.000000006F861000.00000020.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\Internet Encodings.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965855403.000000006F934000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: msvcp140.i386.pdbGCTL source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965634395.000000006F881000.00000020.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\Appearance Pak.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965285604.000000006F834000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\Appearance Pak.pdbAA source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965285604.000000006F834000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: msvcp140.i386.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2965634395.000000006F881000.00000020.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\XojoGUIFramework64.pdb source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.00000000062C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\GO\pipelines\Release-Frameworks-New\build\REALbasic\REALbasic Visual Studio\Release\XojoGUIFramework32.pdb source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2962437458.000000006BA16000.00000002.00000001.01000000.00000009.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71000 FindResourceW,LoadResource,LockResource,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,SetDllDirectoryW,SetDllDirectoryW,LoadLibraryW,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,LoadLibraryW,GetProcAddress, 6_2_00C71000
PE file contains sections with non-standard names
Source: 2.9.9.2_Setup.exe Static PE information: section name: .didata
Source: 2.9.9.2_Setup.tmp.0.dr Static PE information: section name: .didata
Source: is-SSUJJ.tmp.1.dr Static PE information: section name: .didata
Source: is-B1O7B.tmp.1.dr Static PE information: section name: .didat
Source: is-6TM3C.tmp.1.dr Static PE information: section name: minATL
Source: is-PJRIO.tmp.1.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71BD6 push ecx; ret 6_2_00C71BE9
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A201C9 push ecx; ret 6_2_03A201DC
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A1C7BF push ecx; ret 6_2_03A1C7D2
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-0Q0AL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-RLRM1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-D0S8K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Picture_PictureRotate_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\Internet Encodings.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-32FFT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-3GTI0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-QP1GD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-R55RC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\msvcp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-PFMDC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Main_Registration_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Util_SystemInformation_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-92PP5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-VPHNC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Encryption_OpenSSL_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\XojoGUIFramework32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Users\user\AppData\Local\Temp\is-U4OLK.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\vcruntime140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Resources\Appearance Pakx64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-B1O7B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Resources\is-HQH7H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_GraphicsMagick_GraphicsMagick_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Util_RotatedText_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_DynaPDF_dynapdf_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Picture_Picture_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\Appearance Pak.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-6TM3C.tmp Jump to dropped file
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe File created: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\is-J1TFM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-3LTQ0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\vccorlib140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-PJRIO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\Program Files (x86)\StagePlotPro\is-SSUJJ.tmp Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StagePlotPro.lnk Jump to behavior
Source: C:\Users\user\Desktop\2.9.9.2_Setup.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-RLRM1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-0Q0AL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-D0S8K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Picture_PictureRotate_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\Internet Encodings.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-32FFT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-3GTI0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-QP1GD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-R55RC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Main_Registration_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-PFMDC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Util_SystemInformation_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-92PP5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-VPHNC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Encryption_OpenSSL_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-U4OLK.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Resources\Appearance Pakx64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-B1O7B.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_GraphicsMagick_GraphicsMagick_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Resources\is-HQH7H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Util_RotatedText_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_Picture_Picture_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\MBS_DynaPDF_dynapdf_Plugin_19341.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\Appearance Pak.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-6TM3C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\vccorlib140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-3LTQ0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Libs\is-PJRIO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Dropped PE file which has not been started: C:\Program Files (x86)\StagePlotPro\is-SSUJJ.tmp Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe API coverage: 2.3 %
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C744A3 FindFirstFileExA, 6_2_00C744A3
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2952951946.000000000104E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C74062 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00C74062
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71000 FindResourceW,LoadResource,LockResource,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,SetDllDirectoryW,SetDllDirectoryW,LoadLibraryW,GetModuleFileNameW,_wcsrchr,SetDllDirectoryW,LoadLibraryW,GetProcAddress, 6_2_00C71000
Contains functionality to read the PEB
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C7311D mov eax, dword ptr fs:[00000030h] 6_2_00C7311D
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C7629D GetProcessHeap, 6_2_00C7629D
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C714E9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 6_2_00C714E9
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C74062 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00C74062
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C7198C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 6_2_00C7198C
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71ADD SetUnhandledExceptionFilter, 6_2_00C71ADD
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A1F3C0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 6_2_03A1F3C0
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A17341 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 6_2_03A17341
Source: StagePlotPro_2.9.9.2_Win.exe, 00000006.00000002.2962437458.000000006BA16000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: jmenuShutdownSHELL_TRAYWNDcom.microsoft.bmppublic.tiffpublic.pngpublic.jpegcom.compuserve.gifPictureThe Transparent property cannot be used with Pictures with alpha channelsOnly 0 or 1 are acceptabled valuesPicture properties and methods cannot be used before Picture's Constructor has finished. Call Super.Constructor in your overriding constructor before doing this operation.Masks for Pictures with alpha channel is not supportedtempGtempPicture..\..\..\..\Common\runPicture.cpppicApplyMask is not supported for vector imagesThis format is not supportedUsing GetData on an image is not supportedMemoryBlock size must be > 0CopyColorChannels is not supported for multi-representation imagesCopyColorChannels is not supported for vector imagesThe Mask does not match the width/height of the PictureApplyMask is not supported for imagesheight must be >= 0width must be >= 0CopyMask is not supported for imagesCopyMask is not supported for vector imageswidth must be greater than 0pic->imagescale must be greater than zeroscale must be a finite valueimage at index %d is Nilbitmaps array must have at least one itembitmaps array is Nilheight must be greater than 0Only WindowsBMP or WindowsICON is supportedbitmaps must have the same aspect ratioimage at index %d is not a bitmap
Source: 2.9.9.2_Setup.tmp, 00000001.00000003.2245850293.00000000062C0000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PlayMoviePlayerActiongetPlayActiongetStopActioncontextStopControllerSizeChangedMoviePlayerMovie..\..\..\..\Common\runMedia.cppmenuShutdownSHELL_TRAYWND
Contains functionality to query CPU information (cpuid)
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71BEB cpuid 6_2_00C71BEB
Contains functionality to query locales information (e.g. system language)
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: GetLocaleInfoA, 6_2_03A28C80
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-NNNBK.tmp\2.9.9.2_Setup.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Queries volume information: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win Resources\stageplotproleft.png VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_00C71874 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 6_2_00C71874
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_03A24A88 ____lc_codepage_func,_strlen,_strlen,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte, 6_2_03A24A88
Source: C:\Program Files (x86)\StagePlotPro\StagePlotPro_2.9.9.2_Win.exe Code function: 6_2_0399AB90 GetStdHandle,GetFileType,__vsnprintf,WriteFile,__vsnprintf,GetVersion,RegisterEventSourceA,ReportEventA,DeregisterEventSource,MessageBoxA, 6_2_0399AB90
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1427882 Sample: 2.9.9.2_Setup.exe Startdate: 18/04/2024 Architecture: WINDOWS Score: 4 6 2.9.9.2_Setup.exe 2 2->6         started        file3 14 C:\Users\user\AppData\...\2.9.9.2_Setup.tmp, PE32 6->14 dropped 9 2.9.9.2_Setup.tmp 29 1010 6->9         started        process4 file5 16 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 9->16 dropped 18 C:\...\unins000.exe (copy), PE32 9->18 dropped 20 C:\Program Files (x86)\...\is-SSUJJ.tmp, PE32 9->20 dropped 22 32 other files (none is malicious) 9->22 dropped 12 StagePlotPro_2.9.9.2_Win.exe 4 9->12         started        process6
No contacted IP infos